diff -u -r httpd-orig/httpd.c httpd/httpd.c --- httpd-orig/httpd.c Thu Mar 20 03:21:27 1997 +++ httpd/httpd.c Mon Sep 2 14:12:48 2002 @@ -672,6 +672,10 @@ buf2 = buf; *buf2 = 0; do { + if (buf2 >= (buf + MYBUFSIZ - 64)) + { + return(ERR_LINE); + } if (netbufind >= netbufsiz) { TRYAGAIN: @@ -697,13 +701,15 @@ return(ERR_NONE); } if (sd == 0) + { error("503 You closed the connection!"); + } return(ERR_QUIT); } netbufind = 0; } ch = *(buf2++) = netbuf[netbufind++]; - } while ((ch != '\n') && (buf2 < (buf + MYBUFSIZ - 64))); + } while (ch != '\n'); *buf2 = 0; return(ERR_NONE); } @@ -749,11 +755,81 @@ return; } readlinemode = strncasecmp("POST", line, 4); - if (readline(0, line + 4) == ERR_QUIT) + if ((readerror = readline(0, line + 4)) == ERR_QUIT) { error("400 Unable to read request line"); return; } + else if (readerror == ERR_LINE) + { + int state = 0; + url = line; + while ((state == 0) && ((readerror == ERR_LINE) || (*url))) + { + url++; + if ((readerror == ERR_LINE) && (*url == 0)) + { + readerror = readline(0, line); + url = line; + } + if (*url <= ' ') + state = 1; + } + while ((state == 1) && ((readerror == ERR_LINE) || (*url))) + { + url++; + if ((readerror == ERR_LINE) && (*url == 0)) + { + readerror = readline(0, line); + url = line; + } + if (*url > ' ') + state = 2; + } + while ((state == 2) && ((readerror == ERR_LINE) || (*url))) + { + url++; + if ((readerror == ERR_LINE) && (*url == 0)) + { + readerror = readline(0, line); + url = line; + } + if (*url <= ' ') + state = 3; + } + while ((state == 3) && ((readerror == ERR_LINE) || (*url))) + { + url++; + if ((readerror == ERR_LINE) && (*url == 0)) + { + readerror = readline(0, line); + url = line; + } + if (*url > ' ') + state = 4; + } + if (state == 4) + { + if ((strlen(url) < 5) && (readerror == ERR_LINE)) + { + if (((readerror = readline(0, extra)) == ERR_LINE) || (readerror == ERR_NONE)) + { + char *http = "HTTP/"; + if ((!strncasecmp(url, http, strlen(url))) && + (!strncasecmp(extra, http + strlen(url), 5 - strlen(url)))) + { + headers = 1; strcpy(version, "HTTP/1.0"); + } + } + } + else if (!strncasecmp(url, "HTTP/", 5)) + { + headers = 1; strcpy(version, "HTTP/1.0"); + } + } + error("400 Request header line exceeded maximum length"); + return; + } size = strlen(line); bzero(line + size, 16); temp = orig + strlen(orig); @@ -762,15 +838,29 @@ url = line; while (*url && (*url > ' ')) url++; - *(url++) = 0; - while (*url <= ' ') - url++; + if (*url) + { + *(url++) = 0; + while (*url <= ' ') + { + url++; + if (0 == *url) + break; + } + } ver = url; while (*ver && (*ver > ' ')) ver++; - *(ver++) = 0; - while (*ver <= ' ') - ver++; + if (*ver) + { + *(ver++) = 0; + while (*ver <= ' ') + { + ver++; + if (0 == *ver) + break; + } + } temp = ver; while (*temp && (*temp > ' ')) temp++; @@ -783,11 +873,16 @@ { char *param; - if (readline(0, extra) == ERR_QUIT) + if ((readerror = readline(0, extra)) == ERR_QUIT) { error("400 Unable to read HTTP headers"); return; } + else if (readerror == ERR_LINE) + { + error("400 Request header line exceeded maximum length"); + return; + } if (extra[0] <= ' ') break; if (!(param = strchr(extra, ':'))) diff -u -r httpd-orig/httpd.h httpd/httpd.h --- httpd-orig/httpd.h Mon Dec 9 05:57:50 1996 +++ httpd/httpd.h Sun Sep 1 21:54:51 2002 @@ -8,6 +8,7 @@ #define ERR_NONE 0 #define ERR_CONT 1 #define ERR_QUIT 2 +#define ERR_LINE 3 #define MINBYTESPERSEC 32 diff -u -r httpd-orig/procname.c httpd/procname.c --- httpd-orig/procname.c Wed Jan 29 10:24:27 1997 +++ httpd/procname.c Mon Sep 2 13:35:39 2002 @@ -76,7 +76,7 @@ va_start(ap); #endif /* NONEWSTYLE */ - vsprintf(buffer, name, ap); + vsnprintf(buffer, 256, name, ap); va_end(ap); #ifdef PS_STRINGS