You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/05/05 06:43:25 UTC

[PATCH] error responses have wrong headers

Ok this started by doing this:

    touch /docroot/abc.txt; chmod 0 /docroot/abc.txt
    GET /abc.txt HTTP/1.0

The server responds with a 403, but the 403 response contains the
Content-Length, Last-Modified, etc. of /docroot/abc.txt.  This is because
the default_handler did set_last_modified and set_content_length before
it tried opening the file.  This patch reorders that.  There's a similar
fix needed in mod_include.

Ken, you might want to note in mod_example that handlers should avoid
setting headers until after they've checked for error conditions.
Otherwise they can have this same problem.

Then I wondered, gee what if I used def.txt.en there and did "GET
/def.txt HTTP/1.0" ?  Sure enough, the error response contained
"Content-Language: en".  Ditto for def.txt.gz and "Content-Encoding:
x-gzip".  But fixing this is a bit more subtle because those headers
are set by send_http_header().

The real problem here is that if there's no ErrorDocument listing a local
file (i.e. it's a text message, or an offsite redirect) then die() does
not construct a new request to serve the error.  But I figured doing
that is more complicated than we want to do right now.  I only unset
the content_language, and content_encoding fields.

Dean

Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.80
diff -c -3 -r1.80 http_core.c
*** http_core.c	1997/04/24 10:19:09	1.80
--- http_core.c	1997/05/05 04:33:48
***************
*** 1322,1331 ****
  	return NOT_FOUND;
      }
      if (r->method_number != M_GET) return METHOD_NOT_ALLOWED;
- 	
-     if ((errstatus = set_last_modified (r, r->finfo.st_mtime))
- 	|| (errstatus = set_content_length (r, r->finfo.st_size)))
-         return errstatus;
      
  #ifdef __EMX__
      /* Need binary mode for OS/2 */
--- 1322,1327 ----
***************
*** 1338,1343 ****
--- 1334,1343 ----
          log_reason("file permissions deny server access", r->filename, r);
          return FORBIDDEN;
      }
+ 	
+     if ((errstatus = set_last_modified (r, r->finfo.st_mtime))
+ 	|| (errstatus = set_content_length (r, r->finfo.st_size)))
+         return errstatus;
  
      if (d->content_md5 & 1) {
        table_set (r->headers_out, "Content-MD5", md5digest(r->pool, f));
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.47
diff -c -3 -r1.47 http_request.c
*** http_request.c	1997/04/07 11:47:05	1.47
--- http_request.c	1997/05/05 04:33:49
***************
*** 763,769 ****
      }
         
      r->status = type;
!     
      /* Two types of custom redirects --- plain text, and URLs.
       * Plain text has a leading '"', so the URL code, here, is triggered
       * on its absence
--- 763,779 ----
      }
         
      r->status = type;
! 
!     /* XXX: this is an awful thing to have to do here, in fact there are
!      * probably other cases that need this attention.  Essentially we're
!      * about to report an error, and if we don't do an internal_redirect
!      * below then we'll report the error with the wrong headers -- we'll
!      * use headers belonging to the original request.
!      */
!     r->content_language = NULL;
!     r->content_languages = NULL;
!     r->content_encoding = NULL;
! 
      /* Two types of custom redirects --- plain text, and URLs.
       * Plain text has a leading '"', so the URL code, here, is triggered
       * on its absence
Index: mod_include.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_include.c,v
retrieving revision 1.30
diff -c -3 -r1.30 mod_include.c
*** mod_include.c	1997/04/24 23:35:21	1.30
--- mod_include.c	1997/05/05 04:33:49
***************
*** 1740,1746 ****
                  : r->filename, r);
  	return NOT_FOUND;
      }
! 	
      if (*state == xbithack_full
  #ifndef __EMX__    
      /*  OS/2 dosen't support Groups. */
--- 1740,1751 ----
                  : r->filename, r);
  	return NOT_FOUND;
      }
! 
!     if(!(f=pfopen(r->pool, r->filename, "r"))) {
!         log_reason("file permissions deny server access", r->filename, r);
! 	return FORBIDDEN;
!     }
! 
      if (*state == xbithack_full
  #ifndef __EMX__    
      /*  OS/2 dosen't support Groups. */
***************
*** 1748,1759 ****
  #endif
  	&& (errstatus = set_last_modified (r, r->finfo.st_mtime)))
          return errstatus;
!     
!     if(!(f=pfopen(r->pool, r->filename, "r"))) {
!         log_reason("file permissions deny server access", r->filename, r);
! 	return FORBIDDEN;
!     }
!     
      send_http_header(r);
  
      if (r->header_only) {
--- 1753,1759 ----
  #endif
  	&& (errstatus = set_last_modified (r, r->finfo.st_mtime)))
          return errstatus;
! 
      send_http_header(r);
  
      if (r->header_only) {