You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2017/06/28 02:33:29 UTC
svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c
Author: wrowe
Date: Wed Jun 28 02:33:29 2017
New Revision: 1800111
URL: http://svn.apache.org/viewvc?rev=1800111&view=rev
Log:
Appears to resolve the issue to permit single-char fieldnames; PR61220
Modified:
httpd/httpd/trunk/server/protocol.c
Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1800111&r1=1800110&r2=1800111&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Wed Jun 28 02:33:29 2017
@@ -1111,7 +1111,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
return;
}
- if (tmp_field == last_field) {
+ if (tmp_field == last_field && !*last_field) {
r->status = HTTP_BAD_REQUEST;
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
"Request header field name was empty");
Re: svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c
Posted by William A Rowe Jr <wr...@rowe-clan.net>.
On Wed, Jun 28, 2017 at 7:14 AM, Yann <yl...@gmail.com> wrote:
>
> Looks like the code after the patch below would be simpler and work too :
Agreed this is easier to follow, tmp_field is otherwise unused in the
unsafe code path. Proposed for backport, thanks.
Note this patch is the 2.2, non-APLOGNO flavor;
> Index: server/protocol.c
> ===================================================================
> --- server/protocol.c (revision 1800151)
> +++ server/protocol.c (working copy)
> @@ -1081,8 +1081,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
> return;
> }
>
> - /* last character of field-name */
> - tmp_field = value - (value > last_field ? 1 : 0);
> + if (value == last_field) {
> + r->status = HTTP_BAD_REQUEST;
> + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> + "Request header field name was empty");
> + return;
> + }
>
> *value++ = '\0'; /* NUL-terminate at colon */
>
> @@ -1105,13 +1109,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
> " bad whitespace");
> return;
> }
> -
> - if (tmp_field == last_field) {
> - r->status = HTTP_BAD_REQUEST;
> - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> - "Request header field name was empty");
> - return;
> - }
> }
> else /* Using strict RFC7230 parsing */
> {
> _
Re: svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c
Posted by Yann <yl...@gmail.com>.
On Wed, Jun 28, 2017 at 4:33 AM, <wr...@apache.org> wrote:
> Author: wrowe
> Date: Wed Jun 28 02:33:29 2017
> New Revision: 1800111
>
> URL: http://svn.apache.org/viewvc?rev=1800111&view=rev
> Log:
> Appears to resolve the issue to permit single-char fieldnames; PR61220
>
> Modified:
> httpd/httpd/trunk/server/protocol.c
>
> Modified: httpd/httpd/trunk/server/protocol.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1800111&r1=1800110&r2=1800111&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/protocol.c (original)
> +++ httpd/httpd/trunk/server/protocol.c Wed Jun 28 02:33:29 2017
> @@ -1111,7 +1111,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> return;
> }
>
> - if (tmp_field == last_field) {
> + if (tmp_field == last_field && !*last_field) {
> r->status = HTTP_BAD_REQUEST;
> ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
> "Request header field name was empty");
>
Looks like the code after the patch below would be simpler and work too :
Index: server/protocol.c
===================================================================
--- server/protocol.c (revision 1800151)
+++ server/protocol.c (working copy)
@@ -1081,8 +1081,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
return;
}
- /* last character of field-name */
- tmp_field = value - (value > last_field ? 1 : 0);
+ if (value == last_field) {
+ r->status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "Request header field name was empty");
+ return;
+ }
*value++ = '\0'; /* NUL-terminate at colon */
@@ -1105,13 +1109,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
" bad whitespace");
return;
}
-
- if (tmp_field == last_field) {
- r->status = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
- "Request header field name was empty");
- return;
- }
}
else /* Using strict RFC7230 parsing */
{
_