You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2005/07/14 18:18:00 UTC
svn commit: r219057 - /httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
Author: wrowe
Date: Thu Jul 14 09:17:56 2005
New Revision: 219057
URL: http://svn.apache.org/viewcvs?rev=219057&view=rev
Log:
Missed an edge case; once we know the C-L didn't match, it's
time to shut down the body already. Finish reading from the
client but do nothing else, returning an error.
Modified:
httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
Modified: httpd/httpd/trunk/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?rev=219057&r1=219056&r2=219057&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/trunk/modules/proxy/mod_proxy_http.c Thu Jul 14 09:17:56 2005
@@ -332,6 +332,7 @@
}
apr_brigade_length(input_brigade, 1, &bytes);
+ bytes_streamed += bytes;
/* If this brigade contains EOS, either stop or remove it. */
if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) {
@@ -349,6 +350,18 @@
apr_bucket_delete(e);
}
+ /* C-L < bytes streamed?!?
+ * We will error out after the body is completely
+ * consumed, but we can't stream more bytes at the
+ * back end since they would in part be interpreted
+ * as another request! If nothing is sent, then
+ * just send nothing.
+ *
+ * Prevents HTTP Response Splitting.
+ */
+ if (bytes_streamed > cl_val)
+ continue;
+
if (header_brigade) {
/* we never sent the header brigade, so go ahead and
* take care of that now
@@ -365,8 +378,6 @@
if (status != APR_SUCCESS) {
return status;
}
-
- bytes_streamed += bytes;
} while (!seen_eos);
if (bytes_streamed != cl_val) {