From: William A. Rowe Jr <wrowe@apache.org>
Date: Tue, 22 Nov 2016 18:34:25 +0000 (+0000)
Subject: List discussion resulted in rejecting all but SP characters in the request
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fbab2040296e4fe3981e9c5fe1c9cbc1f97123f7;p=thirdparty%2Fapache%2Fhttpd.git

List discussion resulted in rejecting all but SP characters in the request
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.

Backports: r1770867
Submitted by: wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x-merge-http-strict@1770868 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/protocol.c b/server/protocol.c
index 3b297bd0f11..4de48e6f883 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -680,8 +680,8 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-                 && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -689,8 +689,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (uri = ll; apr_isspace(*uri); ++uri) 
-        if (ap_strchr_c("\t\n\v\f\r", *uri)
-                && deferred_error == rrl_none)
+        if (*uri != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';
 
@@ -706,14 +705,14 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         ll = strpbrk(ll, "\t\n\v\f\r ");
     }
 
-    /* Verify method terminated with a single SP, or mark as specific error */
+    /* Verify URI terminated with a single SP, or mark as specific error */
     if (!ll) {
         r->protocol = "";
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-            && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -721,8 +720,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (r->protocol = ll; apr_isspace(*r->protocol); ++r->protocol) 
-        if (ap_strchr_c("\t\n\v\f\r", *r->protocol)
-                && deferred_error == rrl_none)
+        if (*r->protocol != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';