You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2016/08/29 13:47:27 UTC
svn commit: r1758226 - in /httpd/httpd/trunk: include/http_core.h
server/core.c server/protocol.c
Author: wrowe
Date: Mon Aug 29 13:47:27 2016
New Revision: 1758226
URL: http://svn.apache.org/viewvc?rev=1758226&view=rev
Log:
Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll.
This choice is unanimous, although StrictURI (a different RFC) still hasn't
found absolute concensus.
An ap_mmn bump will follow (major, this removes a struct elt)
Modified:
httpd/httpd/trunk/include/http_core.h
httpd/httpd/trunk/server/core.c
httpd/httpd/trunk/server/protocol.c
Modified: httpd/httpd/trunk/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/http_core.h?rev=1758226&r1=1758225&r2=1758226&view=diff
==============================================================================
--- httpd/httpd/trunk/include/http_core.h (original)
+++ httpd/httpd/trunk/include/http_core.h Mon Aug 29 13:47:27 2016
@@ -739,11 +739,6 @@ typedef struct {
#define AP_HTTP_CONFORMANCE_STRICT 2
char http_conformance;
-#define AP_HTTP_WHITESPACE_UNSET 0
-#define AP_HTTP_WHITESPACE_UNSAFE 1
-#define AP_HTTP_WHITESPACE_STRICT 2
- char http_whitespace;
-
#define AP_HTTP_METHODS_UNSET 0
#define AP_HTTP_METHODS_LENIENT 1
#define AP_HTTP_METHODS_REGISTERED 2
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1758226&r1=1758225&r2=1758226&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Mon Aug 29 13:47:27 2016
@@ -536,9 +536,6 @@ static void *merge_core_server_configs(a
if (virt->http_stricturi != AP_HTTP_URI_UNSET)
conf->http_stricturi = virt->http_stricturi;
- if (virt->http_whitespace != AP_HTTP_WHITESPACE_UNSET)
- conf->http_whitespace = virt->http_whitespace;
-
if (virt->http_methods != AP_HTTP_METHODS_UNSET)
conf->http_methods = virt->http_methods;
@@ -4038,10 +4035,6 @@ static const char *set_http_protocol_opt
conf->http_stricturi |= AP_HTTP_URI_STRICT;
else if (strcasecmp(arg, "unsafeuri") == 0)
conf->http_stricturi |= AP_HTTP_URI_UNSAFE;
- else if (strcasecmp(arg, "strictwhitespace") == 0)
- conf->http_whitespace |= AP_HTTP_WHITESPACE_STRICT;
- else if (strcasecmp(arg, "unsafewhitespace") == 0)
- conf->http_whitespace |= AP_HTTP_WHITESPACE_UNSAFE;
else if (strcasecmp(arg, "registeredmethods") == 0)
conf->http_methods |= AP_HTTP_METHODS_REGISTERED;
else if (strcasecmp(arg, "lenientmethods") == 0)
@@ -4050,7 +4043,6 @@ static const char *set_http_protocol_opt
return "HttpProtocolOptions accepts "
"'Unsafe' or 'Strict' (default), "
"'UnsafeURI' or 'StrictURI' (default), "
- "'UnsafeWhitespace' or 'StrictWhitespace' (default), "
"'RegisteredMethods' or 'LenientMethods' (default), and "
"'Require1.0' or 'Allow0.9' (default)";
@@ -4069,11 +4061,6 @@ static const char *set_http_protocol_opt
return "HttpProtocolOptions 'Strict' and 'Unsafe'"
" are mutually exclusive";
- if ((conf->http_whitespace & AP_HTTP_WHITESPACE_STRICT)
- && (conf->http_whitespace & AP_HTTP_WHITESPACE_UNSAFE))
- return "HttpProtocolOptions 'StrictWhitespace' and 'UnsafeWhitespace'"
- " are mutually exclusive";
-
if ((conf->http_methods & AP_HTTP_METHODS_REGISTERED)
&& (conf->http_methods & AP_HTTP_METHODS_LENIENT))
return "HttpProtocolOptions 'RegisteredMethods' and 'LenientMethods'"
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1758226&r1=1758225&r2=1758226&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Mon Aug 29 13:47:27 2016
@@ -583,7 +583,6 @@ static int read_request_line(request_rec
core_server_config *conf = ap_get_core_module_config(r->server->module_config);
int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);
int stricturi = (conf->http_stricturi != AP_HTTP_URI_UNSAFE);
- int strictspaces = (conf->http_whitespace != AP_HTTP_WHITESPACE_UNSAFE);
/* Read past empty lines until we get a real request line,
* a read error, the connection closes (EOF), or we timeout.
@@ -671,7 +670,7 @@ static int read_request_line(request_rec
}
/* Verify method terminated with a single SP, otherwise mark in error */
- if (strictspaces && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
+ if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
&& deferred_error == rrl_none) {
deferred_error = rrl_excesswhitespace;
}
@@ -680,7 +679,7 @@ static int read_request_line(request_rec
* then NUL terminate the method string
*/
for (uri = ll; apr_isspace(*uri); ++uri)
- if (strictspaces && ap_strchr_c("\t\n\v\f\r", *uri)
+ if (strict && ap_strchr_c("\t\n\v\f\r", *uri)
&& deferred_error == rrl_none)
deferred_error = rrl_badwhitespace;
*ll = '\0';
@@ -708,7 +707,7 @@ static int read_request_line(request_rec
}
/* Verify uri terminated with a single SP, otherwise mark in error */
- if (strictspaces && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
+ if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
&& deferred_error == rrl_none) {
deferred_error = rrl_excesswhitespace;
}
@@ -717,7 +716,7 @@ static int read_request_line(request_rec
* then NUL terminate the uri string
*/
for (r->protocol = ll; apr_isspace(*r->protocol); ++r->protocol)
- if (strictspaces && ap_strchr_c("\t\n\v\f\r", *r->protocol)
+ if (strict && ap_strchr_c("\t\n\v\f\r", *r->protocol)
&& deferred_error == rrl_none)
deferred_error = rrl_badwhitespace;
*ll = '\0';
@@ -735,10 +734,10 @@ static int read_request_line(request_rec
* determine if trailing text is found, unconditionally mark in error,
* finally NUL terminate the protocol string
*/
- if (strictspaces && *ll)
+ if (strict && *ll)
deferred_error = rrl_excesswhitespace;
for ( ; apr_isspace(*ll); ++ll)
- if (strictspaces && ap_strchr_c("\t\n\v\f\r", *ll)
+ if (strict && ap_strchr_c("\t\n\v\f\r", *ll)
&& deferred_error == rrl_none)
deferred_error = rrl_badwhitespace;
if (*ll && deferred_error == rrl_none)
@@ -943,7 +942,6 @@ AP_DECLARE(void) ap_get_mime_headers_cor
char *tmp_field;
core_server_config *conf = ap_get_core_module_config(r->server->module_config);
int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);
- int strictspaces = (conf->http_whitespace != AP_HTTP_WHITESPACE_UNSAFE);
/*
* Read header lines until we get the empty separator line, a read error,
@@ -982,7 +980,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
return;
}
- if (strictspaces && strpbrk(field, "\n\v\f\r")) {
+ if (strict && strpbrk(field, "\n\v\f\r")) {
r->status = HTTP_BAD_REQUEST;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03451)
"Request header line presented bad whitespace "
@@ -1116,7 +1114,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
*value++ = '\0'; /* NUL-terminate at colon */
- if (strictspaces && strpbrk(last_field, " \t")) {
+ if (strict && strpbrk(last_field, " \t")) {
r->status = HTTP_BAD_REQUEST;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03452)
"Request header field name with whitespace "