You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2006/04/01 08:18:05 UTC

svn commit: r390595 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/http/http_filters.c

Author: pquerna
Date: Fri Mar 31 22:18:02 2006
New Revision: 390595

URL: http://svn.apache.org/viewcvs?rev=390595&view=rev
Log:
Merge r354630 from trunk:

If a connection aborts while waiting for a chunked line, flag the connection as
errored out and send errors upwards.

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/http/http_filters.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Mar 31 22:18:02 2006
@@ -14,6 +14,9 @@
      made to ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
 
+  *) http: If a connection is aborted while waiting for a chunked line, 
+     flag the connection as errored out.  [Justin Erenkrantz]
+
   *) core: Reject invalid Expect header immediately. PR 38123.
      [Ruediger Pluem]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/STATUS?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Mar 31 22:18:02 2006
@@ -75,14 +75,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    * HTTP: If a connection aborts while waiting for a chunked line,
-      flag the connection as errored out.
-      http://svn.apache.org/viewcvs.cgi?rev=354630&view=rev
-      Message-ID: <43...@web.turner.com>
-      +1: jerenkrantz, jim, wrowe
-      -0: niq: Please explain why return value of ap_pass_brigade is
-               put into a variable and immediately discarded.
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
 
     * mod_dbd: When threaded, create a private pool in child_init

Modified: httpd/httpd/branches/2.2.x/modules/http/http_filters.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/modules/http/http_filters.c?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/http_filters.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/http_filters.c Fri Mar 31 22:18:02 2006
@@ -215,11 +215,12 @@
 
             if (rv == APR_SUCCESS) {
                 /* We have to check the length of the brigade we got back.
-                 * We will not accept partial lines.
+                 * We will not accept partial or blank lines.
                  */
                 rv = apr_brigade_length(bb, 1, &brigade_length);
                 if (rv == APR_SUCCESS
-                    && brigade_length > f->r->server->limit_req_line) {
+                    && (!brigade_length ||
+                        brigade_length > f->r->server->limit_req_line)) {
                     rv = APR_ENOSPC;
                 }
                 if (rv == APR_SUCCESS) {
@@ -277,6 +278,7 @@
                 char line[30];
                 apr_bucket_brigade *bb;
                 apr_size_t len = 30;
+                apr_status_t http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;
 
                 bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
 
@@ -292,7 +294,14 @@
                     if (rv == APR_SUCCESS) {
                         rv = apr_brigade_flatten(bb, line, &len);
                         if (rv == APR_SUCCESS) {
-                            ctx->remaining = get_chunk_size(line);
+                            /* Wait a sec, that's a blank line!  Oh no. */
+                            if (!len) {
+                                rv = APR_EGENERAL;
+                                http_error = HTTP_SERVICE_UNAVAILABLE;
+                            }
+                            else {
+                                ctx->remaining = get_chunk_size(line);
+                            }
                         }
                     }
                     apr_brigade_cleanup(bb);
@@ -300,16 +309,19 @@
 
                 /* Detect chunksize error (such as overflow) */
                 if (rv != APR_SUCCESS || ctx->remaining < 0) {
+                    apr_status_t out_error;
+
                     ctx->remaining = 0; /* Reset it in case we have to
                                          * come back here later */
-                    e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE,
+                    e = ap_bucket_error_create(http_error,
                                                NULL, f->r->pool,
                                                f->c->bucket_alloc);
                     APR_BRIGADE_INSERT_TAIL(bb, e);
                     e = apr_bucket_eos_create(f->c->bucket_alloc);
                     APR_BRIGADE_INSERT_TAIL(bb, e);
                     ctx->eos_sent = 1;
-                    return ap_pass_brigade(f->r->output_filters, bb);
+                    out_error = ap_pass_brigade(f->r->output_filters, bb);
+                    return rv;
                 }
 
                 if (!ctx->remaining) {