View | Details | Raw Unified | Return to bug 44995
Collapse All | Expand All

(-)modules/http/http_protocol.c (-9 / +21 lines)
Lines 1232-1247 Link Here
1232
        const char *h1;
1232
        const char *h1;
1233
        /* Accept a status_line set by a module, but only if it begins
1233
        /* Accept a status_line set by a module, but only if it begins
1234
         * with the 3 digit status code
1234
         * with the correct 3 digit status code
1235
         */
1235
         */
1236
        if (r->status_line != NULL
1236
        if (r->status_line) {
1237
            && strlen(r->status_line) > 4       /* long enough */
1237
            char *end;
1238
            && apr_isdigit(r->status_line[0])
1238
            int len = strlen(r->status_line);
1239
            && apr_isdigit(r->status_line[1])
1239
            if (len >= 3
1240
            && apr_isdigit(r->status_line[2])
1240
                && apr_strtoi64(r->status_line, &end, 10) == r->status
1241
            && apr_isspace(r->status_line[3])
1241
                && (end - 3) == r->status_line
1242
            && apr_isalnum(r->status_line[4])) {
1242
                && (len < 4 || apr_isspace(r->status_line[3]))
1243
            title = r->status_line;
1243
                && (len < 5 || apr_isalnum(r->status_line[4]))) {
1244
                /* Since we passed the above check, we know that length three
1245
                 * is equivalent to only a 3 digit numeric http status.
1246
                 * RFC2616 mandates a trailing space, let's add it.
1247
                 * If we have an empty reason phrase, we also add "Unknown Reason".
1248
                 */
1249
                if (len == 3) {
1250
                    r->status_line = apr_pstrcat(r->pool, r->status_line, " Unknown Reason");
1251
                } else if (len == 4) {
1252
                    r->status_line = apr_pstrcat(r->pool, r->status_line, "Unknown Reason");
1253
                }
1254
                title = r->status_line;
1255
            }
1244
        }
1256
        }
1245
        /* folks decided they didn't want the error code in the H1 text */
1257
        /* folks decided they didn't want the error code in the H1 text */

Return to bug 44995