core: Fix up botched status lines (mismatch with r->status or
just badly formatted)
reviewed by: jerenkrantz, jorton
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@385581
13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.1
+ *) Ensure that the proper status line is written to the client, fixing
+ incorrect status lines caused by filters which modify r->status without
+ resetting r->status_line, such as the built-in byterange filter.
+ [Jeff Trawick]
+
*) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick]
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
URL: http://people.apache.org/~wrowe/fixldap_mask.patch
+1: wrowe
- * core: Fix up botched status lines (mismatch with r->status or
- just badly formatted)
- Trunk version of patch, which applies fine:
- http://svn.apache.org/viewcvs?rev=379562&view=rev
- +1: trawick, jerenkrantz, jorton
-
* mod_include: APR_FILEPATH_NOTABOVEROOT was undefined with
a left-hand NULL or empty path. The SECUREROOTPATH and
NOTABSOLUTE tests are sufficient for this application.
#endif
}
+/* Confirm that the status line is well-formed and matches r->status.
+ * If they don't match, a filter may have negated the status line set by a
+ * handler.
+ * Zap r->status_line if bad.
+ */
+static void validate_status_line(request_rec *r)
+{
+ char *end;
+
+ if (r->status_line
+ && (strlen(r->status_line) <= 4
+ || apr_strtoi64(r->status_line, &end, 10) != r->status
+ || *end != ' '
+ || (end - 3) != r->status_line)) {
+ r->status_line = NULL;
+ }
+}
+
/*
* Determine the protocol to use for the response. Potentially downgrade
* to HTTP/1.0 in some situations and/or turn off keepalives.
return;
}
+ validate_status_line(r);
+
if (!r->status_line) {
r->status_line = ap_get_status_line(r->status);
}
projects / thirdparty / apache / httpd.git / commitdiff
