Martin Kraemer wrote: > Hi. > > While looking at ajp_header.c, I realized that its method of parsing > the header line tokens is flakey: it uses memcmp() to check, e.g., > whether the header token is "Accept-Charset:", by uppercasing the > token name (-> "ACCEPT-CHARSET"), then compares the initial "ACCEPT-" > prefix, and then tests: > if (memcmp(p, "CHARSET", 7) == 0) return SC_ACCEPT_CHARSET; > but does not verify that the end of the token has been reached. > > Thus, a header > Accept-CharsetXXX-Blah: utf-8 > would be mistaken for an "Accept-Charset: utf-8". > > Same goes for a couple of other header names. > The patch replaces the memcmp by a strcmp to check for the trailing > NIL character, too. > > Also, IMO it is better to replace memcmp by strncasecmp in the test > - if (memcmp(stringname, "Content-Type", 12) == 0) { > + if (strncasecmp(stringname, "Content-Type", 12) == 0) { > > WDYT?
+1 mod_jk fixed it by additing one to each length, that is probably more efficent, no? Cheers Jean-Frederic > > Martin >