From: William A. Rowe Jr Date: Mon, 29 Aug 2016 13:47:27 +0000 (+0000) Subject: Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll. X-Git-Tag: 2.5.0-alpha~1188 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f54c03b7eef9654cdb9a451937e0190489fdf3ef;p=thirdparty%2Fapache%2Fhttpd.git Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll. This choice is unanimous, although StrictURI (a different RFC) still hasn't found absolute concensus. An ap_mmn bump will follow (major, this removes a struct elt) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758226 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/include/http_core.h b/include/http_core.h index cac1f3b303d..91ae01e9c0b 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -739,11 +739,6 @@ typedef struct { #define AP_HTTP_CONFORMANCE_STRICT 2 char http_conformance; -#define AP_HTTP_WHITESPACE_UNSET 0 -#define AP_HTTP_WHITESPACE_UNSAFE 1 -#define AP_HTTP_WHITESPACE_STRICT 2 - char http_whitespace; - #define AP_HTTP_METHODS_UNSET 0 #define AP_HTTP_METHODS_LENIENT 1 #define AP_HTTP_METHODS_REGISTERED 2 diff --git a/server/core.c b/server/core.c index 4280204354b..92b2fc4b59d 100644 --- a/server/core.c +++ b/server/core.c @@ -536,9 +536,6 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) if (virt->http_stricturi != AP_HTTP_URI_UNSET) conf->http_stricturi = virt->http_stricturi; - if (virt->http_whitespace != AP_HTTP_WHITESPACE_UNSET) - conf->http_whitespace = virt->http_whitespace; - if (virt->http_methods != AP_HTTP_METHODS_UNSET) conf->http_methods = virt->http_methods; @@ -4038,10 +4035,6 @@ static const char *set_http_protocol_options(cmd_parms *cmd, void *dummy, conf->http_stricturi |= AP_HTTP_URI_STRICT; else if (strcasecmp(arg, "unsafeuri") == 0) conf->http_stricturi |= AP_HTTP_URI_UNSAFE; - else if (strcasecmp(arg, "strictwhitespace") == 0) - conf->http_whitespace |= AP_HTTP_WHITESPACE_STRICT; - else if (strcasecmp(arg, "unsafewhitespace") == 0) - conf->http_whitespace |= AP_HTTP_WHITESPACE_UNSAFE; else if (strcasecmp(arg, "registeredmethods") == 0) conf->http_methods |= AP_HTTP_METHODS_REGISTERED; else if (strcasecmp(arg, "lenientmethods") == 0) @@ -4050,7 +4043,6 @@ static const char *set_http_protocol_options(cmd_parms *cmd, void *dummy, return "HttpProtocolOptions accepts " "'Unsafe' or 'Strict' (default), " "'UnsafeURI' or 'StrictURI' (default), " - "'UnsafeWhitespace' or 'StrictWhitespace' (default), " "'RegisteredMethods' or 'LenientMethods' (default), and " "'Require1.0' or 'Allow0.9' (default)"; @@ -4069,11 +4061,6 @@ static const char *set_http_protocol_options(cmd_parms *cmd, void *dummy, return "HttpProtocolOptions 'Strict' and 'Unsafe'" " are mutually exclusive"; - if ((conf->http_whitespace & AP_HTTP_WHITESPACE_STRICT) - && (conf->http_whitespace & AP_HTTP_WHITESPACE_UNSAFE)) - return "HttpProtocolOptions 'StrictWhitespace' and 'UnsafeWhitespace'" - " are mutually exclusive"; - if ((conf->http_methods & AP_HTTP_METHODS_REGISTERED) && (conf->http_methods & AP_HTTP_METHODS_LENIENT)) return "HttpProtocolOptions 'RegisteredMethods' and 'LenientMethods'" diff --git a/server/protocol.c b/server/protocol.c index 0d0325d7407..ee79d309532 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -583,7 +583,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) core_server_config *conf = ap_get_core_module_config(r->server->module_config); int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); int stricturi = (conf->http_stricturi != AP_HTTP_URI_UNSAFE); - int strictspaces = (conf->http_whitespace != AP_HTTP_WHITESPACE_UNSAFE); /* Read past empty lines until we get a real request line, * a read error, the connection closes (EOF), or we timeout. @@ -671,7 +670,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) } /* Verify method terminated with a single SP, otherwise mark in error */ - if (strictspaces && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1])) + if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1])) && deferred_error == rrl_none) { deferred_error = rrl_excesswhitespace; } @@ -680,7 +679,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) * then NUL terminate the method string */ for (uri = ll; apr_isspace(*uri); ++uri) - if (strictspaces && ap_strchr_c("\t\n\v\f\r", *uri) + if (strict && ap_strchr_c("\t\n\v\f\r", *uri) && deferred_error == rrl_none) deferred_error = rrl_badwhitespace; *ll = '\0'; @@ -708,7 +707,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) } /* Verify uri terminated with a single SP, otherwise mark in error */ - if (strictspaces && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1])) + if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1])) && deferred_error == rrl_none) { deferred_error = rrl_excesswhitespace; } @@ -717,7 +716,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) * then NUL terminate the uri string */ for (r->protocol = ll; apr_isspace(*r->protocol); ++r->protocol) - if (strictspaces && ap_strchr_c("\t\n\v\f\r", *r->protocol) + if (strict && ap_strchr_c("\t\n\v\f\r", *r->protocol) && deferred_error == rrl_none) deferred_error = rrl_badwhitespace; *ll = '\0'; @@ -735,10 +734,10 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) * determine if trailing text is found, unconditionally mark in error, * finally NUL terminate the protocol string */ - if (strictspaces && *ll) + if (strict && *ll) deferred_error = rrl_excesswhitespace; for ( ; apr_isspace(*ll); ++ll) - if (strictspaces && ap_strchr_c("\t\n\v\f\r", *ll) + if (strict && ap_strchr_c("\t\n\v\f\r", *ll) && deferred_error == rrl_none) deferred_error = rrl_badwhitespace; if (*ll && deferred_error == rrl_none) @@ -943,7 +942,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb char *tmp_field; core_server_config *conf = ap_get_core_module_config(r->server->module_config); int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); - int strictspaces = (conf->http_whitespace != AP_HTTP_WHITESPACE_UNSAFE); /* * Read header lines until we get the empty separator line, a read error, @@ -982,7 +980,7 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb return; } - if (strictspaces && strpbrk(field, "\n\v\f\r")) { + if (strict && strpbrk(field, "\n\v\f\r")) { r->status = HTTP_BAD_REQUEST; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03451) "Request header line presented bad whitespace " @@ -1116,7 +1114,7 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb *value++ = '\0'; /* NUL-terminate at colon */ - if (strictspaces && strpbrk(last_field, " \t")) { + if (strict && strpbrk(last_field, " \t")) { r->status = HTTP_BAD_REQUEST; ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03452) "Request header field name with whitespace "