From 6ac9799c75f7e80254e1a459facf801f3ad3720e Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Mon, 13 Mar 2006 16:14:34 +0000 Subject: [PATCH] merge from trunk: core: Fix up botched status lines (mismatch with r->status or just badly formatted) reviewed by: jerenkrantz, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@385581 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ STATUS | 6 ------ modules/http/http_filters.c | 20 ++++++++++++++++++++ 3 files changed, 25 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 9e5fe7219b2..b5d86b3f154 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,11 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.1 + *) Ensure that the proper status line is written to the client, fixing + incorrect status lines caused by filters which modify r->status without + resetting r->status_line, such as the built-in byterange filter. + [Jeff Trawick] + *) mod_speling: Stop crashing with certain non-file requests. [Jeff Trawick] *) SECURITY: CVE-2005-3357 (cve.mitre.org) diff --git a/STATUS b/STATUS index e051d141f1c..d482a974cb4 100644 --- a/STATUS +++ b/STATUS @@ -156,12 +156,6 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: URL: http://people.apache.org/~wrowe/fixldap_mask.patch +1: wrowe - * core: Fix up botched status lines (mismatch with r->status or - just badly formatted) - Trunk version of patch, which applies fine: - http://svn.apache.org/viewcvs?rev=379562&view=rev - +1: trawick, jerenkrantz, jorton - * mod_include: APR_FILEPATH_NOTABOVEROOT was undefined with a left-hand NULL or empty path. The SECUREROOTPATH and NOTABSOLUTE tests are sufficient for this application. diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index b032866152d..fda87cf8fbb 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -616,6 +616,24 @@ static apr_status_t send_all_header_fields(header_struct *h, #endif } +/* Confirm that the status line is well-formed and matches r->status. + * If they don't match, a filter may have negated the status line set by a + * handler. + * Zap r->status_line if bad. + */ +static void validate_status_line(request_rec *r) +{ + char *end; + + if (r->status_line + && (strlen(r->status_line) <= 4 + || apr_strtoi64(r->status_line, &end, 10) != r->status + || *end != ' ' + || (end - 3) != r->status_line)) { + r->status_line = NULL; + } +} + /* * Determine the protocol to use for the response. Potentially downgrade * to HTTP/1.0 in some situations and/or turn off keepalives. @@ -630,6 +648,8 @@ static void basic_http_header_check(request_rec *r, return; } + validate_status_line(r); + if (!r->status_line) { r->status_line = ap_get_status_line(r->status); } -- 2.47.2