From: Jim Jagielski <jim@apache.org>
Date: Tue, 17 Sep 2002 01:09:19 +0000 (+0000)
Subject: Make the protocol parsing case insensitive... 'http/1.1' was being
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cbfa0e8c8f499c5a3397272bd9bec1c776f73383;p=thirdparty%2Fapache%2Fhttpd.git

Make the protocol parsing case insensitive... 'http/1.1' was being
tagged as invalid if ProtocolReqCheck was active.

PR:
Obtained from:
Submitted by:
Reviewed by:


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@96856 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index b0723f2e048..d15bb6078e2 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 1.3.27
 
+  *) The protocol version (eg: HTTP/1.1) in the request line parsing
+     is now case insensitive. This closes a few PRs and implies that
+     ProtocolReqCheck will trigger on *true* invalid protocols.
+     [Jim Jagielski]
+
   *) Relaxed mod_digest its parsing in order to make it work
      with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)"
      User-Agent. Apache (incorrectly) insisted on a quoted URI's
diff --git a/src/main/http_protocol.c b/src/main/http_protocol.c
index 51e7d6e7864..3a73799fa71 100644
--- a/src/main/http_protocol.c
+++ b/src/main/http_protocol.c
@@ -1002,7 +1002,6 @@ static int read_request_line(request_rec *r)
     unsigned int major = 1, minor = 0;   /* Assume HTTP/1.0 if non-"HTTP" protocol */
     int len = 0;
     int valid_protocol = 1;
-    char *kruft;
 
     /* Read past empty lines until we get a real request line,
      * a read error, the connection closes (EOF), or we timeout.
@@ -1073,9 +1072,12 @@ static int read_request_line(request_rec *r)
         r->proto_num = HTTP_VERSION(r->protocol[5] - '0', r->protocol[7] - '0');
     }
     else {
-	kruft = ap_palloc(r->pool, strlen(r->protocol)+1);
-	if (2 == sscanf(r->protocol, "HTTP/%u.%u%s", &major, &minor, kruft)
-	    && minor < HTTP_VERSION(1,0)) /* don't allow HTTP/0.1000 */
+        char *lint;
+        char http[5];
+	lint = ap_palloc(r->pool, strlen(r->protocol)+1);
+	if (3 == sscanf(r->protocol, "%4s/%u.%u%s", http, &major, &minor, lint)
+            && (strcasecmp("http", http) == 0)
+	    && (minor < HTTP_VERSION(1,0)) ) /* don't allow HTTP/0.1000 */
 	    r->proto_num = HTTP_VERSION(major, minor);
 	else {
 	    r->proto_num = HTTP_VERSION(1,0);