I just released 1.3d which fixes this and one other bug.

Niels.

On 8/14/07, Niels Provos <[EMAIL PROTECTED]> wrote:
> This has been fixed in trunk already.   There is going to be a new
> release soon - I have been traveling for the last week.  This was a
> pretty dumb bug and shows why unittesting is really important.
>
> Niels.
>
> On 8/13/07, Charles Kerr <[EMAIL PROTECTED]> wrote:
> > 1.3c's evhttp_add_header() function has a pretty nasty bug that
> > can cause valid headers to be rejected out of hand, and also can
> > cause parsing of incoming messages to fail.  The problem is
> > that strchr() is being passed two strings, rather than a string
> > and a character.
> >
> > --- http.c.bak  2007-08-13 22:51:30.000000000 -0500
> > +++ http.c      2007-08-13 22:51:44.000000000 -0500
> > @@ -1122,7 +1122,7 @@
> >   {
> >         struct evkeyval *header;
> >
> > -      if (strchr(value, "\r") != NULL || strchr(value, "\n") != NULL) {
> > +      if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL) {
> >                  /* drop illegal headers */
> >                  return (-1);
> >          }
> >
> > cheers,
> > Charles
> > _______________________________________________
> > Libevent-users mailing list
> > Libevent-users@monkey.org
> > http://monkey.org/mailman/listinfo/libevent-users
> >
> >
>
_______________________________________________
Libevent-users mailing list
Libevent-users@monkey.org
http://monkey.org/mailman/listinfo/libevent-users

Reply via email to