Core HTTP: disable keepalive when the Client has sent
Expect: 100-continue
but we respond directly with a non-100 response. Keepalive here led
to data from clients continuing being treated as a new request.
PR: 47087
Submitted by: niq
Reviewed by: wrowe, sf, trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@
1098104 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.2.18
+ *) Core HTTP: disable keepalive when the Client has sent
+ Expect: 100-continue
+ but we respond directly with a non-100 response. Keepalive here led
+ to data from clients continuing being treated as a new request.
+ PR 47087. [Nick Kew]
+
*) htpasswd: Change the default algorithm for htpasswd to MD5 on all
platforms. Crypt with its 8 character limit is not useful anymore;
improve out of disk space handling (PR 30877); print a warning if
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * HTTP Protocol: Fix handling of extra request data sent with Expect: 100
- PR 47087
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=888310
- 2.2.x: Trunk works with offset
- +1: niq, wrowe, sf
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
char *tmp;
int len;
+ /* if we send an interim response, we're no longer
+ * in a state of expecting one.
+ */
+ f->r->expecting_100 = 0;
tmp = apr_pstrcat(f->r->pool, AP_SERVER_PROTOCOL, " ",
ap_get_status_line(100), CRLF CRLF, NULL);
len = strlen(tmp);
* body should use the HTTP/1.1 chunked transfer-coding. In English,
*
* IF we have not marked this connection as errored;
+ * and the client isn't expecting 100-continue (PR47087 - more
+ * input here could be the client continuing when we're
+ * closing the request).
* and the response body has a defined length due to the status code
* being 304 or 204, the request method being HEAD, already
* having defined Content-Length or Transfer-Encoding: chunked, or
* Note that the condition evaluation order is extremely important.
*/
if ((r->connection->keepalive != AP_CONN_CLOSE)
+ && !r->expecting_100
&& ((r->status == HTTP_NOT_MODIFIED)
|| (r->status == HTTP_NO_CONTENT)
|| r->header_only
{
hdr_ptr x;
char *status_line = NULL;
+ request_rec *rr;
if (r->proto_num < 1001) {
/* don't send interim response to HTTP/1.0 Client */
return;
}
+ /* if we send an interim response, we're no longer in a state of
+ * expecting one. Also, this could feasibly be in a subrequest,
+ * so we need to propagate the fact that we responded.
+ */
+ for (rr = r; rr != NULL; rr = rr->main) {
+ rr->expecting_100 = 0;
+ }
+
status_line = apr_pstrcat(r->pool, AP_SERVER_PROTOCOL, " ", r->status_line, CRLF, NULL);
ap_xlate_proto_to_ascii(status_line, strlen(status_line));
projects / thirdparty / apache / httpd.git / commitdiff
