dgaudet 97/12/19 10:24:59
Modified: src CHANGES
src/modules/standard mod_negotiation.c
Log:
Fix a potential SEGV -- the "hdr" variable was being incremented twice
going past the \0 terminator.
Reviewed by: Jim Jagielski, Martin Kraemer
Revision Changes Path
1.531 +3 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.530
retrieving revision 1.531
diff -u -r1.530 -r1.531
--- CHANGES 1997/12/19 02:17:15 1.530
+++ CHANGES 1997/12/19 18:24:50 1.531
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) Fix a potential SEGV problem in mod_negotiation when dealing
+ with type-maps. [Dean Gaudet]
+
*) Better glibc support under Linux. [Dean Gaudet] PR#1542
*) "RedirectMatch gone /" would cause a SIGSEGV. [Dean Gaudet] PR#1319
1.62 +5 -4 apachen/src/modules/standard/mod_negotiation.c
Index: mod_negotiation.c
===================================================================
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_negotiation.c,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- mod_negotiation.c 1997/10/22 20:30:26 1.61
+++ mod_negotiation.c 1997/12/19 18:24:52 1.62
@@ -645,10 +645,11 @@
while (*hdr) {
if (*hdr == '"') {
- while (*++hdr && *hdr != '"') {
- continue;
- }
- ++hdr;
+ hdr = strchr(hdr, '"');
+ if (hdr == NULL) {
+ return;
+ }
+ ++hdr;
}
else if (*hdr == '(') {
while (*hdr && *hdr != ')') {
