www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-08 15:02:10 +03:00
Code Activity

Drop ap_body_to_table due to missing constraints; a DoS waiting

Browse Source 
for an exploit.

Some mod_lua fan aught to revisit this and provide a sensible
implementation.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@953203 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
William A. Rowe Jr
2010-06-10 03:02:07 +00:00
parent ed766d823a
commit 7716d3c3e3
5 changed files with 3 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
modules/lua/mod_lua.c
View File

@@ -373,7 +373,7 @@ static const char *direct_chunkreader(lua_State *lvm, void *udata,
for (p = ctx->buf; isspace(*p); ++p);
if (p[0] == '<' && p[1] == '/') {
int i = 0;
apr_size_t i = 0;
while (i < strlen(ctx->endstr)) {
if (tolower(p[i + 2]) != ctx->endstr[i])
return ctx->buf;