From f13a88ac1330f81b692a565156bf5d5a8fa78d15 Mon Sep 17 00:00:00 2001 From: George Wang Date: Wed, 25 Feb 2015 10:48:19 -0500 Subject: Fixed a bug that header value is not terminated by '\0' when accessed through getenv(). --- sapi/litespeed/lsapilib.c | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) (limited to 'sapi') diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c index 039d91dcd9..699e86398a 100644 --- a/sapi/litespeed/lsapilib.c +++ b/sapi/litespeed/lsapilib.c @@ -1390,10 +1390,12 @@ char * LSAPI_GetHeader_r( LSAPI_Request * pReq, int headerIndex ) off = pReq->m_pHeaderIndex->m_headerOff[ headerIndex ]; if ( !off ) return NULL; - if ( *(pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) - *( pReq->m_pHttpHeader + off + - pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + if ( *(pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) ) + { + *( pReq->m_pHttpHeader + off + + pReq->m_pHeaderIndex->m_headerLen[ headerIndex ]) = 0; + } return pReq->m_pHttpHeader + off; } @@ -1830,12 +1832,21 @@ ssize_t LSAPI_Write_Stderr_r( LSAPI_Request * pReq, const char * pBuf, size_t le static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) { int i; + char * pValue; for( i = 0; i < H_TRANSFER_ENCODING; ++i ) { if ( pReq->m_pHeaderIndex->m_headerOff[i] ) { if ( strcmp( name, CGI_HEADERS[i] ) == 0 ) - return pReq->m_pHttpHeader + pReq->m_pHeaderIndex->m_headerOff[i]; + { + pValue = pReq->m_pHttpHeader + + pReq->m_pHeaderIndex->m_headerOff[i]; + if ( *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) != '\0') + { + *(pValue + pReq->m_pHeaderIndex->m_headerLen[i]) = '\0'; + } + return pValue; + } } } if ( pReq->m_pHeader->m_cntUnknownHeaders > 0 ) @@ -1862,7 +1873,15 @@ static char * GetHeaderVar( LSAPI_Request * pReq, const char * name ) ++p; ++pKey; } if (( pKey == pKeyEnd )&& (!*p )) - return pReq->m_pHttpHeader + pCur->valueOff; + { + pValue = pReq->m_pHttpHeader + pCur->valueOff; + + if ( *(pValue + pCur->valueLen) != '\0') + { + *(pValue + pCur->valueLen) = '\0'; + } + return pValue; + } ++pCur; } } -- cgit v1.2.1