diff options
| author | Chad Loder <cloder@cvs.openbsd.org> | 2003-02-17 03:14:34 +0000 |
|---|---|---|
| committer | Chad Loder <cloder@cvs.openbsd.org> | 2003-02-17 03:14:34 +0000 |
| commit | 98266100c5040e369aae7b749e0f03a0abff35db (patch) | |
| tree | 14a3fe6ee9a912fcd07f8ed1eaed785025d91ea2 /usr.sbin/httpd | |
| parent | ecebaec0fd1a08a0975b8f756936722a40ae03a6 (diff) | |
Add hyphens to boundary ID to make it not pure base64. This means that
the boundary could never ever be accidentally matched inside base64
data. Based on conversation with markus@, deraadt@, henning@. OK
deraadt@, henning@
Diffstat (limited to 'usr.sbin/httpd')
| -rw-r--r-- | usr.sbin/httpd/src/main/http_protocol.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c index b7beb3c4edd..85b5a7c6db8 100644 --- a/usr.sbin/httpd/src/main/http_protocol.c +++ b/usr.sbin/httpd/src/main/http_protocol.c @@ -340,7 +340,9 @@ API_EXPORT(int) ap_set_byterange(request_rec *r) bbuf = ap_palloc(r->pool, ap_base64encode_len(sizeof(rbuf))); ap_base64encode(bbuf, (const unsigned char *)rbuf, sizeof(rbuf)); for (b = bbuf; *b != '\0'; b++) { - if (!isalnum(*b)) + if (((b - bbuf) + 1) % 7 == 0) + *b = '-'; + else if (!isalnum(*b)) *b = 'a'; } |