From 1e9d5bd636eeaf31fd09cb1bf61a2c734b0a55ec Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Thu, 18 Jun 2015 17:04:26 +0000
Subject: [PATCH] Merge r1685345, r1685347, r1685349, r1685350 from trunk:

Follow up to r1684513: allow spaces before and after chunk-size.
Slightly modified version of trawick's proposal.

Follow up to r1685345: don't accept spaces *before* the chunk-size.

Follow up to r1685345: CHANGES entry.

Follow up to r1685349: remove a tab.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1686271 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                     |  3 +++
 STATUS                      |  9 ---------
 modules/http/http_filters.c | 14 ++++++++++++--
 3 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/CHANGES b/CHANGES
index 62794393ad3..6e28a3f2ba5 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.15
 
+  *) core: Allow spaces after chunk-size for compatibility with implementations
+     using a pre-filled buffer.  [Yann Ylavic, Jeff Trawick]
+
   *) mod_ssl: Remove deprecated SSLCertificateChainFile warning.
      [Yann Ylavic]
 
diff --git a/STATUS b/STATUS
index 18e09cc9b82..7e3591fa546 100644
--- a/STATUS
+++ b/STATUS
@@ -107,15 +107,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) core: Allow spaces after chunk-size for compatibility with implementations
-     using a pre-filled buffer, and log parsing failures at level INFO.
-     trunk patch: http://svn.apache.org/r1685345
-                  http://svn.apache.org/r1685347
-                  http://svn.apache.org/r1685349
-                  http://svn.apache.org/r1685350
-     2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_http_filter_chunked-v3.patch
-     +1: ylavic, trawick (v3), wrowe (v3)
-
   *) mod_charset_lite, mod_ext_filter:  Avoid inadvertent filtering of protocol
      data during read of chunked request bodies. PR 58049.
      trunk patch: http://svn.apache.org/r1686085
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index c6371ed3157..70b5484b837 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -71,10 +71,11 @@ typedef struct http_filter_ctx
         BODY_CHUNK, /* chunk expected */
         BODY_CHUNK_PART, /* chunk digits */
         BODY_CHUNK_EXT, /* chunk extension */
-        BODY_CHUNK_LF, /* got CR, expect LF after digits/extension */
+        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */
+        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */
         BODY_CHUNK_DATA, /* data constrained by chunked encoding */
         BODY_CHUNK_END, /* chunked data terminating CRLF */
-        BODY_CHUNK_END_LF, /* got CR, expect LF after data */
+        BODY_CHUNK_END_LF, /* got CR after data, expect LF */
         BODY_CHUNK_TRAILER /* trailers */
     } state;
     unsigned int eos_sent :1;
@@ -204,6 +205,15 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
                 return APR_EINVAL;
             }
         }
+        else if (c == ' ' || c == '\t') {
+            ctx->state = BODY_CHUNK_CR;
+        }
+        else if (ctx->state == BODY_CHUNK_CR) {
+            /*
+             * ';', CR or LF expected.
+             */
+            return APR_EINVAL;
+        }
         else if (ctx->state == BODY_CHUNK_PART) {
             int xvalue;
 
-- 
2.47.2