You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by el...@apache.org on 2016/12/09 09:29:57 UTC

svn commit: r1773346 - in /httpd/httpd/trunk: CHANGES modules/http/http_filters.c

Author: elukey
Date: Fri Dec  9 09:29:57 2016
New Revision: 1773346

URL: http://svn.apache.org/viewvc?rev=1773346&view=rev
Log:
Drop C-L header and message-body from HTTP 204 responses.

The C-L header can be set in a fcgi/cgi backend or in other
filters like ap_content_length_filter (with the value of 0),
meanwhile the message-body can be returned incorrectly
by any backend. The idea is to remove unnecessary bytes
from a HTTP 204 response.

PR 51350

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/http/http_filters.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1773346&r1=1773345&r2=1773346&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Dec  9 09:29:57 2016
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: Drop Content-Length header and message-body from HTTP 204 responses.
+     PR 51350 [Luca Toscano]
+
   *) SECURITY: CVE-2016-2161 (cve.mitre.org)
      mod_auth_digest: Prevent segfaults during client entry allocation when the
      shared memory space is exhausted. [Maksim Malyutin <m.malyutin dsec.ru>,

Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1773346&r1=1773345&r2=1773346&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Fri Dec  9 09:29:57 2016
@@ -1208,7 +1208,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
 
     AP_DEBUG_ASSERT(!r->main);
 
-    if (r->header_only) {
+    if (r->header_only || r->status == HTTP_NO_CONTENT) {
         if (!ctx) {
             ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx));
         }
@@ -1298,6 +1298,10 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
         apr_table_unset(r->headers_out, "Content-Length");
     }
 
+    if (r->status == HTTP_NO_CONTENT) {
+        apr_table_unset(r->headers_out, "Content-Length");
+    }
+
     ctype = ap_make_content_type(r, r->content_type);
     if (ctype) {
         apr_table_setn(r->headers_out, "Content-Type", ctype);
@@ -1369,7 +1373,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
 
     ap_pass_brigade(f->next, b2);
 
-    if (r->header_only) {
+    if (r->header_only || r->status == HTTP_NO_CONTENT) {
         apr_brigade_cleanup(b);
         ctx->headers_sent = 1;
         return OK;