Yeah, all this is being fixed in the mod_jk code as
well...
On Aug 30, 2007, at 6:55 AM, Martin Kraemer wrote:
Hi.
While looking at ajp_header.c, I realized that its method of parsing
the header line tokens is flakey: it uses memcmp() to check, e.g.,
whether the header token is "Accept-Charset:", by uppercasing the
token name (-> "ACCEPT-CHARSET"), then compares the initial "ACCEPT-"
prefix, and then tests:
if (memcmp(p, "CHARSET", 7) == 0) return SC_ACCEPT_CHARSET;
but does not verify that the end of the token has been reached.
Thus, a header
Accept-CharsetXXX-Blah: utf-8
would be mistaken for an "Accept-Charset: utf-8".
Same goes for a couple of other header names.
The patch replaces the memcmp by a strcmp to check for the trailing
NIL character, too.
Also, IMO it is better to replace memcmp by strncasecmp in the test
- if (memcmp(stringname, "Content-Type", 12) == 0) {
+ if (strncasecmp(stringname, "Content-Type", 12) == 0) {
WDYT?
Martin
--
<[EMAIL PROTECTED]> | Fujitsu Siemens
http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany
<ajp_header.c.diff>
