From 4ef361c9fb7f4811abc4ec61cfe45ed51846af9d Mon Sep 17 00:00:00 2001 From: Greg Ames Date: Fri, 26 Jan 2001 18:48:57 +0000 Subject: [PATCH] fix mangled headers due to underallocated buffer git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87856 13f79535-47bb-0310-9956-ffa450edef68 --- modules/http/http_protocol.c | 47 ++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 301e41e900..5c4c5b1dd2 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -1805,13 +1805,9 @@ static int compute_header_len(apr_size_t *length, const char *fieldname, return 1; } -AP_DECLARE(void) ap_basic_http_header(request_rec *r, char *buf) +static void basic_http_header_check(request_rec *r, + const char **protocol) { - char *protocol; - char *date = NULL; - char *tmp; - header_struct h; - if (r->assbackwards) return; @@ -1825,12 +1821,22 @@ AP_DECLARE(void) ap_basic_http_header(request_rec *r, char *buf) || (r->proto_num == HTTP_VERSION(1,0) && apr_table_get(r->subprocess_env, "force-response-1.0"))) { - protocol = "HTTP/1.0"; + *protocol = "HTTP/1.0"; r->connection->keepalive = -1; } else { - protocol = AP_SERVER_PROTOCOL; + *protocol = AP_SERVER_PROTOCOL; } +} + +static void basic_http_header(request_rec *r, char *buf, const char *protocol) +{ + char *date = NULL; + char *tmp; + header_struct h; + + if (r->assbackwards) + return; /* Output the HTTP/1.x Status-Line and the Date and Server fields */ @@ -1851,6 +1857,14 @@ AP_DECLARE(void) ap_basic_http_header(request_rec *r, char *buf) apr_table_unset(r->headers_out, "Server"); } +AP_DECLARE(void) ap_basic_http_header(request_rec *r, char *buf) +{ + const char *protocol; + + basic_http_header_check(r, &protocol); + basic_http_header(r, buf, protocol); +} + /* Navigator versions 2.x, 3.x and 4.0 betas up to and including 4.0b2 * have a header parsing bug. If the terminating \r\n occur starting * at offset 256, 257 or 258 of output then it will not properly parse @@ -2434,6 +2448,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, apr_b char *date = NULL; request_rec *r = f->r; char *buff, *buff_start; + const char *protocol; apr_bucket *e; apr_bucket_brigade *b2; apr_size_t len = 0; @@ -2485,14 +2500,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, apr_b * and the basic http headers don't overflow this buffer. */ len += strlen(ap_get_server_version()) + 100; - buff_start = buff = apr_pcalloc(r->pool, len); - ap_basic_http_header(r, buff); - buff += strlen(buff); - - h.r = r; - h.buf = buff; - - + basic_http_header_check(r, &protocol); ap_set_keepalive(r); if (r->chunked) { @@ -2567,6 +2575,13 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, apr_b (void *) &len, r->headers_out, NULL); } + buff_start = buff = apr_pcalloc(r->pool, len); + basic_http_header(r, buff, protocol); + buff += strlen(buff); + + h.r = r; + h.buf = buff; + if (r->status == HTTP_NOT_MODIFIED) { apr_table_do((int (*)(void *, const char *, const char *)) form_header_field, (void *) &h, r->headers_out, -- 2.40.0