You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/05/14 22:58:21 UTC

svn commit: r1103223 - /httpd/httpd/trunk/modules/http/http_filters.c

Author: sf
Date: Sat May 14 20:58:20 2011
New Revision: 1103223

URL: http://svn.apache.org/viewvc?rev=1103223&view=rev
Log:
If chunked encoding / content-length are corrupt, we may treat parts
of one request's body as the next one's headers. To be safe, we should
disable keep-alive in this case.

Modified:
    httpd/httpd/trunk/modules/http/http_filters.c

Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1103223&r1=1103222&r2=1103223&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Sat May 14 20:58:20 2011
@@ -78,6 +78,7 @@ typedef struct http_filter_ctx {
     apr_bucket_brigade *bb;
 } http_ctx_t;
 
+/* bail out if some error in the HTTP input filter happens */
 static apr_status_t bail_out_on_error(http_ctx_t *ctx,
                                       ap_filter_t *f,
                                       int http_error)
@@ -93,6 +94,11 @@ static apr_status_t bail_out_on_error(ht
     e = apr_bucket_eos_create(f->c->bucket_alloc);
     APR_BRIGADE_INSERT_TAIL(bb, e);
     ctx->eos_sent = 1;
+    /* If chunked encoding / content-length are corrupt, we may treat parts
+     * of this request's body as the next one's headers.
+     * To be safe, disable keep-alive.
+     */
+    f->r->connection->keepalive = AP_CONN_CLOSE;
     return ap_pass_brigade(f->r->output_filters, bb);
 }