From: Jeff Trawick <trawick@apache.org>
Date: Thu, 13 May 2004 23:40:03 +0000 (+0000)
Subject: Ensure that lines in the request which are too long are
X-Git-Tag: 2.0.50~104
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5206e0ab1c63d3f2f5d38c64b55703b1e793193e;p=thirdparty%2Fapache%2Fhttpd.git

Ensure that lines in the request which are too long are
properly terminated before logging.

Submitted by:	Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>
Reviewed by:	trawick, nd, bnicholes


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@103680 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f5c84d1f468..beda4338927 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 2.0.50
 
+  *) Ensure that lines in the request which are too long are 
+     properly terminated before logging.
+     [Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>]
+
   *) Update the bind credentials for the cached LDAP connection to 
      reflect the last bind.  This prevents util_ldap from creating 
      unnecessary connections rather than reusing cached connections.
diff --git a/STATUS b/STATUS
index c2fec152000..49cdfe979fd 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/05/13 15:18:24 $]
+Last modified at [$Date: 2004/05/13 23:40:02 $]
 
 Release:
 
@@ -393,10 +393,6 @@ PATCHES TO BACKPORT FROM 2.1
       which integrates the two rounds of changes)
       +1 concept: trawick
 
-    * Make sure long request lines are '\0'-terminated. (PR 28376)
-      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/protocol.c?r1=1.147&r2=1.148
-      +1: trawick, nd, bnicholes
-
 CURRENT RELEASE NOTES:
 
     * Backwards compatibility is expected of future Apache 2.0 releases,
diff --git a/server/protocol.c b/server/protocol.c
index 588dd6dd581..fbe6d0ed709 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -250,6 +250,15 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
         /* Would this overrun our buffer?  If so, we'll die. */
         if (n < bytes_handled + len) {
             *read = bytes_handled;
+            if (*s) {
+                /* ensure this string is terminated */
+                if (bytes_handled < n) {
+                    (*s)[bytes_handled] = '\0';
+                }
+                else {
+                    (*s)[n-1] = '\0';
+                }
+            }
             return APR_ENOSPC;
         }
 
@@ -380,6 +389,8 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
             /* Do we have enough space? We may be full now. */
                 if (bytes_handled >= n) {
                     *read = n;
+                    /* ensure this string is terminated */
+                    (*s)[n-1] = '\0';
                     return APR_ENOSPC;
                 }
                 else {