From: Jeff Trawick <trawick@apache.org>
Date: Mon, 10 Apr 2006 18:04:06 +0000 (+0000)
Subject: Make sure we write a reasonable status line (e.g., if byterange
X-Git-Tag: 2.0.56~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=abe3b6581e82b94e49bab269074f6cffac723864;p=thirdparty%2Fapache%2Fhttpd.git

Make sure we write a reasonable status line (e.g., if byterange
filter modifies status and custom status line is left
unmodified).

Reviewed by: niq, gregames


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.0.x@393008 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 11c6ff67782..506d8ff67df 100644
--- a/CHANGES
+++ b/CHANGES
@@ -14,6 +14,11 @@ Changes with Apache 2.0.56
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
 
+  *) Ensure that the proper status line is written to the client, fixing
+     incorrect status lines caused by filters which modify r->status without 
+     resetting r->status_line, such as the built-in byterange filter.
+     [Jeff Trawick]
+
   *) Default handler: Don't return output filter apr_status_t values.
      PR 31759.  [Jeff Trawick, Ruediger Pluem, Joe Orton]
 
diff --git a/STATUS b/STATUS
index b0bfee434a2..1e98152b03c 100644
--- a/STATUS
+++ b/STATUS
@@ -116,19 +116,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
        http://svn.apache.org/viewcvs?rev=390573&view=rev
        +1: wrowe, trawick, rpluem
 
-    *) Make sure we write a reasonable status line (e.g., if byterange
-       filter modifies status and custom status line is left
-       unmodified).
-       http://svn.apache.org/viewcvs.cgi?rev=385581&view=rev
-       2.0 patch is at
-         http://people.apache.org/~trawick/20_validate_status_line.patch
-       +1: trawick, niq, gregames
-       -0: colm
-       colm: Wouldn't it be a whole lot less cycles to use ISDIGIT?
-       trawick: Sure, but that doesn't provide a key check.  We need 
-          to convert to numeric to compare with r->status.
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are!  Add all new
diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c
index 0bad324c42e..a523be9e432 100644
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1171,6 +1171,24 @@ static apr_status_t send_all_header_fields(header_struct *h,
 #endif
 }
 
+/* Confirm that the status line is well-formed and matches r->status.
+ * Otherwise, a filter may have negated the status line set by a
+ * handler.
+ * Zap r->status_line if bad.
+ */
+static void validate_status_line(request_rec *r)
+{
+    char *end;
+
+    if (r->status_line
+        && (strlen(r->status_line) <= 4
+            || apr_strtoi64(r->status_line, &end, 10) != r->status
+            || *end != ' '
+            || (end - 3) != r->status_line)) {
+        r->status_line = NULL;
+    }
+}
+
 /*
  * Determine the protocol to use for the response. Potentially downgrade
  * to HTTP/1.0 in some situations and/or turn off keepalives.
@@ -1185,6 +1203,8 @@ static void basic_http_header_check(request_rec *r,
         return;
     }
 
+    validate_status_line(r);
+
     if (!r->status_line) {
         r->status_line = status_lines[ap_index_of_response(r->status)];
     }