Fix a big memory leak bug related to arbitrarily large header lines.

The core input filter would happily consume all the data you gave it
in a header line, looking for that one LF. This patch limits that
"getline" functionality to HUGE_STRING_LEN (8192 bytes).

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91711 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/server/core.c b/server/core.c
index d4f2aeaa295a7b6e43059b342e695203d4836699..dbcddafc8ce629675c28454f109d34ee2600dd69 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -2936,6 +2936,11 @@ static int core_input_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mod
         APR_BUCKET_REMOVE(e);
         APR_BRIGADE_INSERT_TAIL(b, e);
         *readbytes += len;
+        /* We didn't find an APR_ASCII_LF within the predefined maximum
+         * line length. */
+        if (len >= HUGE_STRING_LEN) {
+            return -1;
+        }
     }
 
     return APR_SUCCESS;