From: Jim Jagielski Date: Tue, 15 Apr 2014 19:11:31 +0000 (+0000) Subject: Merge r1584896 from trunk: X-Git-Tag: 2.4.10~347 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a2b8509e447d9aff76b67ce838a84dfd470d0f2;p=apache Merge r1584896 from trunk: Do not perform a p+= 7 that could go past the end of the buffer in case we find a 'content' without a corresponding '='. Should we need to deal with this case, a new search should be performed to find the real starting position of another potential 'content=' pattern. Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1587690 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/STATUS b/STATUS index 18af4f07ae..5fca883691 100644 --- a/STATUS +++ b/STATUS @@ -139,12 +139,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: 2.4.x patch: trunk patch works +1: jailletc36, jim, ylavic - * mod_proxy_html: Do not perform a p+= 7 that could go past the end of the buffer - trunk patch: https://svn.apache.org/r1584896 - 2.4.x patch: trunk patch works - +1: jailletc36, jim, ylavic - - PATCHES PROPOSED TO BACKPORT FROM TRUNK: [ New proposals should be added at the end of the list ] diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c index 3e5170d1c5..a80ee80c1b 100644 --- a/modules/filters/mod_proxy_html.c +++ b/modules/filters/mod_proxy_html.c @@ -670,8 +670,9 @@ static meta *metafix(request_rec *r, const char *buf) p += 7; while (apr_isspace(*p)) ++p; + /* XXX Should we search for another content= pattern? */ if (*p != '=') - continue; + break; while (*p && apr_isspace(*++p)); if ((*p == '\'') || (*p == '"')) { delim = *p++;