Date: Sat, 8 Aug 1998 13:15:49 -0400 (EDT) From: Matt Behrens <matt@zigg.com> To: ports@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Patch for Apache 1.2.6 (fwd) Message-ID: <Pine.BSF.3.96.980808131413.19116A-100000@megaweapon.zigg.com>
next in thread | raw e-mail | index | archive | help
Here is a patch for the www/apache12 port which applies a band-aid
to the situation recently discussed on BUGTRAQ. Apache will probably
release a fixed version of 1.2 soon.
Matt Behrens <matt@zigg.com>
Founder and Chief Engineer, The OverNet Network
I eat Penguins for breakfast.
*** http_protocol.c
--- http_protocol.c Fri Aug 7 21:37:19 1998
***************
*** 668,679 ****
--- 668,683 ----
int len;
char *value;
char field[MAX_STRING_LEN];
+ int nheaders=0;
/* Read header lines until we get the empty separator line,
* a read error, the connection closes (EOF), or we timeout.
* Should we also check for overflow (len == MAX_STRING_LEN-1)?
*/
while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) {
+
+ if (++nheaders >= 100)
+ continue;
if (!(value = strchr(field,':'))) /* Find the colon separator */
continue; /* or should puke 400 here */
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980808131413.19116A-100000>