1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
This patch fixes a possible denial of service attack that could
result in httpd processes using a large amount of CPU on your
system when requests with many '/'s are made.
Index: util.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/util.c,v
retrieving revision 1.79
retrieving revision 1.80
diff -c -r1.79 -r1.80
*** util.c 1997/12/30 15:10:49 1.79
--- util.c 1997/12/30 19:03:18 1.80
***************
*** 366,379 ****
API_EXPORT(void) no2slash(char *name)
{
! register int x, y;
! for (x = 0; name[x];)
! if (x && (name[x - 1] == '/') && (name[x] == '/'))
! for (y = x + 1; name[y - 1]; y++)
! name[y - 1] = name[y];
! else
! x++;
}
--- 366,385 ----
API_EXPORT(void) no2slash(char *name)
{
! char *d, *s;
! s = d = name;
! while (*s) {
! if ((*d++ = *s) == '/') {
! do {
! ++s;
! } while (*s == '/');
! }
! else {
! ++s;
! }
! }
! *d = '\0';
}
|
