Roxen.git/ server/ protocols/ http.pike

Branch: Tag:

2001-02-06

2001-02-06 12:23:32 by Johan Schön <js@opera.com>

Forward-port from 2.0. Fixed NULL-vulnerability again.

Rev: server/protocols/http.pike:1.303

2:   // Modified by Francesco Chemolli to add throttling capabilities.   // Copyright © 1996 - 2000, Roxen IS.    - constant cvs_version = "$Id: http.pike,v 1.302 2001/02/05 11:52:58 per Exp $"; + constant cvs_version = "$Id: http.pike,v 1.303 2001/02/06 12:23:32 js Exp $";   // #define REQUEST_DEBUG   #define MAGIC_ERROR   
609:    f = scan_for_query( f );    f = http_decode_string( f );    +  // f is sent to Unix API's that take NUL-terminated strings... +  if(search(f, "\0") != -1) +  sscanf(f, "%s\0", f); +     if( strlen( f ) > 5 )    {    string a;