Merge r354630 from trunk:

author Paul Querna <pquerna@apache.org>

Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)

committer Paul Querna <pquerna@apache.org>

Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)
author Paul Querna <pquerna@apache.org>
Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)
committer Paul Querna <pquerna@apache.org>
Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)
diff --git a/CHANGES b/CHANGES

index 49cf050167f663674e6c3a2846a7626488270945..483e8fde77ce3a812bb06441dd61d95c16f7116d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,9 @@ Changes with Apache 2.2.1
       made to ap_escape_html so we escape quotes.  Reported by JPCERT.
       [Mark Cox]
  
+  *) http: If a connection is aborted while waiting for a chunked line, 
+     flag the connection as errored out.  [Justin Erenkrantz]
+
    *) core: Reject invalid Expect header immediately. PR 38123.
       [Ruediger Pluem]
  
diff --git a/STATUS b/STATUS

index 1cb6d7ba60b9bdb00973166991f681735fde71e9..8397b606d1815960916af2d5cd2ca14ed1b7f3ae 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -75,14 +75,6 @@ RELEASE SHOWSTOPPERS:
  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
    [ start all new proposals below, under PATCHES PROPOSED. ]
  
-    * HTTP: If a connection aborts while waiting for a chunked line,
-      flag the connection as errored out.
-      http://svn.apache.org/viewcvs.cgi?rev=354630&view=rev
-      Message-ID: <4395A056.2070000@web.turner.com>
-      +1: jerenkrantz, jim, wrowe
-      -0: niq: Please explain why return value of ap_pass_brigade is
-               put into a variable and immediately discarded.
-
  PATCHES PROPOSED TO BACKPORT FROM TRUNK:
  
      * mod_dbd: When threaded, create a private pool in child_init
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c

index 28811623478a94e3841fa3e92844c9d4fc77504f..55cb876ecce75ab152df8216ab46e1202dc33d10 100644 (file)
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -215,11 +215,12 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
  
              if (rv == APR_SUCCESS) {
                  /* We have to check the length of the brigade we got back.
-                 * We will not accept partial lines.
+                 * We will not accept partial or blank lines.
                   */
                  rv = apr_brigade_length(bb, 1, &brigade_length);
                  if (rv == APR_SUCCESS
-                    && brigade_length > f->r->server->limit_req_line) {
+                    && (!brigade_length ||
+                        brigade_length > f->r->server->limit_req_line)) {
                      rv = APR_ENOSPC;
                  }
                  if (rv == APR_SUCCESS) {
@@ -277,6 +278,7 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
                  char line[30];
                  apr_bucket_brigade *bb;
                  apr_size_t len = 30;
+                apr_status_t http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;
  
                  bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
  
@@ -292,7 +294,14 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
                      if (rv == APR_SUCCESS) {
                          rv = apr_brigade_flatten(bb, line, &len);
                          if (rv == APR_SUCCESS) {
-                            ctx->remaining = get_chunk_size(line);
+                            /* Wait a sec, that's a blank line!  Oh no. */
+                            if (!len) {
+                                rv = APR_EGENERAL;
+                                http_error = HTTP_SERVICE_UNAVAILABLE;
+                            }
+                            else {
+                                ctx->remaining = get_chunk_size(line);
+                            }
                          }
                      }
                      apr_brigade_cleanup(bb);
@@ -300,16 +309,19 @@ apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
  
                  /* Detect chunksize error (such as overflow) */
                  if (rv != APR_SUCCESS || ctx->remaining < 0) {
+                    apr_status_t out_error;
+
                      ctx->remaining = 0; /* Reset it in case we have to
                                           * come back here later */
-                    e = ap_bucket_error_create(HTTP_REQUEST_ENTITY_TOO_LARGE,
+                    e = ap_bucket_error_create(http_error,
                                                 NULL, f->r->pool,
                                                 f->c->bucket_alloc);
                      APR_BRIGADE_INSERT_TAIL(bb, e);
                      e = apr_bucket_eos_create(f->c->bucket_alloc);
                      APR_BRIGADE_INSERT_TAIL(bb, e);
                      ctx->eos_sent = 1;
-                    return ap_pass_brigade(f->r->output_filters, bb);
+                    out_error = ap_pass_brigade(f->r->output_filters, bb);
+                    return rv;
                  }
  
                  if (!ctx->remaining) {
author	Paul Querna <pquerna@apache.org>
	Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)
committer	Paul Querna <pquerna@apache.org>
	Sat, 1 Apr 2006 06:18:02 +0000 (06:18 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
modules/http/http_filters.c		patch \| blob \| blame \| history