On Fri, Apr 4, 2014 at 4:30 PM, <[email protected]> wrote: > Author: jailletc36 > Date: Fri Apr 4 20:30:38 2014 > New Revision: 1584896 > > URL: http://svn.apache.org/r1584896 > Log: > Do not perform a p+= 7 that could go past the end of the buffer in case we > find a 'content' without a corresponding '='. >
Does this fix a crash or a parsing error or ...? (CHANGES) > > Should we need to deal with this case, a new search should be performed to > find the real starting position of another potential 'content=' pattern. > > Modified: > httpd/httpd/trunk/modules/filters/mod_proxy_html.c > > Modified: httpd/httpd/trunk/modules/filters/mod_proxy_html.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_proxy_html.c?rev=1584896&r1=1584895&r2=1584896&view=diff > > ============================================================================== > --- httpd/httpd/trunk/modules/filters/mod_proxy_html.c (original) > +++ httpd/httpd/trunk/modules/filters/mod_proxy_html.c Fri Apr 4 20:30:38 > 2014 > @@ -672,8 +672,9 @@ static meta *metafix(request_rec *r, con > p += 7; > while (apr_isspace(*p)) > ++p; > + /* XXX Should we search for another content= pattern? > */ > if (*p != '=') > - continue; > + break; > while (*p && apr_isspace(*++p)); > if ((*p == '\'') || (*p == '"')) { > delim = *p++; > > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
