[Libevent-users] [patch] 1.3c bug in evhttp_add_header()
Charles Kerr
charles at rebelbase.com
Mon Aug 13 23:55:04 EDT 2007
1.3c's evhttp_add_header() function has a pretty nasty bug that
can cause valid headers to be rejected out of hand, and also can
cause parsing of incoming messages to fail. The problem is
that strchr() is being passed two strings, rather than a string
and a character.
--- http.c.bak 2007-08-13 22:51:30.000000000 -0500
+++ http.c 2007-08-13 22:51:44.000000000 -0500
@@ -1122,7 +1122,7 @@
{
struct evkeyval *header;
- if (strchr(value, "\r") != NULL || strchr(value, "\n") != NULL) {
+ if (strchr(value, '\r') != NULL || strchr(value, '\n') != NULL) {
/* drop illegal headers */
return (-1);
}
cheers,
Charles
More information about the Libevent-users
mailing list