Limit length of lines in .htaccess to 8K again, to reduce DoS potential.

Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1213338 13f79535-47bb-0310-9956-ffa450edef68
author: Stefan Fritsch <sf@apache.org> 2011-12-12 17:50:33 +0000
committer: Stefan Fritsch <sf@apache.org> 2011-12-12 17:50:33 +0000
commit: 91ce790cd3bda7b225671340c6637d345b688e74 (patch)
tree: fc63446ea3bf78a4f2b3b12d1e4c7d6428c7127e /server/config.c
parent: e0a5a7882ed8b09b9384de5f2b32acc1d1db0ad9 (diff)
download: httpd-91ce790cd3bda7b225671340c6637d345b688e74.tar.gz
1 files changed, 12 insertions, 3 deletions
diff --git a/server/config.c b/server/config.c
index 543129164c..8c56308b9a 100644
--- a/server/config.c
+++ b/server/config.c
@@ -1202,11 +1202,14 @@ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p,
     ap_directive_t *sub_tree = NULL;
     apr_status_t rc;
     struct ap_varbuf vb;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (p == temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     bracket = apr_pstrcat(temp_pool, orig_directive + 1, ">", NULL);
     ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN);
 
-    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN))
+    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len))
            == APR_SUCCESS) {
         if (!memcmp(vb.buf, "</", 2)
             && (strcasecmp(vb.buf + 2, bracket) == 0)
@@ -1324,6 +1327,9 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms,
     ap_directive_t **last_ptr = NULL;
     apr_status_t rc;
     struct ap_varbuf vb;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (p == temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN);
 
@@ -1349,7 +1355,7 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms,
         }
     }
 
-    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN))
+    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len))
            == APR_SUCCESS) {
         errmsg = ap_build_config_sub(p, temp_pool, vb.buf, parms,
                                      &current, &curr_parent, conftree);
@@ -1540,10 +1546,13 @@ AP_DECLARE(const char *) ap_soak_end_container(cmd_parms *cmd, char *directive)
     const char *args;
     char *cmd_name;
     apr_status_t rc;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (cmd->pool == cmd->temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     ap_varbuf_init(cmd->temp_pool, &vb, VARBUF_INIT_LEN);
 
-    while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, VARBUF_MAX_LEN))
+    while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, max_len))
           == APR_SUCCESS) {
 #if RESOLVE_ENV_PER_TOKEN
         args = vb.buf;
author	Stefan Fritsch <sf@apache.org>	2011-12-12 17:50:33 +0000
committer	Stefan Fritsch <sf@apache.org>	2011-12-12 17:50:33 +0000
commit	91ce790cd3bda7b225671340c6637d345b688e74 (patch)
tree	fc63446ea3bf78a4f2b3b12d1e4c7d6428c7127e /server/config.c
parent	e0a5a7882ed8b09b9384de5f2b32acc1d1db0ad9 (diff)
download	httpd-91ce790cd3bda7b225671340c6637d345b688e74.tar.gz