Merge r674000 from trunk:

* Prevent Header edit from processing only the first header it should
  edit and deleting the remaining ones by iterating over all headers
  with the same name.

PR: 45333

Submitted by: rpluem
Reviewed by: rpluem, niq, mturk

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@684100 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index bab36c2007d82e254dad11a00d2bb43082d1d946..b43bbd0faeff0a5812f9d7cde8d397fde508890e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,10 @@ Changes with Apache 2.2.10
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_headers: Prevent Header edit from processing only the first header
+     of possibly multiple headers with the same name and deleting the
+     remaining ones. PR 45333.  [Ruediger Pluem]
+
   *) mod_proxy_balancer: Move nonce field in the balancer manager page inside
      the html form where it belongs. PR 45578. [Ruediger Pluem]
 

diff --git a/STATUS b/STATUS
index 72021a32fe01c49db55e5adb0bfeb9cc1a0c635a..b3d09c269f4d6fa9b950cbca4f83af761086c087 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -90,15 +90,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    http://svn.apache.org/viewvc?rev=639010&view=rev (mmn)
    +1: niq, rpluem, mturk
 
- * mod_headers: Prevent Header edit from processing only the first header it
-   should edit and deleting the remaining ones by iterating over all headers
-   with the same name. PR: 45333
-     Trunk version of patch:
-        http://svn.apache.org/viewvc?rev=674000&view=rev
-     Backport version for 2.2.x of patch:
-        Trunk version of patch works
-    +1: rpluem, niq, mturk
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index d35c44f14b299a44c328d1ee7daabd14d166e5ad..8e748fa9d7493c131333b94c6cd97f5f6776f5ce 100644 (file)
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -133,6 +133,13 @@ typedef struct {
     header_entry *hdr;
 } echo_do;
 
+/* edit_do is used for Header edit to iterate through the request headers */
+typedef struct {
+    apr_pool_t *p;
+    header_entry *hdr;
+    apr_table_t *t;
+} edit_do;
+
 /*
  * headers_conf is our per-module configuration. This is used as both
  * a per-dir and per-server config
@@ -578,6 +585,22 @@ static int echo_header(echo_do *v, const char *key, const char *val)
     return 1;
 }
 
+static int edit_header(void *v, const char *key, const char *val)
+{
+    edit_do *ed = (edit_do *)v;
+
+    apr_table_addn(ed->t, key, process_regexp(ed->hdr, val, ed->p));
+    return 1;
+}
+
+static int add_them_all(void *v, const char *key, const char *val)
+{
+    apr_table_t *headers = (apr_table_t *)v;
+
+    apr_table_addn(headers, key, val);
+    return 1;
+}
+
 static void do_headers_fixup(request_rec *r, apr_table_t *headers,
                              apr_array_header_t *fixup, int early)
 {
@@ -669,10 +692,16 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers,
                          echo_header, (void *) &v, r->headers_in, NULL);
             break;
         case hdr_edit:
-            val = apr_table_get(headers, hdr->header);
-            if (val != NULL) {
-                apr_table_setn(headers, hdr->header,
-                               process_regexp(hdr, val, r->pool));
+            if (apr_table_get(headers, hdr->header)) {
+                edit_do ed;
+
+                ed.p = r->pool;
+                ed.hdr = hdr;
+                ed.t = apr_table_make(r->pool, 5);
+                apr_table_do(edit_header, (void *) &ed, headers, hdr->header,
+                             NULL);
+                apr_table_unset(headers, hdr->header);
+                apr_table_do(add_them_all, (void *) headers, ed.t, NULL);
             }
             break;
         }