CAN-2004-0493.patch

   1 Index: server/protocol.c
   2 ===================================================================
   3 RCS file: /home/cvspublic/httpd-2.0/server/protocol.c,v
   4 retrieving revision 1.148
   5 diff -u -r1.148 protocol.c
   6 --- server/protocol.c   22 Apr 2004 22:38:03 -0000      1.148
   7 +++ server/protocol.c   13 Jun 2004 19:47:36 -0000
   8 @@ -716,6 +716,23 @@
   9                   * continuations that span many many lines.
  10                   */
  11                  apr_size_t fold_len = last_len + len + 1; /* trailing null */
  12 +
  13 +                if ((fold_len - 1) > r->server->limit_req_fieldsize) {
  14 +                    r->status = HTTP_BAD_REQUEST;
  15 +                    /* report what we have accumulated so far before the
  16 +                     * overflow (last_field) as the field with the problem
  17 +                     */
  18 +                    apr_table_setn(r->notes, "error-notes",
  19 +                                   apr_pstrcat(r->pool,
  20 +                                               "Size of a request header field "
  21 +                                               "after folding "
  22 +                                               "exceeds server limit.<br />\n"
  23 +                                               "<pre>\n",
  24 +                                               ap_escape_html(r->pool, last_field),
  25 +                                               "</pre>\n", NULL));
  26 +                    return;
  27 +                }
  28 +
  29                  if (fold_len > alloc_len) {
  30                      char *fold_buf;
  31                      alloc_len += alloc_len;
  32