On Wed, May 29, 2002 at 02:57:27PM -0000, [EMAIL PROTECTED] wrote: > Ignore leading zeros when parsing hex value for chunk extensions. > > + /* Skip leading zeros */ > + while (*b == '0') { > + ++b; > + } > + > while (apr_isxdigit(*b) && (chunkbits > 0)) {
This patch will IMHO not change anything at all. Leading zeros are added by the while (apr_isxdigit..) loop by shifting 0 << 4 and adding 0. They never produce any overflow condition, no matter how many there are. But it might be interesting to check the current value of chunksize within the loop: while (apr_isxdigit(*b)) { int xvalue = 0; ...set xvalue to the next hex digit, value 0 thru 15... /* ---> Add here: a check whether the chunk will overflow the limit */ if (chunksize > ((limit_req_line + 15) >> 4)) signal an error; chunksize = (chunksize << 4) | xvalue; ++b; } But we need a) an extra parameter to pass the limit's value (something like r->server->limit_req_line or a new configurable max.chunk size) and b) an error condition (get_chunk_size() currently has none) to signal such an error. Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany