httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: svn commit: r1582264 - in /httpd/httpd/branches/2.4.x: CHANGES modules/lua/lua_apr.c
Date Thu, 27 Mar 2014 12:38:53 GMT
On Thu, 2014-03-27 at 13:21 +0100, Daniel Gruno wrote:

> You can't log a warning or strip the newline;
> 1) it's a const char* so magical things will happen if you edit it(?)
> 2) we don't have a pool handy to make a new string without the newline
> or log an error.
> 
> As I said in the commit msg in trunk, it's an ugly hack, and if someone
> finds a more clever way of solving it, I'm all ears :) Maybe I'm
> forgetting something entirely obvious, who knows.

If you're going to do security checking, you need to work through it.
The absence of a pool suggests this may be the wrong place for it.

Perhaps what needs to happen is you set a "bogus-value seen" flag,
then check it at an appropriate point when you can manipulate
values or abort requests, and log errors?  Would that require
excessive shoehorning?

-- 
Nick Kew


Mime
View raw message