diff options
| author | Stefan Fritsch <sf@apache.org> | 2011-12-12 18:50:33 +0100 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2011-12-12 18:50:33 +0100 |
| commit | 91ce790cd3bda7b225671340c6637d345b688e74 (patch) | |
| tree | fc63446ea3bf78a4f2b3b12d1e4c7d6428c7127e /include | |
| parent | Fix names of unary operators like '-s' being compared case insensitively. (diff) | |
| download | apache2-91ce790cd3bda7b225671340c6637d345b688e74.tar.xz apache2-91ce790cd3bda7b225671340c6637d345b688e74.zip | |
Limit length of lines in .htaccess to 8K again, to reduce DoS potential.
Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1213338 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'include')
| -rw-r--r-- | include/http_config.h | 6 | ||||
| -rw-r--r-- | include/util_varbuf.h | 4 |
2 files changed, 7 insertions, 3 deletions
diff --git a/include/http_config.h b/include/http_config.h index 649f4f6baf..40f0721443 100644 --- a/include/http_config.h +++ b/include/http_config.h @@ -818,6 +818,8 @@ AP_DECLARE(const char *) ap_pcfg_strerror(apr_pool_t *p, ap_configfile_t *cfp, * @param cmd The cmd_parms to pass to the directives inside the container * @param directive The directive name to read until * @return Error string on failure, NULL on success + * @note If cmd->pool == cmd->temp_pool, ap_soak_end_container() will assume + * .htaccess context and use a lower maximum line length. */ AP_DECLARE(const char *) ap_soak_end_container(cmd_parms *cmd, char *directive); @@ -831,6 +833,8 @@ AP_DECLARE(const char *) ap_soak_end_container(cmd_parms *cmd, char *directive); * @param curr_parent The current parent node * @param orig_directive The directive to read until hit. * @return Error string on failure, NULL on success + * @note If p == temp_pool, ap_build_cont_config() will assume .htaccess + * context and use a lower maximum line length. */ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p, apr_pool_t *temp_pool, @@ -846,6 +850,8 @@ AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p, * @param temp_pool The temporary pool * @param conftree Place to store the root node of the config tree * @return Error string on erro, NULL otherwise + * @note If conf_pool == temp_pool, ap_build_config() will assume .htaccess + * context and use a lower maximum line length. */ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms, apr_pool_t *conf_pool, diff --git a/include/util_varbuf.h b/include/util_varbuf.h index 24aa088ef0..cb5346f954 100644 --- a/include/util_varbuf.h +++ b/include/util_varbuf.h @@ -151,10 +151,8 @@ AP_DECLARE(apr_status_t) ap_varbuf_regsub(struct ap_varbuf *vb, /** Read a line from an ap_configfile_t into an ap_varbuf. * @param vb pointer to the ap_varbuf struct * @param cfg pointer to the ap_configfile_t - * @param max_len (soft) limit for the size of the buffer + * @param max_len maximum line length, including leading/trailing whitespace * @return see ap_cfg_getline() - * @note The buffer will not be grown once it has reached at least max_len - * bytes. This means that the returned line can be longer than max_len. * @note vb->strlen will be set to the length of the line */ AP_DECLARE(apr_status_t) ap_varbuf_cfg_getline(struct ap_varbuf *vb, |