From: Nick Kew <niq@apache.org>
Date: Sat, 4 Feb 2006 17:41:09 +0000 (+0000)
Subject: Fix PR#38070
X-Git-Tag: 2.0.56~56
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5d6053ae65307281ffba52a4cef4004be6e9d4aa;p=thirdparty%2Fapache%2Fhttpd.git

Fix PR#38070
Avoid server-driven negotiation when a script has sent a Status: header.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@374894 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 24947a6a081..b7429749b12 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
+  *) Fix PR#38070: Avoid server-driven negotiation when a CGI script
+     has emitted an explicit Status: header [Nick Kew].
+
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
      mod_ssl: Fix a possible crash during access control checks if a
      non-SSL request is processed for an SSL vhost (such as the
diff --git a/STATUS b/STATUS
index b4875859b09..e84453b5eac 100644
--- a/STATUS
+++ b/STATUS
@@ -117,11 +117,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
          http://svn.apache.org/viewcvs?view=rev&rev=154319
        +1: stoddard, striker, wrowe (as corrected in subsequent patches)
 
-    *) util_script: FIX PR38070, correctly honor a CGI Status: header.
-         http://svn.apache.org/viewcvs?rev=370692&view=rev
-       +1: colm,niq,wrowe
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are!  Add all new
diff --git a/server/util_script.c b/server/util_script.c
index a2e8675bcd5..1bb61eae9b2 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -394,6 +394,8 @@ static int set_cookie_doo_doo(void *v, const char *key, const char *val)
     return 1;
 }
 
+#define HTTP_UNSET (-HTTP_OK)
+
 AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 				       int (*getsfunc) (char *, int, void *),
 				       void *getsfunc_data)
@@ -401,7 +403,7 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
     char x[MAX_STRING_LEN];
     char *w, *l;
     int p;
-    int cgi_status = HTTP_OK;
+    int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
     apr_table_t *cookie_table;
 
@@ -462,7 +464,18 @@ AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 	if (w[0] == '\0') {
 	    int cond_status = OK;
 
-	    if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
+	    /* PR#38070: This fails because it gets confused when a
+             * CGI Status header overrides ap_meets_conditions.
+             * 
+             * We can fix that by dropping ap_meets_conditions when
+             * Status has been set.  Since this is the only place
+             * cgi_status gets used, let's test it explicitly.
+             *
+             * The alternative would be to ignore CGI Status when
+             * ap_meets_conditions returns anything interesting.
+             * That would be safer wrt HTTP, but would break CGI.
+             */
+	    if ((cgi_status == HTTP_UNSET) && (r->method_number == M_GET)) {
 		cond_status = ap_meets_conditions(r);
 	    }
 	    apr_table_overlap(r->err_headers_out, merge,