From: Roy T. Fielding <fielding@apache.org>
Date: Tue, 20 Jul 2010 19:33:28 +0000 (+0000)
Subject: veto change to ap_rgetline_core(); should be reverted on truck as well
X-Git-Tag: 2.2.16~8
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f9af8a3cc97165dc9eb5c3a9699f7384b25948c9;p=thirdparty%2Fapache%2Fhttpd.git

veto change to ap_rgetline_core(); should be reverted on truck as well

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@965967 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 504d4ad2615..76905bb02fa 100644
--- a/STATUS
+++ b/STATUS
@@ -216,6 +216,12 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
      Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=892678
      2.2 patch: trunk patch Works with offset.
      +1: niq
+     -1: fielding: this routine is hand-optimized for speed, and the
+         "solution" is to add an if (strlen(*s) < bytes_handled - 1)
+         to every single line read?  Seriously?  If we want to have
+         ap_rgetline_core() enforce validity, then we should be using a
+         stop character array and error on all control characters not
+         allowed by HTTP.
 
    * core: (re)-introduce -T commandline option to suppress documentroot
      check at startup