[2134] | 1 | --- httpd/httpd/branches/2.2.x/server/protocol.c 2012/01/24 19:59:57 1235453 |
---|
| 2 | +++ httpd/httpd/branches/2.2.x/server/protocol.c 2012/01/24 20:02:19 1235454 |
---|
| 3 | @@ -670,6 +670,16 @@ |
---|
| 4 | return 1; |
---|
| 5 | } |
---|
| 6 | |
---|
| 7 | +/* get the length of the field name for logging, but no more than 80 bytes */ |
---|
| 8 | +#define LOG_NAME_MAX_LEN 80 |
---|
| 9 | +static int field_name_len(const char *field) |
---|
| 10 | +{ |
---|
| 11 | + const char *end = ap_strchr_c(field, ':'); |
---|
| 12 | + if (end == NULL || end - field > LOG_NAME_MAX_LEN) |
---|
| 13 | + return LOG_NAME_MAX_LEN; |
---|
| 14 | + return end - field; |
---|
| 15 | +} |
---|
| 16 | + |
---|
| 17 | AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) |
---|
| 18 | { |
---|
| 19 | char *last_field = NULL; |
---|
| 20 | @@ -709,12 +719,15 @@ |
---|
| 21 | /* insure ap_escape_html will terminate correctly */ |
---|
| 22 | field[len - 1] = '\0'; |
---|
| 23 | apr_table_setn(r->notes, "error-notes", |
---|
| 24 | - apr_pstrcat(r->pool, |
---|
| 25 | + apr_psprintf(r->pool, |
---|
| 26 | "Size of a request header field " |
---|
| 27 | "exceeds server limit.<br />\n" |
---|
| 28 | - "<pre>\n", |
---|
| 29 | - ap_escape_html(r->pool, field), |
---|
| 30 | - "</pre>\n", NULL)); |
---|
| 31 | + "<pre>\n%.*s\n</pre>/n", |
---|
| 32 | + field_name_len(field), |
---|
| 33 | + ap_escape_html(r->pool, field))); |
---|
| 34 | + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
---|
| 35 | + "Request header exceeds LimitRequestFieldSize: " |
---|
| 36 | + "%.*s", field_name_len(field), field); |
---|
| 37 | } |
---|
| 38 | return; |
---|
| 39 | } |
---|
| 40 | @@ -735,13 +748,17 @@ |
---|
| 41 | * overflow (last_field) as the field with the problem |
---|
| 42 | */ |
---|
| 43 | apr_table_setn(r->notes, "error-notes", |
---|
| 44 | - apr_pstrcat(r->pool, |
---|
| 45 | + apr_psprintf(r->pool, |
---|
| 46 | "Size of a request header field " |
---|
| 47 | "after folding " |
---|
| 48 | "exceeds server limit.<br />\n" |
---|
| 49 | - "<pre>\n", |
---|
| 50 | - ap_escape_html(r->pool, last_field), |
---|
| 51 | - "</pre>\n", NULL)); |
---|
| 52 | + "<pre>\n%.*s\n</pre>\n", |
---|
| 53 | + field_name_len(last_field), |
---|
| 54 | + ap_escape_html(r->pool, last_field))); |
---|
| 55 | + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, |
---|
| 56 | + "Request header exceeds LimitRequestFieldSize " |
---|
| 57 | + "after folding: %.*s", |
---|
| 58 | + field_name_len(last_field), last_field); |
---|
| 59 | return; |
---|
| 60 | } |
---|
| 61 | |
---|
| 62 | @@ -773,13 +790,18 @@ |
---|
| 63 | if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ |
---|
| 64 | r->status = HTTP_BAD_REQUEST; /* abort bad request */ |
---|
| 65 | apr_table_setn(r->notes, "error-notes", |
---|
| 66 | - apr_pstrcat(r->pool, |
---|
| 67 | + apr_psprintf(r->pool, |
---|
| 68 | "Request header field is " |
---|
| 69 | "missing ':' separator.<br />\n" |
---|
| 70 | - "<pre>\n", |
---|
| 71 | + "<pre>\n%.*s</pre>\n", |
---|
| 72 | + (int)LOG_NAME_MAX_LEN, |
---|
| 73 | ap_escape_html(r->pool, |
---|
| 74 | - last_field), |
---|
| 75 | - "</pre>\n", NULL)); |
---|
| 76 | + last_field))); |
---|
| 77 | + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, |
---|
| 78 | + "Request header field is missing ':' " |
---|
| 79 | + "separator: %.*s", (int)LOG_NAME_MAX_LEN, |
---|
| 80 | + last_field); |
---|
| 81 | + |
---|
| 82 | return; |
---|
| 83 | } |
---|
| 84 | |
---|