You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2020/06/30 14:18:22 UTC
svn commit: r1879369 - /httpd/httpd/trunk/server/protocol.c
Author: ylavic
Date: Tue Jun 30 14:18:22 2020
New Revision: 1879369
URL: http://svn.apache.org/viewvc?rev=1879369&view=rev
Log:
Follow up to r1877955: always validate the Content-Length
even if it is to be ignored because of RFC7230 section 3.3.3 requirements.
Modified:
httpd/httpd/trunk/server/protocol.c
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1879369&r1=1879368&r2=1879369&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Tue Jun 30 14:18:22 2020
@@ -1519,6 +1519,19 @@ request_rec *ap_read_request(conn_rec *c
goto die_unusable_input;
}
+ clen = apr_table_get(r->headers_in, "Content-Length");
+ if (clen) {
+ apr_off_t cl;
+
+ if (!ap_parse_strict_length(&cl, clen)) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242)
+ "client sent invalid Content-Length "
+ "(%s): %s", clen, r->uri);
+ access_status = HTTP_BAD_REQUEST;
+ goto die_unusable_input;
+ }
+ }
+
tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
if (tenc) {
/* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23
@@ -1543,17 +1556,6 @@ request_rec *ap_read_request(conn_rec *c
*/
apr_table_unset(r->headers_in, "Content-Length");
}
- else if ((clen = apr_table_get(r->headers_in, "Content-Length"))) {
- apr_off_t cl;
-
- if (!ap_parse_strict_length(&cl, clen)) {
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(10242)
- "client sent invalid Content-Length "
- "(%s): %s", clen, r->uri);
- access_status = HTTP_BAD_REQUEST;
- goto die_unusable_input;
- }
- }
}
/*