Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3D5FE1005F for ; Sat, 29 Aug 2015 14:01:44 +0000 (UTC) Received: (qmail 18134 invoked by uid 500); 29 Aug 2015 14:01:43 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 18074 invoked by uid 500); 29 Aug 2015 14:01:43 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 18064 invoked by uid 99); 29 Aug 2015 14:01:43 -0000 Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 29 Aug 2015 14:01:43 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 485E61AB16B for ; Sat, 29 Aug 2015 14:01:43 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.121 X-Spam-Level: X-Spam-Status: No, score=-0.121 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd2-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-eu-west.apache.org ([10.40.0.8]) by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024) with ESMTP id BiZVjJnOezxB for ; Sat, 29 Aug 2015 14:01:42 +0000 (UTC) Received: from mail-yk0-f174.google.com (mail-yk0-f174.google.com [209.85.160.174]) by mx1-eu-west.apache.org (ASF Mail Server at mx1-eu-west.apache.org) with ESMTPS id D9B3520D7B for ; Sat, 29 Aug 2015 14:01:41 +0000 (UTC) Received: by ykba134 with SMTP id a134so27816074ykb.1 for ; Sat, 29 Aug 2015 07:01:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=5GUONX8+/CvQSb4WePCX8Ua+JHoe/K07lAg7mHT7dxQ=; b=X0MHi5H/7SgvUnu2N9Njnoi0SFBNEs5izUimdaFBuZO+km7qg59k/0mHtN2FJuyqib vHVLeF3kzvNdWMpTliz6+A3eSgGoaEJfNWAXQPZY8FuV6GTVC989uvISL28LU5AXE8uQ ZgZrvRhNx37k2enPhRUkfSgo0k/NllhP5xOiHUn4GlgTFChiBQVF+PuLA68NaQneuE6p ZDsDhT1MvaQpjN/I3fF/f23URgLP4Ts+tsYDhgxAMb1I52n4CzW5zCINDBd8Cd4HMdgc +C/r2Jw0dIDfcekyPRvTmAczb5r73FeALanskdgLofdDnXlsgjLL5QD43ZZaWcsYylXj X+jA== MIME-Version: 1.0 X-Received: by 10.170.53.20 with SMTP id 20mr11892147ykv.99.1440856900955; Sat, 29 Aug 2015 07:01:40 -0700 (PDT) Received: by 10.37.215.12 with HTTP; Sat, 29 Aug 2015 07:01:40 -0700 (PDT) In-Reply-To: <55E14871.3000209@wanadoo.fr> References: <20140715122701.0365D23888D7@eris.apache.org> <55E14871.3000209@wanadoo.fr> Date: Sat, 29 Aug 2015 10:01:40 -0400 Message-ID: Subject: Re: svn commit: r1610674 - in /httpd/httpd/trunk: include/ap_mmn.h include/httpd.h modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c server/util.c From: Eric Covener To: Apache HTTP Server Development List Content-Type: text/plain; charset=UTF-8 On Sat, Aug 29, 2015 at 1:51 AM, Christophe JAILLET wrote: > If i understand correctly, if we find an invalid char and 'skip_invalid', we > first look for the next comma and start searching for new token from there. > If no comma is found before the trailing NULL, then nothing more can be > found and we end the processing. > > So shouldn't this be: > cur = temp + 1; > (i.e. go to the character *following* the comma) > > Not tested, but I think that if the invalid character is the one just before > the comma, then we loop forever. I think the bottom of the loop has cur++ and there is no break in this path, so the next iteration will start on the separator and treat it as an empty token? > Also if the: > temp = ap_strchr_c(cur, '\0'); > above is supposed to reach the end of the string and stop processing, we > have the same problem and can loop forever if the last non-NULL char is the > invalid char. Same as above I think? > > In this case, adding: > string_end = (c == '\0'); > as in the normal case, would be fine. All of the above might be more clear if confirmed.