I committed Martins patch to mod_jk a couple of minutes ago. Thanks Martin!
The Content-Type part of the patch didn't apply to mod_jk though. Regards, Rainer Jim Jagielski wrote:
Yeah, all this is being fixed in the mod_jk code as well... On Aug 30, 2007, at 6:55 AM, Martin Kraemer wrote:Hi. While looking at ajp_header.c, I realized that its method of parsing the header line tokens is flakey: it uses memcmp() to check, e.g., whether the header token is "Accept-Charset:", by uppercasing the token name (-> "ACCEPT-CHARSET"), then compares the initial "ACCEPT-" prefix, and then tests: if (memcmp(p, "CHARSET", 7) == 0) return SC_ACCEPT_CHARSET; but does not verify that the end of the token has been reached. Thus, a header Accept-CharsetXXX-Blah: utf-8 would be mistaken for an "Accept-Charset: utf-8". Same goes for a couple of other header names. The patch replaces the memcmp by a strcmp to check for the trailing NIL character, too. Also, IMO it is better to replace memcmp by strncasecmp in the test - if (memcmp(stringname, "Content-Type", 12) == 0) { + if (strncasecmp(stringname, "Content-Type", 12) == 0) { WDYT? Martin -- <[EMAIL PROTECTED]> | Fujitsu Siemens http://www.fujitsu-siemens.com/imprint.html | 81730 Munich, Germany <ajp_header.c.diff>
