On 08/03/2016 09:46 AM, [email protected] wrote:
Modified: httpd/httpd/trunk/server/protocol.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1755098&r1=1755097&r2=1755098&view=diff ============================================================================== --- httpd/httpd/trunk/server/protocol.c (original) +++ httpd/httpd/trunk/server/protocol.c Wed Aug 3 16:46:20 2016 @@ -835,8 +835,15 @@ AP_DECLARE(void) ap_get_mime_headers_cor return; }- if (last_field != NULL) { - if ((len > 0) && ((*field == '\t') || *field == ' ')) { + if ((len > 0) && ((*field == '\t') || *field == ' ')) { + if (last_field == NULL) { + r->status = HTTP_BAD_REQUEST; + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442) + "Line folding encounterd before first" + " header line"); + return; + } +
I don't think this is an equivalent transformation. More logic below this case relies on the last_field NULL check, and I'm currently getting segfaults on trunk due to the strchr on line 907.
The addition of the `== NULL` check also triggers a C90 compiler warning for the combo declaration/assignment of fold_len.
--Jacob
