Lines 224-229
AP_DECLARE(apr_status_t) ap_rgetline_core(char **s
Link Here
|
224 |
int do_alloc = (*s == NULL), saw_eos = 0; |
224 |
int do_alloc = (*s == NULL), saw_eos = 0; |
225 |
int fold = flags & AP_GETLINE_FOLD; |
225 |
int fold = flags & AP_GETLINE_FOLD; |
226 |
int crlf = flags & AP_GETLINE_CRLF; |
226 |
int crlf = flags & AP_GETLINE_CRLF; |
|
|
227 |
int nospc_eol = flags & AP_GETLINE_NOSPC_EOL; |
228 |
int saw_eol = 0, saw_nospc = 0; |
227 |
|
229 |
|
228 |
if (!n) { |
230 |
if (!n) { |
229 |
/* Needs room for NUL byte at least */ |
231 |
/* Needs room for NUL byte at least */ |
Lines 239-245
AP_DECLARE(apr_status_t) ap_rgetline_core(char **s
Link Here
|
239 |
if (last_char) |
241 |
if (last_char) |
240 |
*last_char = '\0'; |
242 |
*last_char = '\0'; |
241 |
|
243 |
|
242 |
for (;;) { |
244 |
do { |
243 |
apr_brigade_cleanup(bb); |
245 |
apr_brigade_cleanup(bb); |
244 |
rv = ap_get_brigade(r->proto_input_filters, bb, AP_MODE_GETLINE, |
246 |
rv = ap_get_brigade(r->proto_input_filters, bb, AP_MODE_GETLINE, |
245 |
APR_BLOCK_READ, 0); |
247 |
APR_BLOCK_READ, 0); |
Lines 283-290
AP_DECLARE(apr_status_t) ap_rgetline_core(char **s
Link Here
|
283 |
|
285 |
|
284 |
/* Would this overrun our buffer? If so, we'll die. */ |
286 |
/* Would this overrun our buffer? If so, we'll die. */ |
285 |
if (n < bytes_handled + len) { |
287 |
if (n < bytes_handled + len) { |
286 |
rv = APR_ENOSPC; |
288 |
/* Before we die, let's fill the buffer up to its limit (i.e. |
287 |
goto cleanup; |
289 |
* fall through with the remaining length, if any), setting |
|
|
290 |
* saw_eol on LF to stop the outer loop appropriately; we may |
291 |
* come back here once the buffer is filled (no LF seen), and |
292 |
* either be done at that time or continue to wait for LF here |
293 |
* if nospc_eol is set. |
294 |
* |
295 |
* But there is also a corner cases which we want to address, |
296 |
* namely if the buffer is overrun by the final LF only (i.e. |
297 |
* the CR fits in); this is not really an overrun since we'll |
298 |
* strip the CR finally (and use it for NUL byte), but anyway |
299 |
* we have to handle the case so that it's not returned to the |
300 |
* caller as part of the truncated line (it's not!). This is |
301 |
* easier to consider that LF is out of counting and thus fall |
302 |
* through with no error (saw_eol is set to 2 so that we later |
303 |
* ignore LF handling already done here), while folding and |
304 |
* nospc_eol logics continue to work (or fail) appropriately. |
305 |
*/ |
306 |
saw_eol = (str[len - 1] == APR_ASCII_LF); |
307 |
if (/* First time around */ |
308 |
saw_eol && !saw_nospc |
309 |
/* Single LF completing the buffered CR, */ |
310 |
&& ((len == 1 && ((*s)[bytes_handled - 1] == APR_ASCII_CR)) |
311 |
/* or trailing CRLF overuns by LF only */ |
312 |
|| (len > 1 && str[len - 2] == APR_ASCII_CR |
313 |
&& n - bytes_handled + 1 == len))) { |
314 |
/* In both cases *last_char is (to be) the CR stripped by |
315 |
* later 'bytes_handled = last_char - *s'. |
316 |
*/ |
317 |
saw_eol = 2; |
318 |
} |
319 |
else { |
320 |
/* In any other case we'd lose data. */ |
321 |
rv = APR_ENOSPC; |
322 |
saw_nospc = 1; |
323 |
} |
324 |
len = n - bytes_handled; |
325 |
if (!len) { |
326 |
if (saw_eol) { |
327 |
break; |
328 |
} |
329 |
if (nospc_eol) { |
330 |
continue; |
331 |
} |
332 |
goto cleanup; |
333 |
} |
288 |
} |
334 |
} |
289 |
|
335 |
|
290 |
/* Do we have to handle the allocation ourselves? */ |
336 |
/* Do we have to handle the allocation ourselves? */ |
Lines 323-341
AP_DECLARE(apr_status_t) ap_rgetline_core(char **s
Link Here
|
323 |
|
369 |
|
324 |
/* If we got a full line of input, stop reading */ |
370 |
/* If we got a full line of input, stop reading */ |
325 |
if (last_char && (*last_char == APR_ASCII_LF)) { |
371 |
if (last_char && (*last_char == APR_ASCII_LF)) { |
326 |
break; |
372 |
saw_eol = 1; |
327 |
} |
373 |
} |
|
|
374 |
} while (!saw_eol); |
375 |
|
376 |
if (rv != APR_SUCCESS) { |
377 |
/* End of line after APR_ENOSPC above */ |
378 |
goto cleanup; |
328 |
} |
379 |
} |
329 |
|
380 |
|
330 |
/* Now terminate the string at the end of the line; |
381 |
/* Now terminate the string at the end of the line; |
331 |
* if the last-but-one character is a CR, terminate there */ |
382 |
* if the last-but-one character is a CR, terminate there. |
332 |
if (last_char > *s && last_char[-1] == APR_ASCII_CR) { |
383 |
* LF is handled above (not accounted) when saw_eol == 2, |
333 |
last_char--; |
384 |
* the last char is CR to terminate at still. |
|
|
385 |
*/ |
386 |
if (saw_eol < 2) { |
387 |
if (last_char > *s && last_char[-1] == APR_ASCII_CR) { |
388 |
last_char--; |
389 |
} |
390 |
else if (crlf) { |
391 |
rv = APR_EINVAL; |
392 |
goto cleanup; |
393 |
} |
334 |
} |
394 |
} |
335 |
else if (crlf) { |
|
|
336 |
rv = APR_EINVAL; |
337 |
goto cleanup; |
338 |
} |
339 |
bytes_handled = last_char - *s; |
395 |
bytes_handled = last_char - *s; |
340 |
|
396 |
|
341 |
/* If we're folding, we have more work to do. |
397 |
/* If we're folding, we have more work to do. |
Lines 443-464
cleanup:
Link Here
|
443 |
if (bytes_handled >= n) { |
499 |
if (bytes_handled >= n) { |
444 |
bytes_handled = n - 1; |
500 |
bytes_handled = n - 1; |
445 |
} |
501 |
} |
|
|
502 |
|
503 |
*read = bytes_handled; |
446 |
if (*s) { |
504 |
if (*s) { |
447 |
/* ensure the string is NUL terminated */ |
505 |
/* ensure the string is NUL terminated */ |
448 |
(*s)[bytes_handled] = '\0'; |
506 |
(*s)[*read] = '\0'; |
449 |
} |
|
|
450 |
*read = bytes_handled; |
451 |
|
507 |
|
452 |
if (rv != APR_SUCCESS) { |
508 |
/* PR#43039: We shouldn't accept NULL bytes within the line */ |
453 |
return rv; |
509 |
bytes_handled = strlen(*s); |
|
|
510 |
if (bytes_handled < *read) { |
511 |
*read = bytes_handled; |
512 |
if (rv == APR_SUCCESS) { |
513 |
rv = APR_EINVAL; |
514 |
} |
515 |
} |
454 |
} |
516 |
} |
455 |
|
517 |
return rv; |
456 |
/* PR#43039: We shouldn't accept NULL bytes within the line */ |
|
|
457 |
if (strlen(*s) < bytes_handled) { |
458 |
return APR_EINVAL; |
459 |
} |
460 |
|
461 |
return APR_SUCCESS; |
462 |
} |
518 |
} |
463 |
|
519 |
|
464 |
#if APR_CHARSET_EBCDIC |
520 |
#if APR_CHARSET_EBCDIC |