From c31a157f5163a945343cf253dfb4aa4f126bceca Mon Sep 17 00:00:00 2001 From: Graham Leggett Date: Sun, 13 Sep 2009 16:35:40 +0000 Subject: [PATCH] mod_request: Make sure the KeptBodySize directive rejects values that aren't valid numbers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814337 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ modules/filters/mod_request.c | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index f1fe999074..e5dd676668 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.3 + *) mod_request: Make sure the KeptBodySize directive rejects values + that aren't valid numbers. [Graham Leggett] + *) mod_session_crypto: Sanity check should the potentially encrypted session cookie be too short. [Graham Leggett] diff --git a/modules/filters/mod_request.c b/modules/filters/mod_request.c index 9f6845f151..d8110aa6f8 100644 --- a/modules/filters/mod_request.c +++ b/modules/filters/mod_request.c @@ -564,10 +564,11 @@ static const char *set_kept_body_size(cmd_parms *cmd, void *dconf, const char *arg) { request_dir_conf *conf = dconf; + char *end = NULL; - if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, NULL, 0) - || conf->keep_body < 0) { - return "KeptBodySize must be a size in bytes, or zero."; + if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, &end, 0) + || conf->keep_body < 0 || end) { + return "KeptBodySize must be a valid size in bytes, or zero."; } conf->keep_body_set = 1; -- 2.40.0