You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2020/06/10 11:24:13 UTC
svn commit: r1878708 - in /httpd/httpd/trunk: CHANGES server/protocol.c
Author: rpluem
Date: Wed Jun 10 11:24:13 2020
New Revision: 1878708
URL: http://svn.apache.org/viewvc?rev=1878708&view=rev
Log:
* Have the HTTP 0.9 / 1.1 processing code reject requests for
HTTP >= 2.0 with a HTTP Version Not Support status code.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/server/protocol.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1878708&r1=1878707&r2=1878708&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Jun 10 11:24:13 2020
@@ -1,7 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
- *) mod_proxy_http2: the "ping" proxy parameter
+
+ *) core: Have the HTTP 0.9 / 1.1 processing code reject requests for
+ HTTP >= 2.0 with a HTTP Version Not Support status code. [Ruediger Pluem]
+
+ *) mod_proxy_http2: the "ping" proxy parameter
(see <https://httpd.apache.org/docs/2.4/mod/mod_proxy.html>) is now used
when checking the liveliness of a new or reused h2 connection to the backend.
With short durations, this makes load-balancing more responsive. The module
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1878708&r1=1878707&r2=1878708&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Wed Jun 10 11:24:13 2020
@@ -748,7 +748,7 @@ AP_DECLARE(int) ap_parse_request_line(re
enum {
rrl_none, rrl_badmethod, rrl_badwhitespace, rrl_excesswhitespace,
rrl_missinguri, rrl_baduri, rrl_badprotocol, rrl_trailingtext,
- rrl_badmethod09, rrl_reject09
+ rrl_badmethod09, rrl_reject09, rrl_versionnotsupported
} deferred_error = rrl_none;
apr_size_t len = 0;
char *uri, *ll;
@@ -897,6 +897,11 @@ rrl_done:
r->proto_num = HTTP_VERSION(0, 9);
}
+ if (strict && deferred_error == rrl_none
+ && r->proto_num >= HTTP_VERSION(2, 0)) {
+ deferred_error = rrl_versionnotsupported;
+ }
+
/* Determine the method_number and parse the uri prior to invoking error
* handling, such that these fields are available for substitution
*/
@@ -918,6 +923,7 @@ rrl_done:
* we can safely resume any deferred error reporting
*/
if (deferred_error != rrl_none) {
+ r->status = HTTP_BAD_REQUEST;
if (deferred_error == rrl_badmethod)
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445)
"HTTP Request Line; Invalid method token: '%.*s'",
@@ -954,7 +960,13 @@ rrl_done:
"HTTP Request Line; Unrecognized protocol '%.*s' "
"(perhaps whitespace was injected?)",
field_name_len(r->protocol), r->protocol);
- r->status = HTTP_BAD_REQUEST;
+ else if (deferred_error == rrl_versionnotsupported) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
+ "HTTP Request Line; Protocol '%.*s' >= HTTP/2.0 not"
+ " supported", field_name_len(r->protocol),
+ r->protocol);
+ r->status = HTTP_VERSION_NOT_SUPPORTED;
+ }
goto rrl_failed;
}