You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/05/05 06:43:25 UTC
[PATCH] error responses have wrong headers
Ok this started by doing this:
touch /docroot/abc.txt; chmod 0 /docroot/abc.txt
GET /abc.txt HTTP/1.0
The server responds with a 403, but the 403 response contains the
Content-Length, Last-Modified, etc. of /docroot/abc.txt. This is because
the default_handler did set_last_modified and set_content_length before
it tried opening the file. This patch reorders that. There's a similar
fix needed in mod_include.
Ken, you might want to note in mod_example that handlers should avoid
setting headers until after they've checked for error conditions.
Otherwise they can have this same problem.
Then I wondered, gee what if I used def.txt.en there and did "GET
/def.txt HTTP/1.0" ? Sure enough, the error response contained
"Content-Language: en". Ditto for def.txt.gz and "Content-Encoding:
x-gzip". But fixing this is a bit more subtle because those headers
are set by send_http_header().
The real problem here is that if there's no ErrorDocument listing a local
file (i.e. it's a text message, or an offsite redirect) then die() does
not construct a new request to serve the error. But I figured doing
that is more complicated than we want to do right now. I only unset
the content_language, and content_encoding fields.
Dean
Index: http_core.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_core.c,v
retrieving revision 1.80
diff -c -3 -r1.80 http_core.c
*** http_core.c 1997/04/24 10:19:09 1.80
--- http_core.c 1997/05/05 04:33:48
***************
*** 1322,1331 ****
return NOT_FOUND;
}
if (r->method_number != M_GET) return METHOD_NOT_ALLOWED;
-
- if ((errstatus = set_last_modified (r, r->finfo.st_mtime))
- || (errstatus = set_content_length (r, r->finfo.st_size)))
- return errstatus;
#ifdef __EMX__
/* Need binary mode for OS/2 */
--- 1322,1327 ----
***************
*** 1338,1343 ****
--- 1334,1343 ----
log_reason("file permissions deny server access", r->filename, r);
return FORBIDDEN;
}
+
+ if ((errstatus = set_last_modified (r, r->finfo.st_mtime))
+ || (errstatus = set_content_length (r, r->finfo.st_size)))
+ return errstatus;
if (d->content_md5 & 1) {
table_set (r->headers_out, "Content-MD5", md5digest(r->pool, f));
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.47
diff -c -3 -r1.47 http_request.c
*** http_request.c 1997/04/07 11:47:05 1.47
--- http_request.c 1997/05/05 04:33:49
***************
*** 763,769 ****
}
r->status = type;
!
/* Two types of custom redirects --- plain text, and URLs.
* Plain text has a leading '"', so the URL code, here, is triggered
* on its absence
--- 763,779 ----
}
r->status = type;
!
! /* XXX: this is an awful thing to have to do here, in fact there are
! * probably other cases that need this attention. Essentially we're
! * about to report an error, and if we don't do an internal_redirect
! * below then we'll report the error with the wrong headers -- we'll
! * use headers belonging to the original request.
! */
! r->content_language = NULL;
! r->content_languages = NULL;
! r->content_encoding = NULL;
!
/* Two types of custom redirects --- plain text, and URLs.
* Plain text has a leading '"', so the URL code, here, is triggered
* on its absence
Index: mod_include.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_include.c,v
retrieving revision 1.30
diff -c -3 -r1.30 mod_include.c
*** mod_include.c 1997/04/24 23:35:21 1.30
--- mod_include.c 1997/05/05 04:33:49
***************
*** 1740,1746 ****
: r->filename, r);
return NOT_FOUND;
}
!
if (*state == xbithack_full
#ifndef __EMX__
/* OS/2 dosen't support Groups. */
--- 1740,1751 ----
: r->filename, r);
return NOT_FOUND;
}
!
! if(!(f=pfopen(r->pool, r->filename, "r"))) {
! log_reason("file permissions deny server access", r->filename, r);
! return FORBIDDEN;
! }
!
if (*state == xbithack_full
#ifndef __EMX__
/* OS/2 dosen't support Groups. */
***************
*** 1748,1759 ****
#endif
&& (errstatus = set_last_modified (r, r->finfo.st_mtime)))
return errstatus;
!
! if(!(f=pfopen(r->pool, r->filename, "r"))) {
! log_reason("file permissions deny server access", r->filename, r);
! return FORBIDDEN;
! }
!
send_http_header(r);
if (r->header_only) {
--- 1753,1759 ----
#endif
&& (errstatus = set_last_modified (r, r->finfo.st_mtime)))
return errstatus;
!
send_http_header(r);
if (r->header_only) {