You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/05/14 22:58:21 UTC
svn commit: r1103223 - /httpd/httpd/trunk/modules/http/http_filters.c
Author: sf
Date: Sat May 14 20:58:20 2011
New Revision: 1103223
URL: http://svn.apache.org/viewvc?rev=1103223&view=rev
Log:
If chunked encoding / content-length are corrupt, we may treat parts
of one request's body as the next one's headers. To be safe, we should
disable keep-alive in this case.
Modified:
httpd/httpd/trunk/modules/http/http_filters.c
Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1103223&r1=1103222&r2=1103223&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Sat May 14 20:58:20 2011
@@ -78,6 +78,7 @@ typedef struct http_filter_ctx {
apr_bucket_brigade *bb;
} http_ctx_t;
+/* bail out if some error in the HTTP input filter happens */
static apr_status_t bail_out_on_error(http_ctx_t *ctx,
ap_filter_t *f,
int http_error)
@@ -93,6 +94,11 @@ static apr_status_t bail_out_on_error(ht
e = apr_bucket_eos_create(f->c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, e);
ctx->eos_sent = 1;
+ /* If chunked encoding / content-length are corrupt, we may treat parts
+ * of this request's body as the next one's headers.
+ * To be safe, disable keep-alive.
+ */
+ f->r->connection->keepalive = AP_CONN_CLOSE;
return ap_pass_brigade(f->r->output_filters, bb);
}