Merge r370172, r371132 from trunk:

* Insert the HTTP_IN filter uncondionally before we call
  ap_send_error_response or ap_die. This ensures that
  ap_discard_request_body called by ap_die and by ap_send_error_response works
  correctly on status codes that do not cause the connection to be dropped and
  in situations where the connection should be kept alive.

PR: 38123
Reviewed by: rpluem, niq, jerenkrantz

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@390503 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index fda98a18bdbde5b35eb6cc1997bab297bf6f68e6..a60a8745abe29a82b8e069687715150f1b005f2b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,9 @@ Changes with Apache 2.2.1
      made to ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
 
+  *) core: Reject invalid Expect header immediately. PR 38123.
+     [Ruediger Pluem]
+
   *) Fix mis-shifted 32 bit scope, masked to 64 bits as a method.
      [Will Rowe, Joe Orton]
 

diff --git a/STATUS b/STATUS
index bcbf9b71402cf7db84f2b237f3629cab23565b63..4a17044758466ac23f2c573671b1e2c93c63301b 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -83,15 +83,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       -0: niq: Please explain why return value of ap_pass_brigade is
                put into a variable and immediately discarded.
 
-    * core: Fix PR38123 (Invalid Expect header not immediately rejected)
-      Trunk version of patch:
-         http://svn.apache.org/viewcvs.cgi?rev=370172&view=rev
-         http://svn.apache.org/viewcvs.cgi?rev=371132&view=rev
-      Backport version for 2.2.x of patch:
-         http://issues.apache.org/bugzilla/attachment.cgi?id=17481
-      +1: rpluem, niq, jerenkrantz
-      NOTE: this also supersedes previous fix to PR#37790
-
     * mod_ldap: Fix a race condition when creating the connection pool mutex
        and make sure that memory is being allocated from the correct pools
        when connections are being established. Enforce the GLOBAL_ONLY 

diff --git a/server/protocol.c b/server/protocol.c
index aadb4391d630d553f83df3fc7e6288284cd018ee..39ac3f902aa5c5d2702308df0a0c43e3129af3cd 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -982,6 +982,16 @@ request_rec *ap_read_request(conn_rec *conn)
                       "(see RFC2616 section 14.23): %s", r->uri);
     }
 
+    /*
+     * Add the HTTP_IN filter here to ensure that ap_discard_request_body
+     * called by ap_die and by ap_send_error_response works correctly on
+     * status codes that do not cause the connection to be dropped and
+     * in situations where the connection should be kept alive.
+     */
+
+    ap_add_input_filter_handle(ap_http_input_filter_handle,
+                               NULL, r, r->connection);
+
     if (r->status != HTTP_OK) {
         ap_send_error_response(r, 0);
         ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
@@ -990,8 +1000,6 @@ request_rec *ap_read_request(conn_rec *conn)
     }
 
     if ((access_status = ap_run_post_read_request(r))) {
-        ap_add_input_filter_handle(ap_http_input_filter_handle,
-                                   NULL, r, r->connection);
         ap_die(access_status, r);
         ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
         ap_run_log_transaction(r);
@@ -1021,9 +1029,6 @@ request_rec *ap_read_request(conn_rec *conn)
         }
     }
 
-    ap_add_input_filter_handle(ap_http_input_filter_handle,
-                               NULL, r, r->connection);
-
     return r;
 }