You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Yann Ylavic <yl...@gmail.com> on 2016/08/05 11:25:21 UTC
Re: svn commit: r1755263 - in /httpd/httpd/trunk: docs/log-message-tags/next-number
server/protocol.c
On Fri, Aug 5, 2016 at 11:08 AM, <wr...@apache.org> wrote:
> Author: wrowe
> Date: Fri Aug 5 09:08:35 2016
> New Revision: 1755263
>
> URL: http://svn.apache.org/viewvc?rev=1755263&view=rev
> Log:
> Treat an empty obs-fold line as abusive traffic
>
> Modified:
> httpd/httpd/trunk/docs/log-message-tags/next-number
> httpd/httpd/trunk/server/protocol.c
>
> Modified: httpd/httpd/trunk/docs/log-message-tags/next-number
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/log-message-tags/next-number?rev=1755263&r1=1755262&r2=1755263&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/log-message-tags/next-number (original)
> +++ httpd/httpd/trunk/docs/log-message-tags/next-number Fri Aug 5 09:08:35 2016
> @@ -1 +1 @@
> -3443
> +3444
>
> Modified: httpd/httpd/trunk/server/protocol.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1755263&r1=1755262&r2=1755263&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/server/protocol.c (original)
> +++ httpd/httpd/trunk/server/protocol.c Fri Aug 5 09:08:35 2016
> @@ -853,17 +853,22 @@ AP_DECLARE(void) ap_get_mime_headers_cor
> if (last_field == NULL) {
> r->status = HTTP_BAD_REQUEST;
> ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
> - "Line folding encounterd before first"
> + "Line folding encountered before first"
> " header line");
> return;
> }
>
> - if (field[1] != '\0') {
> - /* ...and leading whitespace on an obs-fold line can be
> - * similarly discarded */
> - while (field[1] == '\t' || field[1] == ' ') {
> - ++field; --len;
> - }
> + if (field[1] == '\0') {
> + r->status = HTTP_BAD_REQUEST;
> + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
> + "Empty folded line encountered");
> + return;
> + }
> +
> + /* Leading whitespace on an obs-fold line can be
> + * similarly discarded */
> + while (field[1] == '\t' || field[1] == ' ') {
> + ++field; --len;
> }
Empty folded line can still happen here (after discarding obs-fold spaces).
So how about (based on latest trunk):
Index: server/protocol.c
===================================================================
--- server/protocol.c (revision 1755288)
+++ server/protocol.c (working copy)
@@ -844,7 +844,13 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
return;
}
- if (field[1] == '\0') {
+ /* Trailing whitespace on an obs-fold line can be
+ * similarly discarded */
+ do {
+ ++field; --len;
+ } while (*field == '\t' || *field == ' ');
+
+ if (*field == '\0') {
r->status = HTTP_BAD_REQUEST;
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
"Empty folded line encountered");
@@ -851,12 +857,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
return;
}
- /* Leading whitespace on an obs-fold line can be
- * similarly discarded */
- while (field[1] == '\t' || field[1] == ' ') {
- ++field; --len;
- }
-
/* This line is a continuation of the preceding line(s),
* so append it to the line that we've set aside.
* Note: this uses a power-of-two allocator to avoid
@@ -863,7 +863,7 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
* doing O(n) allocs and using O(n^2) space for
* continuations that span many many lines.
*/
- fold_len = last_len + len + 1; /* trailing null */
+ fold_len = last_len + len + 2; /* space + trailing null */
if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) {
r->status = HTTP_BAD_REQUEST;
@@ -890,11 +890,9 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_
memcpy(fold_buf, last_field, last_len);
last_field = fold_buf;
}
+ /* Replace obs-fold w/ SP per RFC 7230 3.2.4 */
+ last_field[last_len++] = ' ';
memcpy(last_field + last_len, field, len +1); /* +1 for nul */
- /* Replace obs-fold w/ SP per RFC 7230 3.2.4 */
- if (conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) {
- last_field[last_len] = ' ';
- }
last_len += len;
/* We've appended this obs-fold line to last_len, proceed to
?
Re: svn commit: r1755263 - in /httpd/httpd/trunk: docs/log-message-tags/next-number
server/protocol.c
Posted by Yann Ylavic <yl...@gmail.com>.
On Fri, Aug 5, 2016 at 1:25 PM, Yann Ylavic <yl...@gmail.com> wrote:
> On Fri, Aug 5, 2016 at 11:08 AM, <wr...@apache.org> wrote:
>>
>> - if (field[1] != '\0') {
>> - /* ...and leading whitespace on an obs-fold line can be
>> - * similarly discarded */
>> - while (field[1] == '\t' || field[1] == ' ') {
>> - ++field; --len;
>> - }
>> + if (field[1] == '\0') {
>> + r->status = HTTP_BAD_REQUEST;
>> + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
>> + "Empty folded line encountered");
>> + return;
>> + }
>> +
>> + /* Leading whitespace on an obs-fold line can be
>> + * similarly discarded */
>> + while (field[1] == '\t' || field[1] == ' ') {
>> + ++field; --len;
>> }
>
> Empty folded line can still happen here (after discarding obs-fold spaces).
Hmm no, sorry for the noise, trailing spaces discarding above would
have set field[1] = '\0'.