diff options
author | Stefan Fritsch <sf@apache.org> | 2011-12-12 17:50:33 +0000 |
---|---|---|
committer | Stefan Fritsch <sf@apache.org> | 2011-12-12 17:50:33 +0000 |
commit | 91ce790cd3bda7b225671340c6637d345b688e74 (patch) | |
tree | fc63446ea3bf78a4f2b3b12d1e4c7d6428c7127e /server/config.c | |
parent | e0a5a7882ed8b09b9384de5f2b32acc1d1db0ad9 (diff) | |
download | httpd-91ce790cd3bda7b225671340c6637d345b688e74.tar.gz |
Limit length of lines in .htaccess to 8K again, to reduce DoS potential.
Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1213338 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/config.c')
-rw-r--r-- | server/config.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/server/config.c b/server/config.c index 543129164c..8c56308b9a 100644 --- a/server/config.c +++ b/server/config.c @@ -1202,11 +1202,14 @@ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p, ap_directive_t *sub_tree = NULL; apr_status_t rc; struct ap_varbuf vb; + apr_size_t max_len = VARBUF_MAX_LEN; + if (p == temp_pool) + max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */ bracket = apr_pstrcat(temp_pool, orig_directive + 1, ">", NULL); ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN); - while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN)) + while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len)) == APR_SUCCESS) { if (!memcmp(vb.buf, "</", 2) && (strcasecmp(vb.buf + 2, bracket) == 0) @@ -1324,6 +1327,9 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms, ap_directive_t **last_ptr = NULL; apr_status_t rc; struct ap_varbuf vb; + apr_size_t max_len = VARBUF_MAX_LEN; + if (p == temp_pool) + max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */ ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN); @@ -1349,7 +1355,7 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms, } } - while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN)) + while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len)) == APR_SUCCESS) { errmsg = ap_build_config_sub(p, temp_pool, vb.buf, parms, ¤t, &curr_parent, conftree); @@ -1540,10 +1546,13 @@ AP_DECLARE(const char *) ap_soak_end_container(cmd_parms *cmd, char *directive) const char *args; char *cmd_name; apr_status_t rc; + apr_size_t max_len = VARBUF_MAX_LEN; + if (cmd->pool == cmd->temp_pool) + max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */ ap_varbuf_init(cmd->temp_pool, &vb, VARBUF_INIT_LEN); - while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, VARBUF_MAX_LEN)) + while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, max_len)) == APR_SUCCESS) { #if RESOLVE_ENV_PER_TOKEN args = vb.buf; |