header validation after content-* are eval'ed

author Eric Covener <covener@apache.org>

Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)

committer Eric Covener <covener@apache.org>

Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)
author Eric Covener <covener@apache.org>
Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)
committer Eric Covener <covener@apache.org>
Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c

index cef601cae36371bc3e6870c2430d5547d27000a0..f20aee73fa8213e30b111b02ba1102fb47de2671 100644 (file)
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1365,6 +1365,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
           */
          apr_table_clear(r->headers_out);
          apr_table_clear(r->err_headers_out);
+        r->content_type = r->content_encoding = NULL;
+        r->content_languages = NULL;
+        r->clength = r->chunked = 0;
          apr_brigade_cleanup(b);
  
          /* Don't recall ap_die() if we come back here (from its own internal
@@ -1381,8 +1384,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
          APR_BRIGADE_INSERT_TAIL(b, e);
          e = apr_bucket_eos_create(c->bucket_alloc);
          APR_BRIGADE_INSERT_TAIL(b, e);
-        r->content_type = r->content_encoding = NULL;
-        r->content_languages = NULL;
          ap_set_content_length(r, 0);
          recursive_error = 1;
      }
@@ -1409,6 +1410,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
      if (!apr_is_empty_table(r->err_headers_out)) {
          r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
                                             r->headers_out);
+        apr_table_clear(r->err_headers_out);
      }
  
      /*
@@ -1428,6 +1430,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
          fixup_vary(r);
      }
  
+
+    /*
+     * Control cachability for non-cacheable responses if not already set by
+     * some other part of the server configuration.
+     */
+    if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
+        char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
+        ap_recent_rfc822_date(date, r->request_time);
+        apr_table_addn(r->headers_out, "Expires", date);
+    }
+
      /*
       * Now remove any ETag response header field if earlier processing
       * says so (such as a 'FileETag None' directive).
@@ -1440,6 +1453,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
      basic_http_header_check(r, &protocol);
      ap_set_keepalive(r);
  
+    /* 204/304 responses don't have content related headers */
      if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
          apr_table_unset(r->headers_out, "Transfer-Encoding");
          apr_table_unset(r->headers_out, "Content-Length");
@@ -1482,16 +1496,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
          apr_table_setn(r->headers_out, "Content-Language", field);
      }
  
-    /*
-     * Control cachability for non-cacheable responses if not already set by
-     * some other part of the server configuration.
-     */
-    if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
-        char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
-        ap_recent_rfc822_date(date, r->request_time);
-        apr_table_addn(r->headers_out, "Expires", date);
-    }
-
      /* This is a hack, but I can't find anyway around it.  The idea is that
       * we don't want to send out 0 Content-Lengths if it is a head request.
       * This happens when modules try to outsmart the server, and return
author	Eric Covener <covener@apache.org>
	Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)
committer	Eric Covener <covener@apache.org>
	Wed, 3 Apr 2024 12:12:23 +0000 (12:12 +0000)