dgaudet 97/12/19 10:24:59
Modified: src CHANGES src/modules/standard mod_negotiation.c Log: Fix a potential SEGV -- the "hdr" variable was being incremented twice going past the \0 terminator. Reviewed by: Jim Jagielski, Martin Kraemer Revision Changes Path 1.531 +3 -0 apachen/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.530 retrieving revision 1.531 diff -u -r1.530 -r1.531 --- CHANGES 1997/12/19 02:17:15 1.530 +++ CHANGES 1997/12/19 18:24:50 1.531 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) Fix a potential SEGV problem in mod_negotiation when dealing + with type-maps. [Dean Gaudet] + *) Better glibc support under Linux. [Dean Gaudet] PR#1542 *) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319 1.62 +5 -4 apachen/src/modules/standard/mod_negotiation.c Index: mod_negotiation.c =================================================================== RCS file: /export/home/cvs/apachen/src/modules/standard/mod_negotiation.c,v retrieving revision 1.61 retrieving revision 1.62 diff -u -r1.61 -r1.62 --- mod_negotiation.c 1997/10/22 20:30:26 1.61 +++ mod_negotiation.c 1997/12/19 18:24:52 1.62 @@ -645,10 +645,11 @@ while (*hdr) { if (*hdr == '"') { - while (*++hdr && *hdr != '"') { - continue; - } - ++hdr; + hdr = strchr(hdr, '"'); + if (hdr == NULL) { + return; + } + ++hdr; } else if (*hdr == '(') { while (*hdr && *hdr != ')') {