Hi.
While looking at ajp_header.c, I realized that its method of parsing
the header line tokens is flakey: it uses memcmp() to check, e.g.,
whether the header token is "Accept-Charset:", by uppercasing the
token name (-> "ACCEPT-CHARSET"), then compares the initial "ACCEPT-"
prefix, and then tests:
if (memcmp(p, "CHARSET", 7) == 0) return SC_ACCEPT_CHARSET;
but does not verify that the end of the token has been reached.
Thus, a header
Accept-CharsetXXX-Blah: utf-8
would be mistaken for an "Accept-Charset: utf-8".
Same goes for a couple of other header names.
The patch replaces the memcmp by a strcmp to check for the trailing
NIL character, too.
Also, IMO it is better to replace memcmp by strncasecmp in the test
- if (memcmp(stringname, "Content-Type", 12) == 0) {
+ if (strncasecmp(stringname, "Content-Type", 12) == 0) {
WDYT?
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
Index: modules/proxy/ajp_header.c
===================================================================
--- modules/proxy/ajp_header.c (Revision 571103)
+++ modules/proxy/ajp_header.c (Arbeitskopie)
@@ -51,7 +51,7 @@
const char *p = header_name;
int i = 0;
- /* ACCEPT-LANGUAGE is the longest headeer
+ /* ACCEPT-LANGUAGE is the longest header
* that is of interest.
*/
if (len < 4 || len > 15)
@@ -69,11 +69,11 @@
return SC_ACCEPT;
else if (header[6] == '-') {
p += 6;
- if (memcmp(p, "CHARSET", 7) == 0)
+ if (strcmp(p, "CHARSET") == 0)
return SC_ACCEPT_CHARSET;
- else if (memcmp(p, "ENCODING", 8) == 0)
+ else if (strcmp(p, "ENCODING") == 0)
return SC_ACCEPT_ENCODING;
- else if (memcmp(p, "LANGUAGE", 8) == 0)
+ else if (strcmp(p, "LANGUAGE") == 0)
return SC_ACCEPT_LANGUAGE;
else
return UNKNOWN_METHOD;
@@ -81,45 +81,45 @@
else
return UNKNOWN_METHOD;
}
- else if (memcmp(p, "UTHORIZATION", 12) == 0)
+ else if (strcmp(p, "UTHORIZATION") == 0)
return SC_AUTHORIZATION;
else
return UNKNOWN_METHOD;
break;
case 'C':
- if(memcmp(p, "OOKIE2", 6) == 0)
+ if(strcmp(p, "OOKIE2") == 0)
return SC_COOKIE2;
- else if (memcmp(p, "OOKIE", 5) == 0)
+ else if (strcmp(p, "OOKIE") == 0)
return SC_COOKIE;
- else if(memcmp(p, "ONNECTION", 9) == 0)
+ else if(strcmp(p, "ONNECTION") == 0)
return SC_CONNECTION;
- else if(memcmp(p, "ONTENT-TYPE", 11) == 0)
+ else if(strcmp(p, "ONTENT-TYPE") == 0)
return SC_CONTENT_TYPE;
- else if(memcmp(p, "ONTENT-LENGTH", 13) == 0)
+ else if(strcmp(p, "ONTENT-LENGTH") == 0)
return SC_CONTENT_LENGTH;
else
return UNKNOWN_METHOD;
break;
case 'H':
- if(memcmp(p, "OST", 3) == 0)
+ if(strcmp(p, "OST") == 0)
return SC_HOST;
else
return UNKNOWN_METHOD;
break;
case 'P':
- if(memcmp(p, "RAGMA", 5) == 0)
+ if(strcmp(p, "RAGMA") == 0)
return SC_PRAGMA;
else
return UNKNOWN_METHOD;
break;
case 'R':
- if(memcmp(p, "EFERER", 6) == 0)
+ if(strcmp(p, "EFERER") == 0)
return SC_REFERER;
else
return UNKNOWN_METHOD;
break;
case 'U':
- if(memcmp(p, "SER-AGENT", 9) == 0)
+ if(strcmp(p, "SER-AGENT") == 0)
return SC_USER_AGENT;
else
return UNKNOWN_METHOD;
@@ -558,7 +558,7 @@
apr_table_add(r->headers_out, stringname, value);
/* Content-type needs an additional handling */
- if (memcmp(stringname, "Content-Type", 12) == 0) {
+ if (strncasecmp(stringname, "Content-Type", 12) == 0) {
/* add corresponding filter */
ap_set_content_type(r, apr_pstrdup(r->pool, value));
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
