cvs commit: apache-1.3/src/os/win32 mod_isapi.c

9 May 1998 15:09:33 -0000 

ben         98/05/09 08:09:31

  Modified:    src      CHANGES
               src/os/win32 mod_isapi.c
  Log:
  Don't force ISAPI headers to finish with \n.
  PR: 2060
  Submitted by: Jim Patterson <[EMAIL PROTECTED]>, Ben Laurie
  
  Revision  Changes    Path
  1.839     +6 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.838
  retrieving revision 1.839
  diff -u -r1.838 -r1.839
  --- CHANGES   1998/05/09 14:27:24     1.838
  +++ CHANGES   1998/05/09 15:09:29     1.839
  @@ -1,5 +1,11 @@
   Changes with Apache 1.3b7
   
  +  *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
  +     [Ben Laurie]
  +
  +  *) WIN32: Don't force ISAPI headers to finish with \n.
  +     [Jim Patterson <[EMAIL PROTECTED]>, Ben Laurie] PR#2060
  +
     *) When opening "configuration" files (like httpd.conf, htaccess
        and htpasswd), Apache will not allow them to be non-/dev/null
        device files. This closes a DoS hole. At the same time,
  
  
  
  1.11      +19 -1     apache-1.3/src/os/win32/mod_isapi.c
  
  Index: mod_isapi.c
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- mod_isapi.c       1998/04/11 12:01:05     1.10
  +++ mod_isapi.c       1998/05/09 15:09:31     1.11
  @@ -85,6 +85,10 @@
   /* We use the exact same header file as the original */
   #include <HttpExt.h>
   
  +/* Seems IIS does not enforce the requirement for \r\n termination on 
HSE_REQ_SEND_RESPONSE_HEADER,
  +   define this to conform */
  +#define RELAX_HEADER_RULE
  +
   module isapi_module;
   
   /* Our "Connection ID" structure */
  @@ -421,6 +425,10 @@
            char *value, *lf = strchr(data, '\n');
            int p;
   
  +#ifdef RELAX_HEADER_RULE
  +         if (lf)
  +             *lf = '\0';
  +#else
            if (!lf) { /* Huh? Invalid data, I think */
                ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
                            "ISA sent invalid headers: %s", r->filename);
  @@ -430,12 +438,16 @@
   
            /* Get rid of \n and \r */
            *lf = '\0';
  +#endif
            p = strlen(data);
            if (p > 0 && data[p-1] == '\r') data[p-1] = '\0';
            
            /* End of headers */
            if (*data == '\0') {
  -             data = lf + 1;  /* Reset data */
  +#ifdef RELAX_HEADER_RULE
  +             if (lf)
  +#endif
  +                 data = lf + 1;      /* Reset data */
                break;
            }
   
  @@ -477,6 +489,12 @@
            }
          
            /* Reset data */
  +#ifdef RELAX_HEADER_RULE
  +         if (!lf) {
  +             data += p;
  +             break;
  +         }
  +#endif
            data = lf + 1;
        }

Reply via email to