dgaudet 98/08/09 09:57:29
Modified:src/include httpd.h
src/main http_protocol.c
Log:
Include everything in the limits, rather than having to remember to
add 2 to some of them... which leads to off-by-1 errors like one I just
committed. (I don't understand what the + 2 was all about. It doesn't
fit \r\n\0...)
Revision ChangesPath
1.232 +2 -2 apache-1.3/src/include/httpd.h
Index: httpd.h
===
RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
retrieving revision 1.231
retrieving revision 1.232
diff -u -r1.231 -r1.232
--- httpd.h 1998/08/09 06:37:16 1.231
+++ httpd.h 1998/08/09 16:57:28 1.232
@@ -551,13 +551,13 @@
* LimitRequestFieldSize, and LimitRequestBody configuration directives.
*/
#ifndef DEFAULT_LIMIT_REQUEST_LINE
-#define DEFAULT_LIMIT_REQUEST_LINE 8190
+#define DEFAULT_LIMIT_REQUEST_LINE 8192
#endif /* default limit on bytes in Request-Line (Method+URI+HTTP-version) */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDS
#define DEFAULT_LIMIT_REQUEST_FIELDS 100
#endif /* default limit on number of header fields */
#ifndef DEFAULT_LIMIT_REQUEST_FIELDSIZE
-#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8190
+#define DEFAULT_LIMIT_REQUEST_FIELDSIZE 8192
#endif /* default limit on bytes in any one field */
#ifndef DEFAULT_LIMIT_REQUEST_BODY
#define DEFAULT_LIMIT_REQUEST_BODY 33554432ul
1.234 +5 -5 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===
RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.233
retrieving revision 1.234
diff -u -r1.233 -r1.234
--- http_protocol.c 1998/08/09 16:52:31 1.233
+++ http_protocol.c 1998/08/09 16:57:29 1.234
@@ -635,7 +635,7 @@
pool *tmp;
tmp = ap_make_sub_pool(r-pool);
-l = ap_palloc(tmp, r-server-limit_req_line + 2);
+l = ap_palloc(tmp, r-server-limit_req_line);
ll = l;
/* Read past empty lines until we get a real request line,
@@ -653,7 +653,7 @@
* have to block during a read.
*/
ap_bsetflag(conn-client, B_SAFEREAD, 1);
-while ((len = getline(l, r-server-limit_req_line + 2, conn-client,
0)) = 0) {
+while ((len = getline(l, r-server-limit_req_line, conn-client, 0)) =
0) {
if ((len 0) || ap_bgetflag(conn-client, B_EOF)) {
ap_bsetflag(conn-client, B_SAFEREAD, 0);
ap_destroy_pool(tmp);
@@ -764,7 +764,7 @@
arr = ap_make_array(tmp, 50, sizeof(mime_key));
order = 0;
-field = ap_palloc(tmp, r-server-limit_req_fieldsize + 2);
+field = ap_palloc(tmp, r-server-limit_req_fieldsize);
/* If headers_in is non-empty (i.e. we're parsing a trailer) then
* we have to merge. Have I mentioned that I think this is a lame part
@@ -794,7 +794,7 @@
* Read header lines until we get the empty separator line, a read error,
* the connection closes (EOF), reach the server limit, or we timeout.
*/
-while ((len = getline(field, r-server-limit_req_fieldsize + 2,
+while ((len = getline(field, r-server-limit_req_fieldsize,
c-client, 1)) 0) {
if (++fields_read r-server-limit_req_fields) {
@@ -804,7 +804,7 @@
ap_destroy_pool(tmp);
return;
}
-if (len = r-server-limit_req_fieldsize + 1) {
+if (len = r-server-limit_req_fieldsize) {
r-status = HTTP_BAD_REQUEST;
ap_table_setn(r-notes, error-notes, ap_pstrcat(r-pool,
Size of a request header field exceeds server limit.P\n