ben 98/05/09 08:09:31
Modified: src CHANGES
src/os/win32 mod_isapi.c
Log:
Don't force ISAPI headers to finish with \n.
PR: 2060
Submitted by: Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie
Revision Changes Path
1.839 +6 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.838
retrieving revision 1.839
diff -u -r1.838 -r1.839
--- CHANGES 1998/05/09 14:27:24 1.838
+++ CHANGES 1998/05/09 15:09:29 1.839
@@ -1,5 +1,11 @@
Changes with Apache 1.3b7
+ *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
+ [Ben Laurie]
+
+ *) WIN32: Don't force ISAPI headers to finish with \n.
+ [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
+
*) When opening "configuration" files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
device files. This closes a DoS hole. At the same time,
1.11 +19 -1 apache-1.3/src/os/win32/mod_isapi.c
Index: mod_isapi.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_isapi.c 1998/04/11 12:01:05 1.10
+++ mod_isapi.c 1998/05/09 15:09:31 1.11
@@ -85,6 +85,10 @@
/* We use the exact same header file as the original */
#include <HttpExt.h>
+/* Seems IIS does not enforce the requirement for \r\n termination on HSE_REQ_SEND_RESPONSE_HEADER,
+ define this to conform */
+#define RELAX_HEADER_RULE
+
module isapi_module;
/* Our "Connection ID" structure */
@@ -421,6 +425,10 @@
char *value, *lf = strchr(data, '\n');
int p;
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+ *lf = '\0';
+#else
if (!lf) { /* Huh? Invalid data, I think */
ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
"ISA sent invalid headers: %s", r->filename);
@@ -430,12 +438,16 @@
/* Get rid of \n and \r */
*lf = '\0';
+#endif
p = strlen(data);
if (p > 0 && data[p-1] == '\r') data[p-1] = '\0';
/* End of headers */
if (*data == '\0') {
- data = lf + 1; /* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+#endif
+ data = lf + 1; /* Reset data */
break;
}
@@ -477,6 +489,12 @@
}
/* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (!lf) {
+ data += p;
+ break;
+ }
+#endif
data = lf + 1;
}
Modified: src CHANGES
src/os/win32 mod_isapi.c
Log:
Don't force ISAPI headers to finish with \n.
PR: 2060
Submitted by: Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie
Revision Changes Path
1.839 +6 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.838
retrieving revision 1.839
diff -u -r1.838 -r1.839
--- CHANGES 1998/05/09 14:27:24 1.838
+++ CHANGES 1998/05/09 15:09:29 1.839
@@ -1,5 +1,11 @@
Changes with Apache 1.3b7
+ *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
+ [Ben Laurie]
+
+ *) WIN32: Don't force ISAPI headers to finish with \n.
+ [Jim Patterson <Jim.Patterson@Cognos.COM>, Ben Laurie] PR#2060
+
*) When opening "configuration" files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
device files. This closes a DoS hole. At the same time,
1.11 +19 -1 apache-1.3/src/os/win32/mod_isapi.c
Index: mod_isapi.c
===================================================================
RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_isapi.c 1998/04/11 12:01:05 1.10
+++ mod_isapi.c 1998/05/09 15:09:31 1.11
@@ -85,6 +85,10 @@
/* We use the exact same header file as the original */
#include <HttpExt.h>
+/* Seems IIS does not enforce the requirement for \r\n termination on HSE_REQ_SEND_RESPONSE_HEADER,
+ define this to conform */
+#define RELAX_HEADER_RULE
+
module isapi_module;
/* Our "Connection ID" structure */
@@ -421,6 +425,10 @@
char *value, *lf = strchr(data, '\n');
int p;
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+ *lf = '\0';
+#else
if (!lf) { /* Huh? Invalid data, I think */
ap_log_error(APLOG_MARK, APLOG_ERR, r->server,
"ISA sent invalid headers: %s", r->filename);
@@ -430,12 +438,16 @@
/* Get rid of \n and \r */
*lf = '\0';
+#endif
p = strlen(data);
if (p > 0 && data[p-1] == '\r') data[p-1] = '\0';
/* End of headers */
if (*data == '\0') {
- data = lf + 1; /* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+#endif
+ data = lf + 1; /* Reset data */
break;
}
@@ -477,6 +489,12 @@
}
/* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (!lf) {
+ data += p;
+ break;
+ }
+#endif
data = lf + 1;
}