From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 3 Aug 2016 16:46:20 +0000 (+0000)
Subject: Clean up an edge case where obs-fold continuation preceeds the first header.
X-Git-Tag: 2.5.0-alpha~1340
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0a8addebb095f6f27d5ca1f41dbbdd304c539958;p=thirdparty%2Fapache%2Fhttpd.git

Clean up an edge case where obs-fold continuation preceeds the first header.

This patch restructures the loop for legibility with a loop continuation,
allowing us to flatten all of this hard-to-follow code. The subsequent
patch will be a whitespace-only change for formatting.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1755098 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index b3d97ff871b..b65d63da78b 100644
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-3442
+3443
diff --git a/server/protocol.c b/server/protocol.c
index 60be6fb12ae..7f057b6059a 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -835,8 +835,15 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
             return;
         }
 
-        if (last_field != NULL) {
-            if ((len > 0) && ((*field == '\t') || *field == ' ')) {
+        if ((len > 0) && ((*field == '\t') || *field == ' ')) {
+            if (last_field == NULL) {
+                r->status = HTTP_BAD_REQUEST;
+                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
+                              "Line folding encounterd before first"
+                              " header line");
+                return;
+            }
+
                 /* This line is a continuation of the preceding line(s),
                  * so append it to the line that we've set aside.
                  * Note: this uses a power-of-two allocator to avoid
@@ -885,8 +892,10 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
                 }
                 last_len += len;
                 folded = 1;
-            }
-            else /* not a continuation line */ {
+                continue;
+        }
+
+                /* not a continuation line */
 
                 if (r->server->limit_req_fields
                     && (++fields_read > r->server->limit_req_fields)) {
@@ -1009,8 +1018,7 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
                  */
                 alloc_len = 0;
 
-            } /* end if current line is not a continuation starting with tab */
-        }
+        /* end of logic where current line was not a continuation line */
 
         /* Found a blank line, stop. */
         if (len == 0) {