mod_request: Make sure the KeptBodySize directive rejects values

that aren't valid numbers.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814337 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index f1fe99907474e9c22fdcbf663738c35b3ad1f72e..e5dd6766689774cba03d2baf1a23b1ebf86e6844 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.3.3
 
+  *) mod_request: Make sure the KeptBodySize directive rejects values
+     that aren't valid numbers. [Graham Leggett]
+
   *) mod_session_crypto: Sanity check should the potentially encrypted
      session cookie be too short. [Graham Leggett]
 

diff --git a/modules/filters/mod_request.c b/modules/filters/mod_request.c
index 9f6845f151f5fbd311803f8bd215145d7bbfb5e9..d8110aa6f808836913aec3db7b9bf4499641fbf7 100644 (file)
--- a/modules/filters/mod_request.c
+++ b/modules/filters/mod_request.c
@@ -564,10 +564,11 @@ static const char *set_kept_body_size(cmd_parms *cmd, void *dconf,
                                       const char *arg)
 {
     request_dir_conf *conf = dconf;
+    char *end = NULL;
 
-    if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, NULL, 0)
-        || conf->keep_body < 0) {
-        return "KeptBodySize must be a size in bytes, or zero.";
+    if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, &end, 0)
+            || conf->keep_body < 0 || end) {
+        return "KeptBodySize must be a valid size in bytes, or zero.";
     }
     conf->keep_body_set = 1;