An application that we are writing uses POST to send a couple hundred
bytes of arbitrary data. Whether or not this is a good idea, it
breaks a couple things in http.c
Specifically, at around line 658 (in 1.1.beta28), the line:
in_sz = strlen(hdr_in);
will calculate the incorrect size if there are any nulls in the POSTed
data. This causes it to break out of the next line's loop
prematurely.
for (t = hdr_in; t < end; t += strcspn(t, crlf), t += strspn(t,crlf)) {
hdr_len = t - hdr_in;
if (in_sz - hdr_len <= content_length)
break;
This causes hdr_len to be calculated incorrectly, which causes the
wrong data to be POSTed. This causes everyone using our program to be
upset.
While it is certainly possible to figure out how big hdr_in really is,
why is it even necessary? That loop will exit as soon as t extends
beyond "end", which is when it should.
I've eliminated that test on our local proxy, and it seems to be
working fine. I can send the trivial patch if anybody wants it.
-- Matt Ranney - mjr@ranney.com This is how I sign all my messages.Received on Tue Jul 29 2003 - 13:15:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:18 MST