From owner-freebsd-ports Sat Aug 8 10:11:14 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA02627 for freebsd-ports-outgoing; Sat, 8 Aug 1998 10:11:14 -0700 (PDT) (envelope-from owner-freebsd-ports@FreeBSD.ORG) Received: from megaweapon.zigg.com (megaweapon.zigg.com [206.114.60.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA02619; Sat, 8 Aug 1998 10:11:07 -0700 (PDT) (envelope-from matt@zigg.com) Received: from megaweapon.zigg.com (matt@megaweapon.zigg.pvt [192.168.1.1]) by megaweapon.zigg.com (8.8.8/8.8.8) with SMTP id NAA19131; Sat, 8 Aug 1998 13:15:49 -0400 (EDT) (envelope-from matt@zigg.com) Date: Sat, 8 Aug 1998 13:15:49 -0400 (EDT) From: Matt Behrens To: ports@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Patch for Apache 1.2.6 (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Here is a patch for the www/apache12 port which applies a band-aid to the situation recently discussed on BUGTRAQ. Apache will probably release a fixed version of 1.2 soon. Matt Behrens Founder and Chief Engineer, The OverNet Network I eat Penguins for breakfast. *** http_protocol.c --- http_protocol.c Fri Aug 7 21:37:19 1998 *************** *** 668,679 **** --- 668,683 ---- int len; char *value; char field[MAX_STRING_LEN]; + int nheaders=0; /* Read header lines until we get the empty separator line, * a read error, the connection closes (EOF), or we timeout. * Should we also check for overflow (len == MAX_STRING_LEN-1)? */ while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) { + + if (++nheaders >= 100) + continue; if (!(value = strchr(field,':'))) /* Find the colon separator */ continue; /* or should puke 400 here */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message