You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2008/09/08 16:20:14 UTC
svn commit: r693108 - in /httpd/httpd/trunk: CHANGES
modules/http/http_filters.c modules/http/http_protocol.c
Author: niq
Date: Mon Sep 8 07:20:11 2008
New Revision: 693108
URL: http://svn.apache.org/viewvc?rev=693108&view=rev
Log:
Relax checks on HTTP Response status line from a backend.
PR#44995 - Rainer Jung
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/http/http_filters.c
httpd/httpd/trunk/modules/http/http_protocol.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=693108&r1=693107&r2=693108&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Sep 8 07:20:11 2008
@@ -2,6 +2,10 @@
Changes with Apache 2.3.0
[ When backported to 2.2.x, remove entry from this file ]
+ *) Be tolerant in what you accept - accept slightly broken
+ status lines from a backend provide they include a valid status code.
+ PR 44995 [Rainer Jung <rainer.jung kippdata.de>
+
*) New module mod_sed: filter Request/Response bodies through sed
[Basant Kumar Kukreja <basant.kukreja sun.com>]
Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=693108&r1=693107&r2=693108&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Mon Sep 8 07:20:11 2008
@@ -802,12 +802,21 @@
{
char *end;
- if (r->status_line
- && (strlen(r->status_line) <= 4
+ if (r->status_line) {
+ int len = strlen(r->status_line);
+ if (len < 3
|| apr_strtoi64(r->status_line, &end, 10) != r->status
- || *end != ' '
- || (end - 3) != r->status_line)) {
- r->status_line = NULL;
+ || (end - 3) != r->status_line
+ || (len >= 4 && ! apr_isspace(r->status_line[3]))) {
+ r->status_line = NULL;
+ }
+ /* Since we passed the above check, we know that length three
+ * is equivalent to only a 3 digit numeric http status.
+ * RFC2616 mandates a trailing space, let's add it.
+ */
+ else if (len == 3) {
+ r->status_line = apr_pstrcat(r->pool, r->status_line, " ");
+ }
}
}
Modified: httpd/httpd/trunk/modules/http/http_protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_protocol.c?rev=693108&r1=693107&r2=693108&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_protocol.c (original)
+++ httpd/httpd/trunk/modules/http/http_protocol.c Mon Sep 8 07:20:11 2008
@@ -1232,16 +1232,28 @@
const char *h1;
/* Accept a status_line set by a module, but only if it begins
- * with the 3 digit status code
+ * with the correct 3 digit status code
*/
- if (r->status_line != NULL
- && strlen(r->status_line) > 4 /* long enough */
- && apr_isdigit(r->status_line[0])
- && apr_isdigit(r->status_line[1])
- && apr_isdigit(r->status_line[2])
- && apr_isspace(r->status_line[3])
- && apr_isalnum(r->status_line[4])) {
- title = r->status_line;
+ if (r->status_line) {
+ char *end;
+ int len = strlen(r->status_line);
+ if (len >= 3
+ && apr_strtoi64(r->status_line, &end, 10) == r->status
+ && (end - 3) == r->status_line
+ && (len < 4 || apr_isspace(r->status_line[3]))
+ && (len < 5 || apr_isalnum(r->status_line[4]))) {
+ /* Since we passed the above check, we know that length three
+ * is equivalent to only a 3 digit numeric http status.
+ * RFC2616 mandates a trailing space, let's add it.
+ * If we have an empty reason phrase, we also add "Unknown Reason".
+ */
+ if (len == 3) {
+ r->status_line = apr_pstrcat(r->pool, r->status_line, " Unknown Reason");
+ } else if (len == 4) {
+ r->status_line = apr_pstrcat(r->pool, r->status_line, "Unknown Reason");
+ }
+ title = r->status_line;
+ }
}
/* folks decided they didn't want the error code in the H1 text */