httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <champio...@gmail.com>
Subject Re: svn commit: r1755098 - in /httpd/httpd/trunk: docs/log-message-tags/next-number server/protocol.c
Date Wed, 03 Aug 2016 20:21:19 GMT
On 08/03/2016 09:46 AM, wrowe@apache.org wrote:
> Modified: httpd/httpd/trunk/server/protocol.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1755098&r1=1755097&r2=1755098&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/protocol.c (original)
> +++ httpd/httpd/trunk/server/protocol.c Wed Aug  3 16:46:20 2016
> @@ -835,8 +835,15 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>              return;
>          }
>
> -        if (last_field != NULL) {
> -            if ((len > 0) && ((*field == '\t') || *field == ' ')) {
> +        if ((len > 0) && ((*field == '\t') || *field == ' ')) {
> +            if (last_field == NULL) {
> +                r->status = HTTP_BAD_REQUEST;
> +                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
> +                              "Line folding encounterd before first"
> +                              " header line");
> +                return;
> +            }
> +

I don't think this is an equivalent transformation. More logic below 
this case relies on the last_field NULL check, and I'm currently getting 
segfaults on trunk due to the strchr on line 907.

The addition of the `== NULL` check also triggers a C90 compiler warning 
for the combo declaration/assignment of fold_len.

--Jacob

Mime
View raw message