You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2011/02/08 11:01:42 UTC
svn commit: r1068309 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS
docs/ docs/conf/mime.types docs/manual/mod/mod_autoindex.xml
modules/dav/main/mod_dav.c support/ab.c support/suexec.c
Author: rpluem
Date: Tue Feb 8 10:01:42 2011
New Revision: 1068309
URL: http://svn.apache.org/viewvc?rev=1068309&view=rev
Log:
Merge r1026743 from trunk:
If a malformed Content-Range header is received for a PUT request, we
must not use the supplied content per RFC 2616 14.16. Send 400 response
instead of ignoring the Content-Range.
PR: 49825
Submitted by: sf
Reviewed by: rpluem, jorton, covener
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/docs/ (props changed)
httpd/httpd/branches/2.2.x/docs/conf/mime.types (props changed)
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.xml (props changed)
httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c
httpd/httpd/branches/2.2.x/support/ab.c (props changed)
httpd/httpd/branches/2.2.x/support/suexec.c (props changed)
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,823536,823563,891282,932791,942209,953311,955966,992625,1031551
+/httpd/httpd/trunk:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,823536,823563,891282,932791,942209,953311,955966,992625,1026743,1031551
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1068309&r1=1068308&r2=1068309&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Feb 8 10:01:42 2011
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) mod_dav: Send 400 error if malformed Content-Range header is received for
+ a put request (RFC 2616 14.16). PR 49825. [Stefan Fritsch]
+
*) mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
PR 44076 [Eric Covener]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1068309&r1=1068308&r2=1068309&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Feb 8 10:01:42 2011
@@ -98,16 +98,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.2.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-304-fix-2.patch
+1: minfrin, jim, covener
- * mod_dav: If a malformed Content-Range header is received for a PUT request,
- we must not use the supplied content per RFC 2616 14.16. Send 400 response
- instead of ignoring the Content-Range.
- PR: 49825
- Trunk version of patch:
- http://svn.apache.org/viewvc?rev=1026743&view=rev
- Backport version for 2.2.x of patch:
- Trunk version of patch works
- +1: rpluem, jorton, covener
-
* mod_dav: If an unknown Content-* header is received for a PUT request, we
must not ignore it but reply with 501 per RFC 2616 9.6.
PR: 42978
Propchange: httpd/httpd/branches/2.2.x/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/docs:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625
+/httpd/httpd/trunk/docs:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743
Propchange: httpd/httpd/branches/2.2.x/docs/conf/mime.types
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/docs/conf/mime.types:83749-896271,942209,955966,992625
+/httpd/httpd/trunk/docs/conf/mime.types:83749-896271,942209,955966,992625,1026743
Propchange: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_autoindex.xml
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/docs/manual/mod/mod_autoindex.xml:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1059559-1059589
+/httpd/httpd/trunk/docs/manual/mod/mod_autoindex.xml:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,675610,678761,680082,681190,682369,683626,684351,685112,686549,686805,686809,687099,687754,692325,693120,693392,693727-693728,696006,697093,703441,703997,706318,707163,708902,711421,719357,720250,726109,728015,728020,728220,729316-729317,729586,732414,732421,732451,732504,732832,733127,733134,733218-733219,733465,733467,733695,734703,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743,1059559-1059589
Modified: httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c?rev=1068309&r1=1068308&r2=1068309&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c (original)
+++ httpd/httpd/branches/2.2.x/modules/dav/main/mod_dav.c Tue Feb 8 10:01:42 2011
@@ -761,6 +761,11 @@ static dav_error * dav_open_lockdb(reque
return (*hooks->open_lockdb)(r, ro, 0, lockdb);
}
+/**
+ * @return 1 if valid content-range,
+ * 0 if no content-range,
+ * -1 if malformed content-range
+ */
static int dav_parse_range(request_rec *r,
apr_off_t *range_start, apr_off_t *range_end)
{
@@ -778,21 +783,20 @@ static int dav_parse_range(request_rec *
if (strncasecmp(range, "bytes ", 6) != 0
|| (dash = ap_strchr(range, '-')) == NULL
|| (slash = ap_strchr(range, '/')) == NULL) {
- /* malformed header. ignore it (per S14.16 of RFC2616) */
- return 0;
+ /* malformed header */
+ return -1;
}
*dash++ = *slash++ = '\0';
- /* ignore invalid ranges. (per S14.16 of RFC2616) */
+ /* detect invalid ranges */
if (apr_strtoff(range_start, range + 6, &errp, 10)
|| *errp || *range_start < 0) {
- return 0;
+ return -1;
}
-
if (apr_strtoff(range_end, dash, &errp, 10)
|| *errp || *range_end < 0 || *range_end < *range_start) {
- return 0;
+ return -1;
}
if (*slash != '*') {
@@ -800,7 +804,7 @@ static int dav_parse_range(request_rec *
if (apr_strtoff(&dummy, slash, &errp, 10)
|| *errp || dummy <= *range_end) {
- return 0;
+ return -1;
}
}
@@ -939,6 +943,22 @@ static int dav_method_put(request_rec *r
return dav_handle_err(r, err, multi_response);
}
+ has_range = dav_parse_range(r, &range_start, &range_end);
+ if (has_range < 0) {
+ /* RFC 2616 14.16: If we receive an invalid Content-Range we must
+ * not use the content.
+ */
+ body = apr_psprintf(r->pool,
+ "Malformed Content-Range header for PUT %s.",
+ ap_escape_html(r->pool, r->uri));
+ return dav_error_response(r, HTTP_BAD_REQUEST, body);
+ } else if (has_range) {
+ mode = DAV_MODE_WRITE_SEEKABLE;
+ }
+ else {
+ mode = DAV_MODE_WRITE_TRUNC;
+ }
+
/* make sure the resource can be modified (if versioning repository) */
if ((err = dav_auto_checkout(r, resource,
0 /* not parent_only */,
@@ -947,14 +967,6 @@ static int dav_method_put(request_rec *r
return dav_handle_err(r, err, NULL);
}
- /* truncate and rewrite the file unless we see a Content-Range */
- mode = DAV_MODE_WRITE_TRUNC;
-
- has_range = dav_parse_range(r, &range_start, &range_end);
- if (has_range) {
- mode = DAV_MODE_WRITE_SEEKABLE;
- }
-
/* Create the new file in the repository */
if ((err = (*resource->hooks->open_stream)(resource, mode,
&stream)) != NULL) {
Propchange: httpd/httpd/branches/2.2.x/support/ab.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/support/ab.c:83751-655654,657354,657433,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625
+/httpd/httpd/trunk/support/ab.c:83751-655654,657354,657433,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743
Propchange: httpd/httpd/branches/2.2.x/support/suexec.c
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Feb 8 10:01:42 2011
@@ -1 +1 @@
-/httpd/httpd/trunk/support/suexec.c:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,655711,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625
+/httpd/httpd/trunk/support/suexec.c:395552,417988,451572,583817,583830,611483,630858,639005,639010,647395,655711,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,719357,720250,729316-729317,729586,732414,732504,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,891282,942209,955966,992625,1026743