You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by pq...@apache.org on 2006/04/01 08:18:05 UTC
svn commit: r390595 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/http/http_filters.c
Author: pquerna
Date: Fri Mar 31 22:18:02 2006
New Revision: 390595
URL: http://svn.apache.org/viewcvs?rev=390595&view=rev
Log:
Merge r354630 from trunk:
If a connection aborts while waiting for a chunked line, flag the connection as
errored out and send errors upwards.
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/http/http_filters.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/CHANGES?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Mar 31 22:18:02 2006
@@ -14,6 +14,9 @@
made to ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
+ *) http: If a connection is aborted while waiting for a chunked line,
+ flag the connection as errored out. [Justin Erenkrantz]
+
*) core: Reject invalid Expect header immediately. PR 38123.
[Ruediger Pluem]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/STATUS?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Mar 31 22:18:02 2006
@@ -75,14 +75,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * HTTP: If a connection aborts while waiting for a chunked line,
- flag the connection as errored out.
- http://svn.apache.org/viewcvs.cgi?rev=354630&view=rev
- Message-ID: <43...@web.turner.com>
- +1: jerenkrantz, jim, wrowe
- -0: niq: Please explain why return value of ap_pass_brigade is
- put into a variable and immediately discarded.
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
* mod_dbd: When threaded, create a private pool in child_init
Modified: httpd/httpd/branches/2.2.x/modules/http/http_filters.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.2.x/modules/http/http_filters.c?rev=390595&r1=390594&r2=390595&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/http_filters.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/http_filters.c Fri Mar 31 22:18:02 2006
@@ -215,11 +215,12 @@
if (rv == APR_SUCCESS) {
/* We have to check the length of the brigade we got back.
- * We will not accept partial lines.
+ * We will not accept partial or blank lines.
*/
rv = apr_brigade_length(bb, 1, &brigade_length);
if (rv == APR_SUCCESS
- && brigade_length > f->r->server->limit_req_line) {
+ && (!brigade_length ||
+ brigade_length > f->r->server->limit_req_line)) {
rv = APR_ENOSPC;
}
if (rv == APR_SUCCESS) {
@@ -277,6 +278,7 @@
char line[30];
apr_bucket_brigade *bb;
apr_size_t len = 30;
+ apr_status_t http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;
bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
@@ -292,7 +294,14 @@
if (rv == APR_SUCCESS) {
rv = apr_brigade_flatten(bb, line, &len);
if (rv == APR_SUCCESS) {
- ctx->remaining = get_chunk_size(line);
+ /* Wait a sec, that's a blank line! Oh no. */
+ if (!len) {
+ rv = APR_EGENERAL;
+ http_error = HTTP_SERVICE_UNAVAILABLE;
+ }
+ else {
+ ctx->remaining = get_chunk_size(line);
+ }
}
}
apr_brigade_cleanup(bb);
@@ -300,16 +309,19 @@
/* Detect chunksize error (such as overflow) */
if (rv != APR_SUCCESS || ctx->remaining < 0) {
+ apr_status_t out_error;
+
ctx->remaining = 0; /* Reset it in case we have to
* come back here later */
- e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE,
+ e = ap_bucket_error_create(http_error,
NULL, f->r->pool,
f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
e = apr_bucket_eos_create(f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
ctx->eos_sent = 1;
- return ap_pass_brigade(f->r->output_filters, bb);
+ out_error = ap_pass_brigade(f->r->output_filters, bb);
+ return rv;
}
if (!ctx->remaining) {