Changes with Apache 2.0.50
+ *) SECURITY: CAN-2004-0493 (cve.mitre.org)
+ Close a denial of service vulnerability identified by Georgi
+ Guninski which could lead to memory exhaustion with certain
+ input data. [Jeff Trawick]
+
*) mod_cgi: Handle output on stderr during script execution on Unix
platforms; preventing deadlock when stderr output fills pipe buffer.
Also fixes case where stderr from nph- scripts could be lost.
* continuations that span many many lines.
*/
apr_size_t fold_len = last_len + len + 1; /* trailing null */
+
+ if ((fold_len - 1) > r->server->limit_req_fieldsize) {
+ r->status = HTTP_BAD_REQUEST;
+ /* report what we have accumulated so far before the
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Size of a request header field "
+ "after folding "
+ "exceeds server limit.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool, last_field),
+ "</pre>\n", NULL));
+ return;
+ }
+
if (fold_len > alloc_len) {
char *fold_buf;
alloc_len += alloc_len;
projects / thirdparty / apache / httpd.git / commitdiff
