From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 7 Dec 2016 23:18:05 +0000 (+0000)
Subject: As noted by rpluem, r->protocol isn't const char *. Ensure the exit cases
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1919019671390c0c29ecf524d35bcc90b2342ddb;p=thirdparty%2Fapache%2Fhttpd.git

As noted by rpluem, r->protocol isn't const char *. Ensure the exit cases
are pstrdup'ed. Note that r->protocol = "" is not in a return path.

Simplify the garbage-in protocol handling without consideration to 'strict'
settings. It is expected to be caused by an invalid raw SP in the URL.

Backports: r1773159 (with pstrdup enhancement)
Submitted by: rpluem, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict@1773161 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/protocol.c b/server/protocol.c
index 7bc292cb162..63b358d4835 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -782,17 +782,14 @@ rrl_done:
             memcpy((char*)r->protocol, "HTTP", 4);
     }
     else if (r->protocol[0]) {
-        r->assbackwards = 0;
-        r->proto_num = HTTP_VERSION(1,0);
+        r->proto_num = HTTP_VERSION(0, 9);
         /* Defer setting the r->protocol string till error msg is composed */
-        if (strict && deferred_error == rrl_none)
+        if (deferred_error == rrl_none)
             deferred_error = rrl_badprotocol;
-        else
-            r->protocol  = "HTTP/1.0";
     }
     else {
         r->assbackwards = 1;
-        r->protocol = "HTTP/0.9";
+        r->protocol  = apr_pstrdup(r->pool, "HTTP/0.9");
         r->proto_num = HTTP_VERSION(0, 9);
     }
 
@@ -906,7 +903,7 @@ rrl_failed:
         r->assbackwards = 0;
         r->connection->keepalive = AP_CONN_CLOSE;
         r->proto_num = HTTP_VERSION(1, 0);
-        r->protocol  = "HTTP/1.0";
+        r->protocol  = apr_pstrdup(r->pool, "HTTP/1.0");
     }
     return 0;
 }