we do not allow for the total bogusness of values for C-L, just this
one special case. IMO a C-L field of "iloveyou" is bogus as is one
of "123yabbadabbado", which older versions appear to have allowed
(and in the 1st case, assume 0 and in the 2nd assume 123). Didn't
make sense to make this runtime, but a documented special case
instead.
PR:
Obtained from:
Submitted by:
Reviewed by:
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@95986
13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 1.3.27
+ *) In 1.3.26, a null or all blank Content-Length field would be
+ triggered as an error; previous versions would silently ignore
+ this and assume 0. As a special case, we now allow this and
+ behave as we previously did. HOWEVER, previous versions would
+ also silently accept bogus C-L values; We do NOT do that. That
+ *is* an invalid value and we treat it as such.
+ [Jim Jagielski]
+
*) Add ProtocolReqCheck directive, which determines if Apache will
check for a valid protocol string in the request (eg: HTTP/1.1)
and return HTTP_BAD_REQUEST if not valid. Versions of Apache
const char *pos = lenp;
int conversion_error = 0;
- while (ap_isdigit(*pos) || ap_isspace(*pos))
+ while (ap_isspace(*pos))
++pos;
if (*pos == '\0') {
+ /* special case test - a C-L field NULL or all blanks is
+ * assumed OK and defaults to 0. Otherwise, we do a
+ * strict check of the field */
+ r->remaining = 0;
+ }
+ else {
char *endstr;
errno = 0;
r->remaining = ap_strtol(lenp, &endstr, 10);
}
}
- if (*pos != '\0' || conversion_error) {
+ if (conversion_error) {
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"Invalid Content-Length");
return HTTP_BAD_REQUEST;
projects / thirdparty / apache / httpd.git / commitdiff
