From: Jan Kaluža <jkaluza@apache.org>
Date: Thu, 4 Sep 2014 10:52:24 +0000 (+0000)
Subject: ab: increase request and response header size to 8192 bytes,
X-Git-Tag: 2.5.0-alpha~3848
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=43803691a0e4ae6b13203d112e385594b65d897d;p=apache

ab: increase request and response header size to 8192 bytes,
fix potential buffer-overflow in Server: header handling.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1622450 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/support/ab.c b/support/ab.c
index 7f0777b23a..1bcab1bbbd 100644
--- a/support/ab.c
+++ b/support/ab.c
@@ -220,7 +220,7 @@ typedef enum {
     STATE_READ
 } connect_state_e;
 
-#define CBUFFSIZE (2048)
+#define CBUFFSIZE (8192)
 
 struct connection {
     apr_pool_t *ctx;
@@ -340,7 +340,7 @@ BIO *bio_out,*bio_err;
 apr_time_t start, lasttime, stoptime;
 
 /* global request (and its length) */
-char _request[2048];
+char _request[8192];
 char *request = _request;
 apr_size_t reqlen;
 
@@ -1516,12 +1516,14 @@ static void read_connection(struct connection * c)
                  * this is first time, extract some interesting info
                  */
                 char *p, *q;
+                size_t len = 0;
                 p = strstr(c->cbuff, "Server:");
                 q = servername;
                 if (p) {
                     p += 8;
-                    while (*p > 32)
-                    *q++ = *p++;
+                    /* -1 to not overwrite last '\0' byte */
+                    while (*p > 32 && len++ < sizeof(servername) - 1)
+                        *q++ = *p++;
                 }
                 *q = 0;
             }