From: Jeff Trawick <trawick@apache.org>
Date: Sat, 22 Jun 2013 15:31:13 +0000 (+0000)
Subject: core: Limit ap_pregsub() to 64MB, add ap_pregsub_ex() for longer strings.
X-Git-Tag: 2.2.25~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a519672e521501a1e183750b7681631fceca69a2;p=thirdparty%2Fapache%2Fhttpd.git

core: Limit ap_pregsub() to 64MB, add ap_pregsub_ex() for longer strings.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1495744 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 9a37246e431..76e3a81f469 100644
--- a/STATUS
+++ b/STATUS
@@ -238,6 +238,23 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
     2.2.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-tmppath.patch
     +1: minfrin
 
+  * core: Limit ap_pregsub() to 64MB, add ap_pregsub_ex() for longer strings.
+    The default limit can be adjusted at compile time using AP_PREGSUB_MAXLEN.
+    mod_setenvif: Log error on substitution overflow.
+
+    IMPORTANT: This could break existing configurations which rely on 
+               substitutions > 64MB.  Those sites need to rebuild with an
+               override of AP_PREGSUB_MAXLEN.
+               2.4.x has a much smaller limit on ap_pregsub() because that change
+               was introduced with the new release.
+
+    trunk patch:
+       util.c: too many to list, as it is tied up in other added features and follow-
+               up fixes; I started with 2.4.x HEAD and backed out some semantic changes
+               in the code of interest
+       mod_setenvif.c: http://svn.apache.org/viewvc?view=revision&revision=1198966
+    2.2.x patch: http://people.apache.org/~trawick/ap_pregsub_ex_22x-2.txt
+    +1: trawick
 
 PATCHES/ISSUES THAT ARE STALLED