From 4857be84c76115c3446fc0a849d9e357e9ed2347 Mon Sep 17 00:00:00 2001 From: oes Date: Fri, 26 Jul 2002 15:18:53 +0000 Subject: [PATCH] - Bugfix: Executing a filters without jobs no longer results in turing off *all* filters. - Security fix: Malicious web servers can't cause a seg fault through bogus chunk sizes anymore --- filters.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/filters.c b/filters.c index ff70ac56..c63c4772 100644 --- a/filters.c +++ b/filters.c @@ -1,7 +1,7 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.57 2002/04/08 20:38:34 swa Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.58 2002/04/24 02:11:17 oes Exp $"; /********************************************************************* * - * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ + * File : $Source: /cvsroot/ijbswa/current/Attic/filters.c,v $ * * Purpose : Declares functions to parse/crunch headers and pages. * Functions declared include: @@ -38,6 +38,10 @@ const char filters_rcs[] = "$Id: filters.c,v 1.57 2002/04/08 20:38:34 swa Exp $" * * Revisions : * $Log: filters.c,v $ + * Revision 1.58 2002/04/24 02:11:17 oes + * Jon's multiple AF patch: url_actions now evaluates rules + * from all AFs. + * * Revision 1.57 2002/04/08 20:38:34 swa * fixed JB spelling * @@ -1311,7 +1315,7 @@ char *pcrs_filter_response(struct client_state *csp) if ( NULL == b->joblist ) { log_error(LOG_LEVEL_RE_FILTER, "Filter %s has empty joblist. Nothing to do.", b->name); - return(NULL); + continue; } log_error(LOG_LEVEL_RE_FILTER, "re_filtering %s%s (size %d) with filter %s...", @@ -1462,7 +1466,12 @@ int remove_chunked_transfer_coding(char *buffer, const size_t size) log_error(LOG_LEVEL_ERROR, "Parse error while stripping \"chunked\" transfer coding"); return(0); } - newsize += chunksize; + + if ((newsize += chunksize) >= size) + { + log_error(LOG_LEVEL_ERROR, "Chunksize exceeds buffer in \"chunked\" transfer coding"); + return(0); + } from_p += 2; memmove(to_p, from_p, (size_t) chunksize); -- 2.39.2