head	1.2;
access;
symbols
	old_RELEASE_4_11_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2005.02.08.15.17.06;	author clement;	state dead;
branches;
next	1.1;

1.1
date	2004.11.10.18.24.44;	author clement;	state Exp;
branches;
next	;


desc
@@


1.2
log
@- Update to 2.0.53
- Download bz2'd tarball [1]
- Add print-closest-mirrors target.
  It allows you to find the 6 (3 http/3 ftp) closest mirror,
  base on http://www.apache.org/dyn/closer.cgi/httpd/
  make print-closest-mirrors >> /etc/make.conf automatically add
  the six closest mirror to the head of ${MASTER_SITE_APACHE_HTTPD}.

Requested by:	delphij
@
text
@===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v
retrieving revision 1.121.2.21
retrieving revision 1.121.2.22
diff -u -r1.121.2.21 -r1.121.2.22
--- server/protocol.c	2004/09/23 18:18:36	1.121.2.21
+++ server/protocol.c	2004/11/10 11:32:40	1.121.2.22
@@@@ -305,35 +305,13 @@@@
         }
     }
 
-    /* We now go backwards over any CR (if present) or white spaces.
-     *
-     * Trim any extra trailing spaces or tabs except for the first
-     * space or tab at the beginning of a blank string.  This makes
-     * it much easier to check field values for exact matches, and
-     * saves memory as well.  Terminate string at end of line.
-     */
-    pos = last_char;
-    if (pos > *s && *(pos - 1) == APR_ASCII_CR) {
-        --pos;
-    }
-
-    /* Trim any extra trailing spaces or tabs except for the first
-     * space or tab at the beginning of a blank string.  This makes
-     * it much easier to check field values for exact matches, and
-     * saves memory as well.
-     */
-    while (pos > ((*s) + 1)
-           && (*(pos - 1) == APR_ASCII_BLANK || *(pos - 1) == APR_ASCII_TAB)) {
-        --pos;
+    /* Now NUL-terminate the string at the end of the line; 
+     * if the last-but-one character is a CR, terminate there */
+    if (last_char > *s && last_char[-1] == APR_ASCII_CR) {
+        last_char--;
     }
-
-    /* Since we want to remove the LF from the line, we'll go ahead
-     * and set this last character to be the term NULL and reset
-     * bytes_handled accordingly.
-     */
-    *pos = '\0';
-    last_char = pos;
-    bytes_handled = pos - *s;
+    *last_char = '\0';
+    bytes_handled = last_char - *s;
 
     /* If we're folding, we have more work to do.
      *
@@@@ -750,7 +728,7 @@@@
                 last_len += len;
                 folded = 1;
             }
-            else {
+            else /* not a continuation line */ {
 
                 if (r->server->limit_req_fields
                     && (++fields_read > r->server->limit_req_fields)) {
@@@@ -773,29 +751,26 @@@@
                                                "</pre>\n", NULL));
                     return;
                 }
+                
+                tmp_field = value - 1; /* last character of field-name */
+
+                *value++ = '\0'; /* NUL-terminate at colon */
 
-                *value = '\0';
-                tmp_field = value;  /* used to trim the whitespace between key
-                                     * token and separator
-                                     */
-                ++value;
                 while (*value == ' ' || *value == '\t') {
                     ++value;            /* Skip to start of value   */
                 }
 
-                /* This check is to avoid any invalid memory reference while
-                 * traversing backwards in the key. To avoid a case where
-                 * the header starts with ':' (or with just some white
-                 * space and the ':') followed by the value
-                 */
-                if (tmp_field > last_field) {
-                    --tmp_field;
-                    while ((tmp_field > last_field) &&
-                           (*tmp_field == ' ' || *tmp_field == '\t')) {
-                        --tmp_field;   /* Removing LWS between key and ':' */
-                    }
-                    ++tmp_field;
-                    *tmp_field = '\0';
+                /* Strip LWS after field-name: */
+                while (tmp_field > last_field 
+                       && (*tmp_field == ' ' || *tmp_field == '\t')) {
+                    *tmp_field-- = '\0';
+                }
+                
+                /* Strip LWS after field-value: */
+                tmp_field = last_field + last_len - 1;
+                while (tmp_field > value
+                       && (*tmp_field == ' ' || *tmp_field == '\t')) {
+                    *tmp_field-- = '\0';
                 }
 
                 apr_table_addn(r->headers_in, last_field, value);

@


1.1
log
@- Fix memory consumption DoS, CVE CAN-2004-0942

Reported by:    josef
Obtained from:  Apache CVS
@
text
@@

