Commit a2e1ec4e authored by Aaron Bannert's avatar Aaron Bannert
Browse files

Fix a big memory leak bug related to arbitrarily large header lines. 

The core input filter would happily consume all the data you gave it
in a header line, looking for that one LF. This patch limits that
"getline" functionality to HUGE_STRING_LEN (8192 bytes).


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91711 13f79535-47bb-0310-9956-ffa450edef68
parent 06d2a4c8

server/core.c

+5 −0
Original line number Diff line number Diff line
@@ -2936,6 +2936,11 @@ static int core_input_filter(ap_filter_t *f, apr_bucket_brigade *b, ap_input_mod 
        APR_BUCKET_REMOVE(e);

        APR_BRIGADE_INSERT_TAIL(b, e);

        *readbytes += len;

        /* We didn't find an APR_ASCII_LF within the predefined maximum

         * line length. */

        if (len >= HUGE_STRING_LEN) {

            return -1;

        }

    }



    return APR_SUCCESS;