diff options
Diffstat (limited to 'www/apache20/files/patch-secfix-CAN-2004-0942')
| -rw-r--r-- | www/apache20/files/patch-secfix-CAN-2004-0942 | 104 |
1 files changed, 0 insertions, 104 deletions
diff --git a/www/apache20/files/patch-secfix-CAN-2004-0942 b/www/apache20/files/patch-secfix-CAN-2004-0942 deleted file mode 100644 index 2f67f7c4013d..000000000000 --- a/www/apache20/files/patch-secfix-CAN-2004-0942 +++ /dev/null @@ -1,104 +0,0 @@ -=================================================================== -RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v -retrieving revision 1.121.2.21 -retrieving revision 1.121.2.22 -diff -u -r1.121.2.21 -r1.121.2.22 ---- server/protocol.c 2004/09/23 18:18:36 1.121.2.21 -+++ server/protocol.c 2004/11/10 11:32:40 1.121.2.22 -@@ -305,35 +305,13 @@ - } - } - -- /* We now go backwards over any CR (if present) or white spaces. -- * -- * Trim any extra trailing spaces or tabs except for the first -- * space or tab at the beginning of a blank string. This makes -- * it much easier to check field values for exact matches, and -- * saves memory as well. Terminate string at end of line. -- */ -- pos = last_char; -- if (pos > *s && *(pos - 1) == APR_ASCII_CR) { -- --pos; -- } -- -- /* Trim any extra trailing spaces or tabs except for the first -- * space or tab at the beginning of a blank string. This makes -- * it much easier to check field values for exact matches, and -- * saves memory as well. -- */ -- while (pos > ((*s) + 1) -- && (*(pos - 1) == APR_ASCII_BLANK || *(pos - 1) == APR_ASCII_TAB)) { -- --pos; -+ /* Now NUL-terminate the string at the end of the line; -+ * if the last-but-one character is a CR, terminate there */ -+ if (last_char > *s && last_char[-1] == APR_ASCII_CR) { -+ last_char--; - } -- -- /* Since we want to remove the LF from the line, we'll go ahead -- * and set this last character to be the term NULL and reset -- * bytes_handled accordingly. -- */ -- *pos = '\0'; -- last_char = pos; -- bytes_handled = pos - *s; -+ *last_char = '\0'; -+ bytes_handled = last_char - *s; - - /* If we're folding, we have more work to do. - * -@@ -750,7 +728,7 @@ - last_len += len; - folded = 1; - } -- else { -+ else /* not a continuation line */ { - - if (r->server->limit_req_fields - && (++fields_read > r->server->limit_req_fields)) { -@@ -773,29 +751,26 @@ - "</pre>\n", NULL)); - return; - } -+ -+ tmp_field = value - 1; /* last character of field-name */ -+ -+ *value++ = '\0'; /* NUL-terminate at colon */ - -- *value = '\0'; -- tmp_field = value; /* used to trim the whitespace between key -- * token and separator -- */ -- ++value; - while (*value == ' ' || *value == '\t') { - ++value; /* Skip to start of value */ - } - -- /* This check is to avoid any invalid memory reference while -- * traversing backwards in the key. To avoid a case where -- * the header starts with ':' (or with just some white -- * space and the ':') followed by the value -- */ -- if (tmp_field > last_field) { -- --tmp_field; -- while ((tmp_field > last_field) && -- (*tmp_field == ' ' || *tmp_field == '\t')) { -- --tmp_field; /* Removing LWS between key and ':' */ -- } -- ++tmp_field; -- *tmp_field = '\0'; -+ /* Strip LWS after field-name: */ -+ while (tmp_field > last_field -+ && (*tmp_field == ' ' || *tmp_field == '\t')) { -+ *tmp_field-- = '\0'; -+ } -+ -+ /* Strip LWS after field-value: */ -+ tmp_field = last_field + last_len - 1; -+ while (tmp_field > value -+ && (*tmp_field == ' ' || *tmp_field == '\t')) { -+ *tmp_field-- = '\0'; - } - - apr_table_addn(r->headers_in, last_field, value); - |