You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by wr...@apache.org on 2017/06/28 02:33:29 UTC

svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c

Author: wrowe
Date: Wed Jun 28 02:33:29 2017
New Revision: 1800111

URL: http://svn.apache.org/viewvc?rev=1800111&view=rev
Log:
Appears to resolve the issue to permit single-char fieldnames; PR61220

Modified:
    httpd/httpd/trunk/server/protocol.c

Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1800111&r1=1800110&r2=1800111&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Wed Jun 28 02:33:29 2017
@@ -1111,7 +1111,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
                     return;
                 }
 
-                if (tmp_field == last_field) {
+                if (tmp_field == last_field && !*last_field) {
                     r->status = HTTP_BAD_REQUEST;
                     ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
                                   "Request header field name was empty");

Re: svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c

Posted by William A Rowe Jr <wr...@rowe-clan.net>.

On Wed, Jun 28, 2017 at 7:14 AM, Yann <yl...@gmail.com> wrote:
>
> Looks like the code after the patch below would be simpler and work too :

Agreed this is easier to follow, tmp_field is otherwise unused in the
unsafe code path. Proposed for backport, thanks.

Note this patch is the 2.2, non-APLOGNO flavor;

> Index: server/protocol.c
> ===================================================================
> --- server/protocol.c    (revision 1800151)
> +++ server/protocol.c    (working copy)
> @@ -1081,8 +1081,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
>                      return;
>                  }
>
> -                /* last character of field-name */
> -                tmp_field = value - (value > last_field ? 1 : 0);
> +                if (value == last_field) {
> +                    r->status = HTTP_BAD_REQUEST;
> +                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> +                                  "Request header field name was empty");
> +                    return;
> +                }
>
>                  *value++ = '\0'; /* NUL-terminate at colon */
>
> @@ -1105,13 +1109,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
>                                    " bad whitespace");
>                      return;
>                  }
> -
> -                if (tmp_field == last_field) {
> -                    r->status = HTTP_BAD_REQUEST;
> -                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
> -                                  "Request header field name was empty");
> -                    return;
> -                }
>              }
>              else /* Using strict RFC7230 parsing */
>              {
> _

Re: svn commit: r1800111 - /httpd/httpd/trunk/server/protocol.c

Posted by Yann <yl...@gmail.com>.

On Wed, Jun 28, 2017 at 4:33 AM,  <wr...@apache.org> wrote:
> Author: wrowe
> Date: Wed Jun 28 02:33:29 2017
> New Revision: 1800111
>
> URL: http://svn.apache.org/viewvc?rev=1800111&view=rev
> Log:
> Appears to resolve the issue to permit single-char fieldnames; PR61220
>
> Modified:
>     httpd/httpd/trunk/server/protocol.c
>
> Modified: httpd/httpd/trunk/server/protocol.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1800111&r1=1800110&r2=1800111&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/protocol.c (original)
> +++ httpd/httpd/trunk/server/protocol.c Wed Jun 28 02:33:29 2017
> @@ -1111,7 +1111,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
>                      return;
>                  }
>
> -                if (tmp_field == last_field) {
> +                if (tmp_field == last_field && !*last_field) {
>                      r->status = HTTP_BAD_REQUEST;
>                      ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
>                                    "Request header field name was empty");
>

Looks like the code after the patch below would be simpler and work too :

Index: server/protocol.c
===================================================================
--- server/protocol.c    (revision 1800151)
+++ server/protocol.c    (working copy)
@@ -1081,8 +1081,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
                     return;
                 }

-                /* last character of field-name */
-                tmp_field = value - (value > last_field ? 1 : 0);
+                if (value == last_field) {
+                    r->status = HTTP_BAD_REQUEST;
+                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                                  "Request header field name was empty");
+                    return;
+                }

                 *value++ = '\0'; /* NUL-terminate at colon */

@@ -1105,13 +1109,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
                                   " bad whitespace");
                     return;
                 }
-
-                if (tmp_field == last_field) {
-                    r->status = HTTP_BAD_REQUEST;
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
-                                  "Request header field name was empty");
-                    return;
-                }
             }
             else /* Using strict RFC7230 parsing */
             {
_