On Wed, May 29, 2002 at 02:57:27PM -0000, [EMAIL PROTECTED] wrote:
> Ignore leading zeros when parsing hex value for chunk extensions.
>
> + /* Skip leading zeros */
> + while (*b == '0') {
> + ++b;
> + }
> +
> while (apr_isxdigit(*b) && (chunkbits > 0)) {
This patch will IMHO not change anything at all. Leading zeros are
added by the while (apr_isxdigit..) loop by shifting 0 << 4 and adding 0.
They never produce any overflow condition, no matter how many there are.
But it might be interesting to check the current value of
chunksize within the loop:
while (apr_isxdigit(*b)) {
int xvalue = 0;
...set xvalue to the next hex digit, value 0 thru 15...
/* ---> Add here: a check whether the chunk will overflow the limit */
if (chunksize > ((limit_req_line + 15) >> 4))
signal an error;
chunksize = (chunksize << 4) | xvalue;
++b;
}
But we need
a) an extra parameter to pass the limit's value
(something like r->server->limit_req_line or a new configurable
max.chunk size) and
b) an error condition (get_chunk_size() currently has none)
to signal such an error.
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany
