source:
trunk/server/common/patches/httpd-2.2.x-CVE-2012-0053.patch
@
2134
Last change on this file since 2134 was 2134, checked in by achernya, 13 years ago | |
---|---|
File size: 4.3 KB |
-
httpd/httpd/branches/2.2.x/server/protocol.c
670 670 return 1; 671 671 } 672 672 673 /* get the length of the field name for logging, but no more than 80 bytes */ 674 #define LOG_NAME_MAX_LEN 80 675 static int field_name_len(const char *field) 676 { 677 const char *end = ap_strchr_c(field, ':'); 678 if (end == NULL || end - field > LOG_NAME_MAX_LEN) 679 return LOG_NAME_MAX_LEN; 680 return end - field; 681 } 682 673 683 AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) 674 684 { 675 685 char *last_field = NULL; … … 709 719 /* insure ap_escape_html will terminate correctly */ 710 720 field[len - 1] = '\0'; 711 721 apr_table_setn(r->notes, "error-notes", 712 apr_ps trcat(r->pool,722 apr_psprintf(r->pool, 713 723 "Size of a request header field " 714 724 "exceeds server limit.<br />\n" 715 "<pre>\n", 716 ap_escape_html(r->pool, field), 717 "</pre>\n", NULL)); 725 "<pre>\n%.*s\n</pre>/n", 726 field_name_len(field), 727 ap_escape_html(r->pool, field))); 728 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 729 "Request header exceeds LimitRequestFieldSize: " 730 "%.*s", field_name_len(field), field); 718 731 } 719 732 return; 720 733 } … … 735 748 * overflow (last_field) as the field with the problem 736 749 */ 737 750 apr_table_setn(r->notes, "error-notes", 738 apr_ps trcat(r->pool,751 apr_psprintf(r->pool, 739 752 "Size of a request header field " 740 753 "after folding " 741 754 "exceeds server limit.<br />\n" 742 "<pre>\n", 743 ap_escape_html(r->pool, last_field), 744 "</pre>\n", NULL)); 755 "<pre>\n%.*s\n</pre>\n", 756 field_name_len(last_field), 757 ap_escape_html(r->pool, last_field))); 758 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 759 "Request header exceeds LimitRequestFieldSize " 760 "after folding: %.*s", 761 field_name_len(last_field), last_field); 745 762 return; 746 763 } 747 764 … … 773 790 if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ 774 791 r->status = HTTP_BAD_REQUEST; /* abort bad request */ 775 792 apr_table_setn(r->notes, "error-notes", 776 apr_ps trcat(r->pool,793 apr_psprintf(r->pool, 777 794 "Request header field is " 778 795 "missing ':' separator.<br />\n" 779 "<pre>\n", 796 "<pre>\n%.*s</pre>\n", 797 (int)LOG_NAME_MAX_LEN, 780 798 ap_escape_html(r->pool, 781 last_field), 782 "</pre>\n", NULL)); 799 last_field))); 800 ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, 801 "Request header field is missing ':' " 802 "separator: %.*s", (int)LOG_NAME_MAX_LEN, 803 last_field); 804 783 805 return; 784 806 } 785 807
Note: See TracBrowser
for help on using the repository browser.