You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2016/03/14 11:48:55 UTC
svn commit: r1734910 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_request.c modules/http2/h2_util.c
Author: icing
Date: Mon Mar 14 10:48:54 2016
New Revision: 1734910
URL: http://svn.apache.org/viewvc?rev=1734910&view=rev
Log:
mod_http2: allowing requests without :authority header
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/http2/h2_request.c
httpd/httpd/trunk/modules/http2/h2_util.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Mar 14 10:48:54 2016
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_http2: fixes incorrect denial of requests without :authority header.
+ [Stefan Eissing]
+
*) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the
request for the SSI document. [Jeff Trawick]
Modified: httpd/httpd/trunk/modules/http2/h2_request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_request.c?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_request.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_request.c Mon Mar 14 10:48:54 2016
@@ -238,11 +238,20 @@ apr_status_t h2_request_end_headers(h2_r
return APR_EINVAL;
}
- /* Always set the "Host" header from :authority, see rfc7540, ch. 8.1.2.3 */
+ /* rfc7540, ch. 8.1.2.3:
+ * - if we have :authority, it overrides any Host header
+ * - :authority MUST be ommited when converting h1->h2, so we
+ * might get a stream without, but then Host needs to be there */
if (!req->authority) {
- return APR_BADARG;
+ const char *host = apr_table_get(req->headers, "Host");
+ if (!host) {
+ return APR_BADARG;
+ }
+ req->authority = host;
+ }
+ else {
+ apr_table_setn(req->headers, "Host", req->authority);
}
- apr_table_setn(req->headers, "Host", req->authority);
s = apr_table_get(req->headers, "Content-Length");
if (s) {
Modified: httpd/httpd/trunk/modules/http2/h2_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_util.c?rev=1734910&r1=1734909&r2=1734910&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_util.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_util.c Mon Mar 14 10:48:54 2016
@@ -1070,7 +1070,6 @@ typedef struct {
#define H2_LIT_ARGS(a) (a),H2_ALEN(a)
static literal IgnoredRequestHeaders[] = {
- H2_DEF_LITERAL("host"),
H2_DEF_LITERAL("expect"),
H2_DEF_LITERAL("upgrade"),
H2_DEF_LITERAL("connection"),