* squid-2.2.STABLE5.http_reply_null_character.patch *

Wed Feb  2 22:33:59 CET 2000
Modified Files in squid/src
	http.c structs.h 

Squid failed to recongnise the end of the reply headers if the headers
contained null characters.

-----------------------------------------------------------------

Index: squid/src/http.c
diff -u squid/src/http.c:1.1.1.38.2.11 squid/src/http.c:1.1.1.38.2.12
--- squid/src/http.c:1.1.1.38.2.11	Wed Feb  2 22:21:16 2000
+++ squid/src/http.c	Wed Feb  2 22:33:58 2000
@@ -314,10 +314,12 @@
     if (httpState->reply_hdr == NULL)
 	httpState->reply_hdr = memAllocate(MEM_8K_BUF);
     assert(httpState->reply_hdr_state == 0);
-	hdr_len = strlen(httpState->reply_hdr);
+	hdr_len = httpState->reply_hdr_size;
 	room = 8191 - hdr_len;
-	strncat(httpState->reply_hdr, buf, room < size ? room : size);
+	memcpy(httpState->reply_hdr + hdr_len, buf, room < size ? room : size);
 	hdr_len += room < size ? room : size;
+	httpState->reply_hdr[hdr_len] = '\0';
+	httpState->reply_hdr_size = hdr_len;
 	if (hdr_len > 4 && strncmp(httpState->reply_hdr, "HTTP/", 5)) {
 	    debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr);
 	    httpState->reply_hdr_state += 2;
@@ -327,9 +329,17 @@
 	t = httpState->reply_hdr + hdr_len;
 	/* headers can be incomplete only if object still arriving */
 	if (!httpState->eof) {
-	    size_t k = headersEnd(httpState->reply_hdr, 8192);
-	    if (0 == k)
-		return;		/* headers not complete */
+	    size_t k = headersEnd(httpState->reply_hdr, hdr_len);
+	    if (0 == k) {
+		if (hdr_len >= 8191 || room == 0) {
+		    debug(11, 3) ("httpProcessReplyHeader: Too large HTTP header: '%s'\n", httpState->reply_hdr);
+		    httpState->reply_hdr_state += 2;
+		    reply->sline.status = HTTP_INVALID_HEADER;
+		    return;
+		} else {
+		    return;		/* headers not complete */
+		}
+	    }
 	    t = httpState->reply_hdr + k;
 	}
 	*t = '\0';
Index: squid/src/structs.h
diff -u squid/src/structs.h:1.1.1.41.2.14 squid/src/structs.h:1.1.1.41.2.15
--- squid/src/structs.h:1.1.1.41.2.14	Sat Nov 27 01:16:44 1999
+++ squid/src/structs.h	Wed Feb  2 22:33:59 2000
@@ -725,6 +725,7 @@
     StoreEntry *entry;
     request_t *request;
     char *reply_hdr;
+    size_t reply_hdr_size;
     int reply_hdr_state;
     peer *peer;			/* peer request made to */
     int eof;			/* reached end-of-object? */