Blame SOURCES/httpd-2.4.6-r1651653.patch

008793
diff --git a/server/util.c b/server/util.c
008793
index e0ba5c2..a6516d4 100644
008793
--- a/server/util.c
008793
+++ b/server/util.c
008793
@@ -968,20 +968,20 @@ AP_DECLARE(const char *) ap_pcfg_strerror(apr_pool_t *p, ap_configfile_t *cfp,
008793
 /* Read one line from open ap_configfile_t, strip LF, increase line number */
008793
 /* If custom handler does not define a getstr() function, read char by char */
008793
 static apr_status_t ap_cfg_getline_core(char *buf, apr_size_t bufsize,
008793
-                                        ap_configfile_t *cfp)
008793
+                                        apr_size_t offset, ap_configfile_t *cfp)
008793
 {
008793
     apr_status_t rc;
008793
     /* If a "get string" function is defined, use it */
008793
     if (cfp->getstr != NULL) {
008793
         char *cp;
008793
-        char *cbuf = buf;
008793
-        apr_size_t cbufsize = bufsize;
008793
+        char *cbuf = buf + offset;
008793
+        apr_size_t cbufsize = bufsize - offset;
008793
 
008793
         while (1) {
008793
             ++cfp->line_number;
008793
             rc = cfp->getstr(cbuf, cbufsize, cfp->param);
008793
             if (rc == APR_EOF) {
008793
-                if (cbuf != buf) {
008793
+                if (cbuf != buf + offset) {
008793
                     *cbuf = '\0';
008793
                     break;
008793
                 }
008793
@@ -999,11 +999,11 @@ static apr_status_t ap_cfg_getline_core(char *buf, apr_size_t bufsize,
008793
              */
008793
             cp = cbuf;
008793
             cp += strlen(cp);
008793
-            if (cp > cbuf && cp[-1] == LF) {
008793
+            if (cp > buf && cp[-1] == LF) {
008793
                 cp--;
008793
-                if (cp > cbuf && cp[-1] == CR)
008793
+                if (cp > buf && cp[-1] == CR)
008793
                     cp--;
008793
-                if (cp > cbuf && cp[-1] == '\\') {
008793
+                if (cp > buf && cp[-1] == '\\') {
008793
                     cp--;
008793
                     /*
008793
                      * line continuation requested -
008793
@@ -1021,19 +1021,19 @@ static apr_status_t ap_cfg_getline_core(char *buf, apr_size_t bufsize,
008793
         }
008793
     } else {
008793
         /* No "get string" function defined; read character by character */
008793
-        apr_size_t i = 0;
008793
+        apr_size_t i = offset;
008793
 
008793
         if (bufsize < 2) {
008793
             /* too small, assume caller is crazy */
008793
             return APR_EINVAL;
008793
         }
008793
-        buf[0] = '\0';
008793
+        buf[offset] = '\0';
008793
 
008793
         while (1) {
008793
             char c;
008793
             rc = cfp->getch(&c, cfp->param);
008793
             if (rc == APR_EOF) {
008793
-                if (i > 0)
008793
+                if (i > offset)
008793
                     break;
008793
                 else
008793
                     return APR_EOF;
008793
@@ -1051,11 +1051,11 @@ static apr_status_t ap_cfg_getline_core(char *buf, apr_size_t bufsize,
008793
                     break;
008793
                 }
008793
             }
008793
-            else if (i >= bufsize - 2) {
008793
-                return APR_ENOSPC;
008793
-            }
008793
             buf[i] = c;
008793
             ++i;
008793
+            if (i >= bufsize - 1) {
008793
+                return APR_ENOSPC;
008793
+            }
008793
         }
008793
         buf[i] = '\0';
008793
     }
008793
@@ -1089,7 +1089,7 @@ static int cfg_trim_line(char *buf)
008793
 AP_DECLARE(apr_status_t) ap_cfg_getline(char *buf, apr_size_t bufsize,
008793
                                         ap_configfile_t *cfp)
008793
 {
008793
-    apr_status_t rc = ap_cfg_getline_core(buf, bufsize, cfp);
008793
+    apr_status_t rc = ap_cfg_getline_core(buf, bufsize, 0, cfp);
008793
     if (rc == APR_SUCCESS)
008793
         cfg_trim_line(buf);
008793
     return rc;
008793
@@ -1116,7 +1116,7 @@ AP_DECLARE(apr_status_t) ap_varbuf_cfg_getline(struct ap_varbuf *vb,
008793
     }
008793
 
008793
     for (;;) {
008793
-        rc = ap_cfg_getline_core(vb->buf + vb->strlen, vb->avail - vb->strlen, cfp);
008793
+        rc = ap_cfg_getline_core(vb->buf, vb->avail, vb->strlen, cfp);
008793
         if (rc == APR_ENOSPC || rc == APR_SUCCESS)
008793
             vb->strlen += strlen(vb->buf + vb->strlen);
008793
         if (rc != APR_ENOSPC)