From: Nick Kew <niq@apache.org>
Date: Sat, 4 Feb 2006 17:45:51 +0000 (+0000)
Subject: Fix PR#38070
X-Git-Tag: 2.2.1~100
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c9b5bc30b45dcfef356968398f2c2f7ef762586;p=thirdparty%2Fapache%2Fhttpd.git

Fix PR#38070
Avoid server-driven negotiation when a script has sent a Status: header.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@374895 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 1a3b8b0505b..79cebe577ee 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.1
 
+  *) PR#38070: Avoid Server-driven negotiation when a script has
+     emitted an explicit Status: header.
+
   *) Fix to avoid feeding C99 to C++ compilers [Joe Orton]
 
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
diff --git a/STATUS b/STATUS
index c3c3307b748..35938b81cb5 100644
--- a/STATUS
+++ b/STATUS
@@ -180,10 +180,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
       +1: rpluem, niq
       NOTE: this also supersedes previous fix to PR#37790
 
-    * util_script: Fix PR#38070 - Honour a CGI Status header correctly
-      http://svn.apache.org/viewcvs?rev=370692&view=rev
-      +1: niq, colm, wrowe
-
     * Solaris build proposal; don't fail on missing .h files within
       a VPATH build, and don't test trees with -d (simply -f the
       expected files) in case a tree such as srclib/apr is actually
diff --git a/server/util_script.c b/server/util_script.c
index 66b9a95de67..c069bbb8ff1 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -398,6 +398,8 @@ static int set_cookie_doo_doo(void *v, const char *key, const char *val)
     return 1;
 }
 
+#define HTTP_UNSET (-HTTP_OK)
+
 AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
                                        int (*getsfunc) (char *, int, void *),
                                        void *getsfunc_data)
@@ -405,7 +407,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
     char x[MAX_STRING_LEN];
     char *w, *l;
     int p;
-    int cgi_status = HTTP_OK;
+    int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
     apr_table_t *cookie_table;
 
@@ -466,7 +468,18 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
         if (w[0] == '\0') {
             int cond_status = OK;
 
-            if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
+           /* PR#38070: This fails because it gets confused when a
+            * CGI Status header overrides ap_meets_conditions.
+            * 
+            * We can fix that by dropping ap_meets_conditions when
+            * Status has been set.  Since this is the only place
+            * cgi_status gets used, let's test it explicitly.
+            *
+            * The alternative would be to ignore CGI Status when
+            * ap_meets_conditions returns anything interesting.
+            * That would be safer wrt HTTP, but would break CGI.
+            */
+            if ((cgi_status == HTTP_UNSET) && (r->method_number == M_GET)) {
                 cond_status = ap_meets_conditions(r);
             }
             apr_table_overlap(r->err_headers_out, merge,