[Remove entries to the current 2.0 section below, when backported]
+ *) Update the header token parsing code to allow LWS between the
+ token word and the ':' seperator. [PR 16520]
+ [submitted: Kris Verbeeck <kris.verbeeck@advalvas.be> and
+ Nicel KM <mnicel@yahoo.com>]
+ [Reviewed: <coad@measurement-factory.com> and
+ Paul J. Reder]
+
*) mod_ext_filter: Add the ability to filter request bodies.
[Philipp Reisner <philipp.reisner@linbit.com>]
char *value;
apr_size_t len;
int fields_read = 0;
+ char *tmp_field;
/*
* Read header lines until we get the empty separator line, a read error,
}
*value = '\0';
- ++value;
+ tmp_field = value; /*Used to trim the whitespace between key */
+ ++value; /* token and seperator*/
while (*value == ' ' || *value == '\t') {
++value; /* Skip to start of value */
}
+ /* This check is to avoid any invalid memory reference while
+ * traversing backwards in the key. To avoid a case where
+ * the header starts with ':' (or with just some white
+ * space and the ':') followed by the value
+ */
+ if(tmp_field > last_field) {
+ --tmp_field;
+ while ((tmp_field > last_field) &&
+ (*tmp_field == ' ' || *tmp_field == '\t')) {
+ --tmp_field; /* Removing LWS between key and ':' */
+ }
+ ++tmp_field;
+ *tmp_field = '\0';
+ }
+
apr_table_addn(r->headers_in, last_field, value);
/* reset the alloc_len so that we'll allocate a new
projects / apache / commitdiff