diff options
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | server/protocol.c | 7 |
2 files changed, 8 insertions, 3 deletions
@@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) ap_get_mime_headers_core: allocate space for the trailing null + when folding is in effect. + PR 18170 [Peter Mayne <PeterMayne@SPAM_SUX.ap.spherion.com>] + *) Do not bypass output filters when redirecting subrequests internally. PR 17629. [André Malo] diff --git a/server/protocol.c b/server/protocol.c index 84c17338e0..e23ad88ac1 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -798,11 +798,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb * doing O(n) allocs and using O(n^2) space for * continuations that span many many lines. */ - if (last_len + len > alloc_len) { + apr_size_t fold_len = last_len + len + 1; /* trailing null */ + if (fold_len > alloc_len) { char *fold_buf; alloc_len += alloc_len; - if (last_len + len > alloc_len) { - alloc_len = last_len + len; + if (fold_len > alloc_len) { + alloc_len = fold_len; } fold_buf = (char *)apr_palloc(r->pool, alloc_len); memcpy(fold_buf, last_field, last_len); |