Hi Sasha, On Fri, May 23, 2014 at 06:50:05PM -0600, Sasha Pachev wrote: > I have made some progress here, and was just > about to call exp_replace() when I realized it does not have a way to > protect against the destination buffer overrun. Would it be OK if I > added the protection?
Hmm that's really interesting and is directly related to the growing feature set. Initially, config file lines were very limited and since we used to reserve half of a buffer for rewrites, it was technically not possible to overflow the buffer. Now we have many more possibilities, we can copy certs in headers, support long lines, we reserve less, etc... Thus in practice, it is theorically possible to write some heavy rewrite rules that can overflow the request or response buffer. So yes, please see what you can do to avoid this, and propose that fix as a separate patch tagged "BUG". Thanks! Willy
