From: Brian Pane <brianp@apache.org>
Date: Wed, 26 Dec 2001 09:52:53 +0000 (+0000)
Subject: Removed a large (8KB) buffer from the stack in ap_invoke_handler()
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=cf4a1ce13c109aaef1c57b655288f34b39f1d6bc;p=apache

Removed a large (8KB) buffer from the stack in ap_invoke_handler()


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@92602 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/config.c b/server/config.c
index c032d9b416..6d88929a5f 100644
--- a/server/config.c
+++ b/server/config.c
@@ -328,9 +328,7 @@ AP_CORE_DECLARE(int) ap_invoke_handler(request_rec *r)
 {
     const char *handler;
     const char *p;
-    char *p2;
     int result;
-    char hbuf[MAX_STRING_LEN];
     const char *old_handler = r->handler;
 
     /*
@@ -346,9 +344,10 @@ AP_CORE_DECLARE(int) ap_invoke_handler(request_rec *r)
     if (!r->handler) {
         handler = r->content_type ? r->content_type : ap_default_type(r);
         if ((p=ap_strchr_c(handler, ';')) != NULL) {
-	    apr_cpystrn(hbuf, handler, sizeof hbuf);
-	    p2 = hbuf+(handler-p);
-	    handler = hbuf;
+            char *new_handler = (char *)apr_pmemdup(r->pool, handler,
+                                                    p - handler + 1);
+            char *p2 = new_handler + (p - handler);
+            handler = new_handler;
 	    /* MIME type arguments */
             while (p2 > handler && p2[-1] == ' ')
 	        --p2;		/* strip trailing spaces */