From: Graham Leggett Date: Sun, 13 Sep 2009 16:35:40 +0000 (+0000) Subject: mod_request: Make sure the KeptBodySize directive rejects values X-Git-Tag: 2.3.3~310 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=c31a157f5163a945343cf253dfb4aa4f126bceca;p=thirdparty%2Fapache%2Fhttpd.git mod_request: Make sure the KeptBodySize directive rejects values that aren't valid numbers. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@814337 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index f1fe9990747..e5dd6766689 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.3.3 + *) mod_request: Make sure the KeptBodySize directive rejects values + that aren't valid numbers. [Graham Leggett] + *) mod_session_crypto: Sanity check should the potentially encrypted session cookie be too short. [Graham Leggett] diff --git a/modules/filters/mod_request.c b/modules/filters/mod_request.c index 9f6845f151f..d8110aa6f80 100644 --- a/modules/filters/mod_request.c +++ b/modules/filters/mod_request.c @@ -564,10 +564,11 @@ static const char *set_kept_body_size(cmd_parms *cmd, void *dconf, const char *arg) { request_dir_conf *conf = dconf; + char *end = NULL; - if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, NULL, 0) - || conf->keep_body < 0) { - return "KeptBodySize must be a size in bytes, or zero."; + if (APR_SUCCESS != apr_strtoff(&(conf->keep_body), arg, &end, 0) + || conf->keep_body < 0 || end) { + return "KeptBodySize must be a valid size in bytes, or zero."; } conf->keep_body_set = 1;