You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2015/03/06 10:55:16 UTC
svn commit: r1664576 - /httpd/httpd/trunk/server/protocol.c
Author: ylavic
Date: Fri Mar 6 09:55:16 2015
New Revision: 1664576
URL: http://svn.apache.org/r1664576
Log:
core: Follow up to r1664205.
Don't let invalid r->proto_num/protocol out of read_request_line() reach
the output filters (when responding with 400 Bad Request).
Suggested by: rpluem
Modified:
httpd/httpd/trunk/server/protocol.c
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1664576&r1=1664575&r2=1664576&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Fri Mar 6 09:55:16 2015
@@ -674,6 +674,9 @@ static int read_request_line(request_rec
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418)
"Invalid protocol '%s'", r->protocol);
if (enforce_strict) {
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ r->connection->keepalive = AP_CONN_CLOSE;
r->status = HTTP_BAD_REQUEST;
return 0;
}