You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by yl...@apache.org on 2015/06/14 01:35:05 UTC

svn commit: r1685345 - /httpd/httpd/trunk/modules/http/http_filters.c

Author: ylavic
Date: Sat Jun 13 23:35:04 2015
New Revision: 1685345

URL: http://svn.apache.org/r1685345
Log:
Follow up to r1684513: allow spaces before and after chunk-size.
Slightly modified version of trawick's proposal.

Modified:
    httpd/httpd/trunk/modules/http/http_filters.c

Modified: httpd/httpd/trunk/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1685345&r1=1685344&r2=1685345&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http/http_filters.c (original)
+++ httpd/httpd/trunk/modules/http/http_filters.c Sat Jun 13 23:35:04 2015
@@ -71,10 +71,11 @@ typedef struct http_filter_ctx
         BODY_CHUNK, /* chunk expected */
         BODY_CHUNK_PART, /* chunk digits */
         BODY_CHUNK_EXT, /* chunk extension */
-        BODY_CHUNK_LF, /* got CR, expect LF after digits/extension */
+        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */
+        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */
         BODY_CHUNK_DATA, /* data constrained by chunked encoding */
         BODY_CHUNK_END, /* chunked data terminating CRLF */
-        BODY_CHUNK_END_LF, /* got CR, expect LF after data */
+        BODY_CHUNK_END_LF, /* got CR after data, expect LF */
         BODY_CHUNK_TRAILER /* trailers */
     } state;
     unsigned int eos_sent :1;
@@ -119,6 +120,10 @@ static apr_status_t parse_chunk_size(htt
 
         /* handle start of the chunk */
         if (ctx->state == BODY_CHUNK) {
+            if (c == ' ' || c == '\t') {
+                i++;
+                continue;
+            }
             if (!apr_isxdigit(c)) {
                 /*
                  * Detect invalid character at beginning. This also works for
@@ -162,6 +167,15 @@ static apr_status_t parse_chunk_size(htt
                 return APR_EINVAL;
             }
         }
+        else if (c == ' ' || c == '\t') {
+            ctx->state = BODY_CHUNK_CR;
+        }
+        else if (ctx->state == BODY_CHUNK_CR) {
+            /*
+             * ';', CR or LF expected.
+             */
+            return APR_EINVAL;
+        }
         else if (ctx->state == BODY_CHUNK_PART) {
             int xvalue;