From: Greg Ames <gregames@apache.org>
Date: Tue, 10 Dec 2002 02:56:26 +0000 (+0000)
Subject: prevent a potential seg fault in ap_escape_html if a header field is too
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=62d64f5ceb5c5732a8875e1e4a452047e4bc703e;p=thirdparty%2Fapache%2Fhttpd.git

prevent a potential seg fault in ap_escape_html if a header field is too
long.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97832 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/protocol.c b/server/protocol.c
index b683f022115..d1fbba3c52e 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -778,6 +778,8 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
             || (rv == APR_SUCCESS 
                 && len > (apr_size_t)r->server->limit_req_fieldsize)) {
             r->status = HTTP_BAD_REQUEST;
+            /* insure ap_escape_html will terminate correctly */
+            field[r->server->limit_req_fieldsize] = '\0';
             apr_table_setn(r->notes, "error-notes",
                            apr_pstrcat(r->pool,
                                        "Size of a request header field "