You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2016/11/14 15:29:20 UTC
svn commit: r1769649 - in /httpd/httpd/branches/2.4.x-merge-http-strict: ./
include/ap_mmn.h include/httpd.h server/gen_test_char.c server/protocol.c
server/util.c
Author: wrowe
Date: Mon Nov 14 15:29:20 2016
New Revision: 1769649
URL: http://svn.apache.org/viewvc?rev=1769649&view=rev
Log:
Improve legibility of reviewing the generated table, using hex rather than dec
Submitted by: wrowe
Backport: r1754536
Correct T_HTTP_TOKEN_STOP per RFC2068 (2.2) - RFC7230 (3.2.6),
which has always defined 'token' as CHAR or VCHAR - visible USASCII only.
NUL char is also a stop, end of parsing.
Submitted by: wrowe
Backport: r1754538
Be more explicit about NUL in case iscntrl is inconsistent
Submitted by: wrowe
Backport: r1754539
Introduce T_HTTP_CTRLS for efficiently finding non-text chars
Submitted by: wrowe
Backport: r1754540
Introduce ap_scan_http_field_content, ap_scan_http_token
and ap_get_http_token [later reverted] for more efficient
string handling.
Submitted by: wrowe
Backport: r1754541
With NUL as a TOKEN_STOP, this code is more efficient
Submitted by: wrowe
Backport: r1754544
We arrive here for more than one cause; offer a more general statement
Submitted by: wrowe
Backport: r1754547
Strictly observe spec on obs-fold
Submitted by: wrowe
Backport: r1754548
Leave an emphatic TODO per Jeff's observations
Submitted by: trawick
Backport: r1754555
Introduce ap_scan_http_token / ap_scan_http_field_content for a much
more efficient pass through the header text; rather than reparsing
the strings over and over under the HTTP_CONFORMANCE_STRICT fules.
Improve logic and legibility by eliminating multiple repetitive tests
of the STRICT flag, and simply reorder 'classic' behavior first and
this new parser second to simplify the diff. Because of the whitespace
change (which I had wished to dodge), reading this --ignore-all-space
is a whole lot easier. Particularly against 2.4.x branch, which is now
identical in the 'classic' logic flow. Both of which I'll share with dev@
Submitted by: wrowe
Backport: r1754556
Friendly catch by R�diger, restore line mis-removed by the previous commit
Submitted by: rpluem
Backport: r1754568
Clean up doubled-'{'
Correct usage for ap_scan_http_token (had used _get_ syntax)
Correct logic, detect no 'token' chars, or missing ':'
Submitted by: wrowe, rpluem
Backport: r1754569,r1754570,r1754577
Replacement solution to identify VCHAR/ASCII symbols, even in EBCDIC.
Looking for someone with an EBCDIC environment to post the output of
the test_char.h generated file for verification.
Submitted by: wrowe
Backport: r1754579
Clean up an edge case where obs-fold continuation preceeds the first header,
as with r1755098, but this time ensure the previous header processing logic
ensures there was a previous header as identified by jchampion.
This patch restructures the loop for legibility with a loop continuation,
allowing us to flatten all of this hard-to-follow code. The subsequent
patch will be a whitespace-only change for formatting.
Testing len > 0 is redundant when *field is a "\0" and mismatches here,
folded flag was a no-op, unused once we added continue; logic.
Fix these as initially attempted in r1755114.
Improve comments and reflow whitespace.
Submitted by: wrowe
Backport: r1755123,r1755124,r1755125,r1755126
As promised, reduce this logic by net 9 code lines, shifting the burden
of killing trailing whitespace to the purpose-agnostic read logic.
Whitespace before or after an obs-fold, and before or after a field value
have no semantic purpose at all. Because we are building a buffer for all
folded values, reducing the size of the newly allocated buffer is always
to our advantage.
Submitted by: wrowe
Backport: r1755233
Treat empty obs-fold line as a noop, eliminate all intra-obs-fold excess
whitespace, and observe the 1 SP per obs-folding per spec.
Submitted by: wrowe
Backport: r1755234,r1755235,r1755236
Treat empty obs-fold line as abusive traffic.
Submitted by: wrowe
Backport: r1755263
Stop reflecting irrelevant data to the request error notes, particularly
for abusive and malformed traffic the non-technical consumer of a user-agent
has no control over.
Simply take note where the administrator-configured limits have been exceeded,
that administrator can find details in the error log if desired.
Submitted by: wrowe
Backport: r1755264
Follow up to r1755264.
Don't crash when ap_rgetline() returns a NULL field on ENOSPC.
Submitted by: ylavic
Backport: r1755343
Follow on to r1755264, for the case of merged header length exceptions,
and ensure the field header name is truncated to a sane log width.
Submitted by: wrowe
Backport: r1755744
Modified:
httpd/httpd/branches/2.4.x-merge-http-strict/ (props changed)
httpd/httpd/branches/2.4.x-merge-http-strict/include/ap_mmn.h
httpd/httpd/branches/2.4.x-merge-http-strict/include/httpd.h
httpd/httpd/branches/2.4.x-merge-http-strict/server/gen_test_char.c
httpd/httpd/branches/2.4.x-merge-http-strict/server/protocol.c
httpd/httpd/branches/2.4.x-merge-http-strict/server/util.c
Propchange: httpd/httpd/branches/2.4.x-merge-http-strict/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Nov 14 15:29:20 2016
@@ -2,4 +2,4 @@
/httpd/httpd/branches/2.4.17-protocols-http2:1701609-1705681
/httpd/httpd/branches/revert-ap-ldap:1150158-1150173
/httpd/httpd/branches/wombat-integration:723609-723841
-/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341906,1341913,1343085,1343087,1343094,1343099,1343109,1343935,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369604,1369618,1369904,1369995,1369999,1370
001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406719,1406760,1407004,1407006,1407085,1407088,1407248,1407381,1407459-1
407460,1407528,1407599,1407643,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425366,1425771-1425772,1425775,1425777,1425874,1426827,1426850,1426877,1426879,1426975,1426988,1426992,1427546,1428145,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1436457,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1446421,1447993,1448171,1448453,1451478,1451484,1451633,1451849,1451905,1451921,145212
8,1452195,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1488158,1488164,1488296,1488471,1488492,1488644,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492663,1492710,1492782,1493330,149
3921,1493925,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532746,1532816,1533065,1533224,1534321,1534754,1534890,1534892,1536310,1537535,1538490,1540051-1540052,1541181,1541270,1541368,
1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1547845,1550061,1550302,1550307,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1556206,1556428,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,1565711,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,15732
24,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597639,1597642,1598107,1598946,1599535,1601076,1601184-1601185,1601274,1601291,1601624,1601630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,16
10383,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1618401,1618541,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626978,1628104,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656669
,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1663017,1663647,1664071,1664133,1664205,1664299,1664576,1664709,1665215,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666468,1666618,1666998,1667385-1667386,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684
171,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687642-1687643,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1698107,1698116,1698133,1698330,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1703152,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1
704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705983,1706275,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,1716211,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,172329
5,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730297,1730640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735931,1735935,1735942,1735952,1736156,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,173
7447,1737449,1737451,1737476,1738217,1738331,1738333,1738563,1739008,1739146,1739151,1739193,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1741045,1741065,1741112,1741115,1741268,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,1742791-1742792,1743335,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745175,1745767,1745835,1746207,1746647,1746988,1747170,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401,1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752347,1752415,1753167,
1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754391,1754399,1754414,1754534,1755323,1756038,1756611,1756844,1756846,1756852-1756853,1757010-1757011,1757524,1757534,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759984,1760018,1761434,1761477,1761479,1761548,1762517,1762703,1763158,1763246,1763613,1764005,1764040,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766308,1766424,1766691,1766851,1766857,1767128,1767180-1767181,1767553,1767564,1767803
+/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341906,1341913,1343085,1343087,1343094,1343099,1343109,1343935,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369604,1369618,1369904,1369995,1369999,1370
001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406719,1406760,1407004,1407006,1407085,1407088,1407248,1407381,1407459-1
407460,1407528,1407599,1407643,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425366,1425771-1425772,1425775,1425777,1425874,1426827,1426850,1426877,1426879,1426975,1426988,1426992,1427546,1428145,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1436457,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1446421,1447993,1448171,1448453,1451478,1451484,1451633,1451849,1451905,1451921,145212
8,1452195,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1488158,1488164,1488296,1488471,1488492,1488644,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492663,1492710,1492782,1493330,149
3921,1493925,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532746,1532816,1533065,1533224,1534321,1534754,1534890,1534892,1536310,1537535,1538490,1540051-1540052,1541181,1541270,1541368,
1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1547845,1550061,1550302,1550307,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1556206,1556428,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,1565711,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,15732
24,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597639,1597642,1598107,1598946,1599535,1601076,1601184-1601185,1601274,1601291,1601624,1601630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,16
10383,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1618401,1618541,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626978,1628104,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656669
,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1663017,1663647,1664071,1664133,1664205,1664299,1664576,1664709,1665215,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666468,1666618,1666998,1667385-1667386,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684
171,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687642-1687643,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1698107,1698116,1698133,1698330,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1703152,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1
704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705983,1706275,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,1716211,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,172329
5,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730297,1730640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735931,1735935,1735942,1735952,1736156,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,173
7447,1737449,1737451,1737476,1738217,1738331,1738333,1738563,1739008,1739146,1739151,1739193,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1741045,1741065,1741112,1741115,1741268,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,1742791-1742792,1743335,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745175,1745767,1745835,1746207,1746647,1746988,1747170,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401,1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752347,1752415,1753167,
1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754391,1754399,1754414,1754534,1754536,1754538-1754541,1754544,1754547-1754548,1754555-1754556,1754568-1754570,1754577,1754579,1755123-1755126,1755233-1755236,1755263-1755264,1755323,1755343,1755744,1756038,1756611,1756844,1756846,1756852-1756853,1757010-1757011,1757524,1757534,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759984,1760018,1761434,1761477,1761479,1761548,1762517,1762703,1763158,1763246,1763613,1764005,1764040,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766308,1766424,1766691,1766851,1766857,1767128,1767180-1767181,1767553,1767564,1767803
Modified: httpd/httpd/branches/2.4.x-merge-http-strict/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-merge-http-strict/include/ap_mmn.h?rev=1769649&r1=1769648&r2=1769649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-merge-http-strict/include/ap_mmn.h (original)
+++ httpd/httpd/branches/2.4.x-merge-http-strict/include/ap_mmn.h Mon Nov 14 15:29:20 2016
@@ -488,8 +488,9 @@
* 20120211.66 (2.4.24-dev) Rename ap_proxy_check_backend() to
* ap_proxy_check_connection().
* 20120211.67 (2.5.0-dev) Add http09_enable to core_server_config
- * Add http_conformance to core_server_config,
- * add ap_has_cntrl()
+ * Add http_conformance to core_server_config
+ * Add ap_has_cntrl(), ap_get_http_token()
+ * Add ap_scan_http_field_[content|token]()
*/
#define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
Modified: httpd/httpd/branches/2.4.x-merge-http-strict/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-merge-http-strict/include/httpd.h?rev=1769649&r1=1769648&r2=1769649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-merge-http-strict/include/httpd.h (original)
+++ httpd/httpd/branches/2.4.x-merge-http-strict/include/httpd.h Mon Nov 14 15:29:20 2016
@@ -1585,6 +1585,31 @@ AP_DECLARE(int) ap_find_etag_weak(apr_po
*/
AP_DECLARE(int) ap_find_etag_strong(apr_pool_t *p, const char *line, const char *tok);
+/* Scan a string for field content chars, as defined by RFC7230 section 3.2
+ * including VCHAR/obs-text, as well as HT and SP
+ * @param ptr The string to scan
+ * @return A pointer to the first (non-HT) ASCII ctrl character.
+ * @note lws and trailing whitespace are scanned, the caller is responsible
+ * for trimming leading and trailing whitespace
+ */
+AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr);
+
+/* Scan a string for token characters, as defined by RFC7230 section 3.2.6
+ * @param ptr The string to scan
+ * @return A pointer to the first non-token character.
+ */
+AP_DECLARE(const char *) ap_scan_http_token(const char *ptr);
+
+/* Retrieve a token, advancing the pointer to the first non-token character
+ * and returning a copy of the token string.
+ * @param ptr The string to scan. On return, this points to the first non-token
+ * character encountered, or NULL if *ptr was not a token character
+ * @return A copy of the token string
+ * @note The caller must handle leading and trailing whitespace as applicable
+ * and evaluate the terminating character.
+ */
+AP_DECLARE(char *) ap_get_http_token(apr_pool_t *p, const char **ptr);
+
/**
* Retrieve an array of tokens in the format "1#token" defined in RFC2616. Only
* accepts ',' as a delimiter, does not accept quoted strings, and errors on
Modified: httpd/httpd/branches/2.4.x-merge-http-strict/server/gen_test_char.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-merge-http-strict/server/gen_test_char.c?rev=1769649&r1=1769648&r2=1769649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-merge-http-strict/server/gen_test_char.c (original)
+++ httpd/httpd/branches/2.4.x-merge-http-strict/server/gen_test_char.c Mon Nov 14 15:29:20 2016
@@ -20,6 +20,7 @@
#define apr_isalpha(c) (isalpha(((unsigned char)(c))))
#define apr_iscntrl(c) (iscntrl(((unsigned char)(c))))
#define apr_isprint(c) (isprint(((unsigned char)(c))))
+#define apr_isascii(c) (isascii(((unsigned char)(c))))
#include <ctype.h>
#define APR_HAVE_STDIO_H 1
#define APR_HAVE_STRING_H 1
@@ -31,6 +32,48 @@
#endif
+#if APR_CHARSET_EBCDIC
+/* See util.c for complete explanation of this table */
+static const short ucharmap[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x9C, 0x09, 0x86, 0x7F,
+ 0x97, 0x8D, 0x8E, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
+ 0x10, 0x11, 0x12, 0x13, 0x9D, 0x85, 0x08, 0x87,
+ 0x18, 0x19, 0x92, 0x8F, 0x1C, 0x1D, 0x1E, 0x1F,
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x0A, 0x17, 0x1B,
+ 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x05, 0x06, 0x07,
+ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+ 0x98, 0x99, 0x9A, 0x9B, 0x14, 0x15, 0x9E, 0x1A,
+ 0x20, 0xA0, 0xE2, 0xE4, 0xE0, 0xE1, 0xE3, 0xE5,
+ 0xE7, 0xF1, 0xA2, 0x2E, 0x3C, 0x28, 0x2B, 0x7C,
+ 0x26, 0xE9, 0xEA, 0xEB, 0xE8, 0xED, 0xEE, 0xEF,
+ 0xEC, 0xDF, 0x21, 0x24, 0x2A, 0x29, 0x3B, 0xAC,
+ 0x2D, 0x2F, 0xC2, 0xC4, 0xC0, 0xC1, 0xC3, 0xC5,
+ 0xC7, 0xD1, 0xA6, 0x2C, 0x25, 0x5F, 0x3E, 0x3F,
+ 0xF8, 0xC9, 0xCA, 0xCB, 0xC8, 0xCD, 0xCE, 0xCF,
+ 0xCC, 0x60, 0x3A, 0x23, 0x40, 0x27, 0x3D, 0x22,
+ 0xD8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0xAB, 0xBB, 0xF0, 0xFD, 0xFE, 0xB1,
+ 0xB0, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70,
+ 0x71, 0x72, 0xAA, 0xBA, 0xE6, 0xB8, 0xC6, 0xA4,
+ 0xB5, 0x7E, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+ 0x79, 0x7A, 0xA1, 0xBF, 0xD0, 0xDD, 0xDE, 0xAE,
+ 0x5E, 0xA3, 0xA5, 0xB7, 0xA9, 0xA7, 0xB6, 0xBC,
+ 0xBD, 0xBE, 0x5B, 0x5D, 0xAF, 0xA8, 0xB4, 0xD7,
+ 0x7B, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+ 0x68, 0x69, 0xAD, 0xF4, 0xF6, 0xF2, 0xF3, 0xF5,
+ 0x7D, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70,
+ 0x71, 0x72, 0xB9, 0xFB, 0xFC, 0xF9, 0xFA, 0xFF,
+ 0x5C, 0xF7, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+ 0x79, 0x7A, 0xB2, 0xD4, 0xD6, 0xD2, 0xD3, 0xD5,
+ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+ 0x38, 0x39, 0xB3, 0xDB, 0xDC, 0xD9, 0xDA, 0x9F
+};
+#define test_isascii_equiv(c) ((ucharmap[(unsigned char)c] & ~0x7f) == 0)
+#else
+#define test_isascii_equiv(c) apr_isascii(c)
+#endif
+
+
#if defined(WIN32) || defined(OS2)
#define NEED_ENHANCED_ESCAPES
#endif
@@ -52,6 +95,7 @@
#define T_ESCAPE_LOGITEM (0x10)
#define T_ESCAPE_FORENSIC (0x20)
#define T_ESCAPE_URLENCODED (0x40)
+#define T_HTTP_CTRLS (0x80)
int main(int argc, char *argv[])
{
@@ -67,6 +111,7 @@ int main(int argc, char *argv[])
"#define T_ESCAPE_LOGITEM (%u)\n"
"#define T_ESCAPE_FORENSIC (%u)\n"
"#define T_ESCAPE_URLENCODED (%u)\n"
+ "#define T_HTTP_CTRLS (%u)\n"
"\n"
"static const unsigned char test_char_table[256] = {",
T_ESCAPE_SHELL_CMD,
@@ -75,11 +120,12 @@ int main(int argc, char *argv[])
T_HTTP_TOKEN_STOP,
T_ESCAPE_LOGITEM,
T_ESCAPE_FORENSIC,
- T_ESCAPE_URLENCODED);
+ T_ESCAPE_URLENCODED,
+ T_HTTP_CTRLS);
for (c = 0; c < 256; ++c) {
flags = 0;
- if (c % 20 == 0)
+ if (c % 8 == 0)
printf("\n ");
/* escape_shell_cmd */
@@ -115,11 +161,25 @@ int main(int argc, char *argv[])
flags |= T_ESCAPE_URLENCODED;
}
- /* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */
- if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) {
+ /* Stop for any non-'token' character, including ctrls, obs-text,
+ * and "tspecials" (RFC2068) a.k.a. "separators" (RFC2616)
+ * XXX: We need to verify that ASCII C0 ctrls/DEL in our EBCDIC table
+ * are captured by apr_iscntrl()
+ */
+ if (!c || apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c)
+ || !test_isascii_equiv(c)) {
flags |= T_HTTP_TOKEN_STOP;
}
+ /* Catch CTRLs other than VCHAR, HT and SP, and obs-text (RFC7230 3.2)
+ * This includes only the C0 plane, not C1 (which is obs-text itself.)
+ * XXX: We need to verify that ASCII C0 ctrls/DEL in our EBCDIC table
+ * are captured by apr_iscntrl()
+ */
+ if (!c || (apr_iscntrl(c) && c != '\t' && test_isascii_equiv(c))) {
+ flags |= T_HTTP_CTRLS;
+ }
+
/* For logging, escape all control characters,
* double quotes (because they delimit the request in the log file)
* backslashes (because we use backslash for escaping)
@@ -137,7 +197,7 @@ int main(int argc, char *argv[])
flags |= T_ESCAPE_FORENSIC;
}
- printf("%u%c", flags, (c < 255) ? ',' : ' ');
+ printf("0x%02x%c", flags, (c < 255) ? ',' : ' ');
}
printf("\n};\n");
Modified: httpd/httpd/branches/2.4.x-merge-http-strict/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-merge-http-strict/server/protocol.c?rev=1769649&r1=1769648&r2=1769649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-merge-http-strict/server/protocol.c (original)
+++ httpd/httpd/branches/2.4.x-merge-http-strict/server/protocol.c Mon Nov 14 15:29:20 2016
@@ -743,6 +743,16 @@ static int read_request_line(request_rec
return 1;
}
+/* get the length of the field name for logging, but no more than 80 bytes */
+#define LOG_NAME_MAX_LEN 80
+static int field_name_len(const char *field)
+{
+ const char *end = ap_strchr_c(field, ':');
+ if (end == NULL || end - field > LOG_NAME_MAX_LEN)
+ return LOG_NAME_MAX_LEN;
+ return end - field;
+}
+
static int table_do_fn_check_lengths(void *r_, const char *key,
const char *value)
{
@@ -752,26 +762,13 @@ static int table_do_fn_check_lengths(voi
r->status = HTTP_BAD_REQUEST;
apr_table_setn(r->notes, "error-notes",
- apr_pstrcat(r->pool, "Size of a request header field "
- "after merging exceeds server limit.<br />"
- "\n<pre>\n",
- ap_escape_html(r->pool, key),
- "</pre>\n", NULL));
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00560) "Request header "
- "exceeds LimitRequestFieldSize after merging: %s", key);
+ "Size of a request header field exceeds server limit.");
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00560) "Request "
+ "header exceeds LimitRequestFieldSize after merging: %.*s",
+ field_name_len(key), key);
return 0;
}
-/* get the length of the field name for logging, but no more than 80 bytes */
-#define LOG_NAME_MAX_LEN 80
-static int field_name_len(const char *field)
-{
- const char *end = ap_strchr_c(field, ':');
- if (end == NULL || end - field > LOG_NAME_MAX_LEN)
- return LOG_NAME_MAX_LEN;
- return end - field;
-}
-
AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
{
char *last_field = NULL;
@@ -790,7 +787,6 @@ AP_DECLARE(void) ap_get_mime_headers_cor
*/
while(1) {
apr_status_t rv;
- int folded = 0;
field = NULL;
rv = ap_rgetline(&field, r->server->limit_req_fieldsize + 2,
@@ -811,103 +807,126 @@ AP_DECLARE(void) ap_get_mime_headers_cor
* exceeds the configured limit for a field size.
*/
if (rv == APR_ENOSPC) {
- const char *field_escaped;
- if (field && len) {
- /* ensure ap_escape_html will terminate correctly */
- field[len - 1] = '\0';
- field_escaped = ap_escape_html(r->pool, field);
- }
- else {
- field_escaped = field = "";
- }
-
apr_table_setn(r->notes, "error-notes",
- apr_psprintf(r->pool,
- "Size of a request header field "
- "exceeds server limit.<br />\n"
- "<pre>\n%.*s\n</pre>\n",
- field_name_len(field_escaped),
- field_escaped));
+ "Size of a request header field "
+ "exceeds server limit.");
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00561)
"Request header exceeds LimitRequestFieldSize%s"
"%.*s",
- *field ? ": " : "",
- field_name_len(field), field);
+ (field && *field) ? ": " : "",
+ (field) ? field_name_len(field) : 0,
+ (field) ? field : "");
}
return;
}
- if (last_field != NULL) {
- if ((len > 0) && ((*field == '\t') || *field == ' ')) {
- /* This line is a continuation of the preceding line(s),
- * so append it to the line that we've set aside.
- * Note: this uses a power-of-two allocator to avoid
- * doing O(n) allocs and using O(n^2) space for
- * continuations that span many many lines.
- */
- apr_size_t fold_len = last_len + len + 1; /* trailing null */
+ /* For all header values, and all obs-fold lines, the presence of
+ * additional whitespace is a no-op, so collapse trailing whitespace
+ * to save buffer allocation and optimize copy operations.
+ * Do not remove the last single whitespace under any condition.
+ */
+ while (len > 1 && (field[len-1] == '\t' || field[len-1] == ' ')) {
+ field[--len] = '\0';
+ }
- if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) {
- const char *field_escaped;
+ if (*field == '\t' || *field == ' ') {
- r->status = HTTP_BAD_REQUEST;
- /* report what we have accumulated so far before the
- * overflow (last_field) as the field with the problem
- */
- field_escaped = ap_escape_html(r->pool, last_field);
- apr_table_setn(r->notes, "error-notes",
- apr_psprintf(r->pool,
- "Size of a request header field "
- "after folding "
- "exceeds server limit.<br />\n"
- "<pre>\n%.*s\n</pre>\n",
- field_name_len(field_escaped),
- field_escaped));
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00562)
- "Request header exceeds LimitRequestFieldSize "
- "after folding: %.*s",
- field_name_len(last_field), last_field);
- return;
- }
+ /* Append any newly-read obs-fold line onto the preceding
+ * last_field line we are processing
+ */
+ apr_size_t fold_len;
+
+ if (last_field == NULL) {
+ r->status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
+ "Line folding encountered before first"
+ " header line");
+ return;
+ }
+ if (field[1] == '\0') {
+ r->status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
+ "Empty folded line encountered");
+ return;
+ }
+
+ /* Leading whitespace on an obs-fold line can be
+ * similarly discarded */
+ while (field[1] == '\t' || field[1] == ' ') {
+ ++field; --len;
+ }
+
+ /* This line is a continuation of the preceding line(s),
+ * so append it to the line that we've set aside.
+ * Note: this uses a power-of-two allocator to avoid
+ * doing O(n) allocs and using O(n^2) space for
+ * continuations that span many many lines.
+ */
+ fold_len = last_len + len + 1; /* trailing null */
+
+ if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) {
+ r->status = HTTP_BAD_REQUEST;
+ /* report what we have accumulated so far before the
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+ "Size of a request header field "
+ "exceeds server limit.");
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00562)
+ "Request header exceeds LimitRequestFieldSize "
+ "after folding: %.*s",
+ field_name_len(last_field), last_field);
+ return;
+ }
+
+ if (fold_len > alloc_len) {
+ char *fold_buf;
+ alloc_len += alloc_len;
if (fold_len > alloc_len) {
- char *fold_buf;
- alloc_len += alloc_len;
- if (fold_len > alloc_len) {
- alloc_len = fold_len;
- }
- fold_buf = (char *)apr_palloc(r->pool, alloc_len);
- memcpy(fold_buf, last_field, last_len);
- last_field = fold_buf;
+ alloc_len = fold_len;
}
- memcpy(last_field + last_len, field, len +1); /* +1 for nul */
- last_len += len;
- folded = 1;
+ fold_buf = (char *)apr_palloc(r->pool, alloc_len);
+ memcpy(fold_buf, last_field, last_len);
+ last_field = fold_buf;
+ }
+ memcpy(last_field + last_len, field, len +1); /* +1 for nul */
+ /* Replace obs-fold w/ SP per RFC 7230 3.2.4 */
+ if (conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) {
+ last_field[last_len] = ' ';
}
- else /* not a continuation line */ {
+ last_len += len;
- if (r->server->limit_req_fields
+ /* We've appended this obs-fold line to last_len, proceed to
+ * read the next input line
+ */
+ continue;
+ }
+ else if (last_field != NULL) {
+
+ /* Process the previous last_field header line with all obs-folded
+ * segments already concatinated (this is not operating on the
+ * most recently read input line).
+ */
+
+ if (r->server->limit_req_fields
&& (++fields_read > r->server->limit_req_fields)) {
- r->status = HTTP_BAD_REQUEST;
- apr_table_setn(r->notes, "error-notes",
- "The number of request header fields "
- "exceeds this server's limit.");
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00563)
- "Number of request headers exceeds "
- "LimitRequestFields");
- return;
- }
+ r->status = HTTP_BAD_REQUEST;
+ apr_table_setn(r->notes, "error-notes",
+ "The number of request header fields "
+ "exceeds this server's limit.");
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00563)
+ "Number of request headers exceeds "
+ "LimitRequestFields");
+ return;
+ }
+
+ if (!(conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT))
+ {
+ /* Not Strict, using the legacy parser */
- if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
- r->status = HTTP_BAD_REQUEST; /* abort bad request */
- apr_table_setn(r->notes, "error-notes",
- apr_psprintf(r->pool,
- "Request header field is "
- "missing ':' separator.<br />\n"
- "<pre>\n%.*s</pre>\n",
- (int)LOG_NAME_MAX_LEN,
- ap_escape_html(r->pool,
- last_field)));
+ if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
+ r->status = HTTP_BAD_REQUEST; /* abort bad request */
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00564)
"Request header field is missing ':' "
"separator: %.*s", (int)LOG_NAME_MAX_LEN,
@@ -920,74 +939,70 @@ AP_DECLARE(void) ap_get_mime_headers_cor
*value++ = '\0'; /* NUL-terminate at colon */
while (*value == ' ' || *value == '\t') {
- ++value; /* Skip to start of value */
+ ++value; /* Skip to start of value */
}
/* Strip LWS after field-name: */
while (tmp_field > last_field
- && (*tmp_field == ' ' || *tmp_field == '\t')) {
+ && (*tmp_field == ' ' || *tmp_field == '\t')) {
*tmp_field-- = '\0';
}
-
- /* Strip LWS after field-value: */
- tmp_field = last_field + last_len - 1;
- while (tmp_field > value
- && (*tmp_field == ' ' || *tmp_field == '\t')) {
- *tmp_field-- = '\0';
+ }
+ else /* Using strict RFC7230 parsing */
+ {
+ /* Ensure valid token chars before ':' per RFC 7230 3.2.4 */
+ value = (char *)ap_scan_http_token(last_field);
+ if ((value == last_field) || *value != ':') {
+ r->status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02426)
+ "Request header field name is malformed: "
+ "%.*s", (int)LOG_NAME_MAX_LEN, last_field);
+ return;
}
- if (conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) {
- int err = 0;
+ *value++ = '\0'; /* NUL-terminate last_field name at ':' */
- if (*last_field == '\0') {
- err = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02425)
- "Empty request header field name not allowed");
- }
- else if (ap_has_cntrl(last_field)) {
- err = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02426)
- "[HTTP strict] Request header field name contains "
- "control character: %.*s",
- (int)LOG_NAME_MAX_LEN, last_field);
- }
- else if (ap_has_cntrl(value)) {
- err = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02427)
- "Request header field '%.*s' contains "
- "control character", (int)LOG_NAME_MAX_LEN,
- last_field);
- }
- if (err && !(conf->http_conformance & AP_HTTP_CONFORMANCE_LOGONLY)) {
- r->status = err;
- return;
- }
+ while (*value == ' ' || *value == '\t') {
+ ++value; /* Skip LWS of value */
}
- apr_table_addn(r->headers_in, last_field, value);
- /* reset the alloc_len so that we'll allocate a new
- * buffer if we have to do any more folding: we can't
- * use the previous buffer because its contents are
- * now part of r->headers_in
+ /* Find invalid, non-HT ctrl char, or the trailing NULL */
+ tmp_field = (char *)ap_scan_http_field_content(value);
+
+ /* Reject value for all garbage input (CTRLs excluding HT)
+ * e.g. only VCHAR / SP / HT / obs-text are allowed per
+ * RFC7230 3.2.6 - leave all more explicit rule enforcement
+ * for specific header handler logic later in the cycle
*/
- alloc_len = 0;
+ if (*tmp_field != '\0') {
+ r->status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02427)
+ "Request header value is malformed: "
+ "%.*s", (int)LOG_NAME_MAX_LEN, value);
+ return;
+ }
+ }
+
+ apr_table_addn(r->headers_in, last_field, value);
- } /* end if current line is not a continuation starting with tab */
+ /* This last_field header is now stored in headers_in,
+ * resume processing of the current input line.
+ */
}
- /* Found a blank line, stop. */
+ /* Found the terminating empty end-of-headers line, stop. */
if (len == 0) {
break;
}
- /* Keep track of this line so that we can parse it on
- * the next loop iteration. (In the folded case, last_field
- * has been updated already.)
+ /* Keep track of this new header line so that we can extend it across
+ * any obs-fold or parse it on the next loop iteration. We referenced
+ * our previously allocated buffer in r->headers_in,
+ * so allocate a fresh buffer if required.
*/
- if (!folded) {
- last_field = field;
- last_len = len;
- }
+ alloc_len = 0;
+ last_field = field;
+ last_len = len;
}
/* Combine multiple message-header fields with the same
@@ -1083,7 +1098,7 @@ request_rec *ap_read_request(conn_rec *c
}
else if (r->method == NULL) {
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00566)
- "request failed: invalid characters in URI");
+ "request failed: malformed request line");
}
access_status = r->status;
r->status = HTTP_OK;
Modified: httpd/httpd/branches/2.4.x-merge-http-strict/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x-merge-http-strict/server/util.c?rev=1769649&r1=1769648&r2=1769649&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x-merge-http-strict/server/util.c (original)
+++ httpd/httpd/branches/2.4.x-merge-http-strict/server/util.c Mon Nov 14 15:29:20 2016
@@ -79,7 +79,7 @@
* char in here and get it to work, because if char is signed then it
* will first be sign extended.
*/
-#define TEST_CHAR(c, f) (test_char_table[(unsigned)(c)] & (f))
+#define TEST_CHAR(c, f) (test_char_table[(unsigned char)(c)] & (f))
/* Win32/NetWare/OS2 need to check for both forward and back slashes
* in ap_getparents() and ap_escape_url.
@@ -1525,7 +1525,7 @@ AP_DECLARE(const char *) ap_parse_token_
while (!string_end) {
const unsigned char c = (unsigned char)*cur;
- if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP) && c != '\0') {
+ if (!TEST_CHAR(c, T_HTTP_TOKEN_STOP)) {
/* Non-separator character; we are finished with leading
* whitespace. We must never have encountered any trailing
* whitespace before the delimiter (comma) */
@@ -1593,6 +1593,46 @@ AP_DECLARE(const char *) ap_parse_token_
return NULL;
}
+/* Scan a string for HTTP VCHAR/obs-text characters including HT and SP
+ * (as used in header values, for example, in RFC 7230 section 3.2)
+ * returning the pointer to the first non-HT ASCII ctrl character.
+ */
+AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr)
+{
+ for ( ; !TEST_CHAR(*ptr, T_HTTP_CTRLS); ++ptr) ;
+
+ return ptr;
+}
+
+/* Scan a string for HTTP token characters, returning the pointer to
+ * the first non-token character.
+ */
+AP_DECLARE(const char *) ap_scan_http_token(const char *ptr)
+{
+ for ( ; !TEST_CHAR(*ptr, T_HTTP_TOKEN_STOP); ++ptr) ;
+
+ return ptr;
+}
+
+/* Retrieve a token, advancing the pointer to the first non-token character
+ * and returning a copy of the token string.
+ * The caller must handle whitespace and determine the meaning of the
+ * terminating character. Returns NULL if the character at **ptr is not
+ * a valid token character.
+ */
+AP_DECLARE(char *) ap_get_http_token(apr_pool_t *p, const char **ptr)
+{
+ const char *tok_end = ap_scan_http_token(*ptr);
+ char *tok;
+
+ if (tok_end == *ptr)
+ return NULL;
+
+ tok = apr_pstrmemdup(p, *ptr, tok_end - *ptr);
+ *ptr = tok_end;
+ return tok;
+}
+
/* Retrieve a token, spacing over it and returning a pointer to
* the first non-white byte afterwards. Note that these tokens
* are delimited by semis and commas; and can also be delimited