On Fri, Nov 12, 2021 at 06:12:58PM -0000, ylavic@apache.org wrote:
> Author: ylavic
> Date: Fri Nov 12 18:12:58 2021
> New Revision: 1894982
>
> URL: http://svn.apache.org/viewvc?rev=1894982&view=rev
> Log:
> apreq_header_attribute: Search for the exact attribute name.
>
> Improve the parsing of the header attributes such that we don't match any
> special character before that attribute name (e.g. "(boundary=") or let
> forbidden characters unnoticed.
...
> + look_for_after_quote:
> + switch (*v) {
> + case 0:
> + case '\r':
> + case '\n':
> + done = 1;
> + case ';':
> + case ',':
> + break;
> + case ' ':
> + case '\t':
> + goto look_for_after_quote;
This is an infinite loop. The libapreq test suite is spinning here,
"make test" from apreq trunk.
> Author: ylavic
> Date: Fri Nov 12 18:12:58 2021
> New Revision: 1894982
>
> URL: http://svn.apache.org/viewvc?rev=1894982&view=rev
> Log:
> apreq_header_attribute: Search for the exact attribute name.
>
> Improve the parsing of the header attributes such that we don't match any
> special character before that attribute name (e.g. "(boundary=") or let
> forbidden characters unnoticed.
...
> + look_for_after_quote:
> + switch (*v) {
> + case 0:
> + case '\r':
> + case '\n':
> + done = 1;
> + case ';':
> + case ',':
> + break;
> + case ' ':
> + case '\t':
> + goto look_for_after_quote;
This is an infinite loop. The libapreq test suite is spinning here,
"make test" from apreq trunk.