From 62d64f5ceb5c5732a8875e1e4a452047e4bc703e Mon Sep 17 00:00:00 2001
From: Greg Ames <gregames@apache.org>
Date: Tue, 10 Dec 2002 02:56:26 +0000
Subject: [PATCH] prevent a potential seg fault in ap_escape_html if a header
 field is too long.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97832 13f79535-47bb-0310-9956-ffa450edef68
---
 server/protocol.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/protocol.c b/server/protocol.c
index b683f02211..d1fbba3c52 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -778,6 +778,8 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
             || (rv == APR_SUCCESS 
                 && len > (apr_size_t)r->server->limit_req_fieldsize)) {
             r->status = HTTP_BAD_REQUEST;
+            /* insure ap_escape_html will terminate correctly */
+            field[r->server->limit_req_fieldsize] = '\0';
             apr_table_setn(r->notes, "error-notes",
                            apr_pstrcat(r->pool,
                                        "Size of a request header field "
-- 
2.40.0