Re: svn commit: r1073520 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c

2011-02-23 Thread Jim Jagielski 

On Feb 23, 2011, at 2:24 AM, Ruediger Pluem wrote:

 
 Couldn't this cause a one by off error later on as buf is only 1024 bytes 
 long and we need
 a terminating '\0'?
 

Yeah, if the input hits 1024 then we overshoot... fixed in r1073728

Re: svn commit: r1073520 - /httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c

2011-02-22 Thread Ruediger Pluem 


On 02/22/2011 10:43 PM, j...@apache.org wrote:
 Author: jim
 Date: Tue Feb 22 21:43:44 2011
 New Revision: 1073520
 
 URL: http://svn.apache.org/viewvc?rev=1073520view=rev
 Log:
 Be at least somewhat more RESTful... Use POST for changing stuff.
 
 Modified:
 httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
 
 Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c
 URL: 
 http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?rev=1073520r1=1073519r2=1073520view=diff
 ==
 --- httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c (original)
 +++ httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c Tue Feb 22 21:43:44 
 2011

 @@ -882,28 +930,27 @@ static int balancer_handler(request_rec 
  }
  }
  
 -if (r-args) {
 -char *args = apr_pstrdup(r-pool, r-args);
 -char *tok, *val;
 -while (args  *args) {
 -if ((val = ap_strchr(args, '='))) {
 -*val++ = '\0';
 -if ((tok = ap_strchr(val, '')))
 -*tok++ = '\0';
 -/*
 - * Special case: workers are allowed path information
 - */
 -if ((access_status = ap_unescape_url(val)) != OK)
 -if ((strcmp(args, w)  strcmp(args, b_nwrkr)) || 
 (access_status !=  HTTP_NOT_FOUND))
 -return access_status;
 -apr_table_setn(params, args, val);
 -args = tok;
 -}
 -else
 -return HTTP_BAD_REQUEST;
 -}
 -}
 +if (r-args  (r-method_number == M_GET)) {
 +const char *allowed[] = { w, b, nonce, NULL };
 +ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r-server, parsing 
 r-args);
  
 +push2table(r-args, params, allowed, r-pool);
 +}
 +if (r-method_number == M_POST) {
 +apr_bucket_brigade *ib;
 +apr_size_t len;
 +char *buf = apr_pcalloc(r-pool, 1024);;
 +
 +ib = apr_brigade_create(r-connection-pool, 
 r-connection-bucket_alloc);
 +rv = ap_get_brigade(r-input_filters, ib, AP_MODE_READBYTES,
 +APR_BLOCK_READ, 1024);

Couldn't this cause a one by off error later on as buf is only 1024 bytes long 
and we need
a terminating '\0'?

 +if (rv != APR_SUCCESS) {
 +return HTTP_INTERNAL_SERVER_ERROR;
 +}
 +apr_brigade_flatten(ib, buf, len);
 +buf[len] = '\0';
 +push2table(buf, params, NULL, r-pool);
 +}
  if ((name = apr_table_get(params, b)))
  bsel = ap_proxy_get_balancer(r-pool, conf,
  apr_pstrcat(r-pool, BALANCER_PREFIX, name, NULL));