httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j..@apache.org
Subject cvs commit: apache-1.3/src/main http_protocol.c
Date Tue, 09 Jul 2002 14:47:24 GMT
jim         2002/07/09 07:47:24

  Modified:    src      CHANGES
               src/main http_protocol.c
  Log:
  Allow for null/all-whitespace C-L fields as we did pre-1.3.26. However,
  we do not allow for the total bogusness of values for C-L, just this
  one special case. IMO a C-L field of "iloveyou" is bogus as is one
  of "123yabbadabbado", which older versions appear to have allowed
  (and in the 1st case, assume 0 and in the 2nd assume 123). Didn't
  make sense to make this runtime, but a documented special case
  instead.
  
  Revision  Changes    Path
  1.1836    +8 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1835
  retrieving revision 1.1836
  diff -u -r1.1835 -r1.1836
  --- CHANGES	8 Jul 2002 18:06:54 -0000	1.1835
  +++ CHANGES	9 Jul 2002 14:47:23 -0000	1.1836
  @@ -1,5 +1,13 @@
   Changes with Apache 1.3.27
   
  +  *) In 1.3.26, a null or all blank Content-Length field would be
  +     triggered as an error; previous versions would silently ignore
  +     this and assume 0. As a special case, we now allow this and
  +     behave as we previously did. HOWEVER, previous versions would
  +     also silently accept bogus C-L values; We do NOT do that. That
  +     *is* an invalid value and we treat it as such.
  +     [Jim Jagielski]
  +
     *) Add ProtocolReqCheck directive, which determines if Apache will
        check for a valid protocol string in the request (eg: HTTP/1.1)
        and return HTTP_BAD_REQUEST if not valid. Versions of Apache
  
  
  
  1.324     +8 -2      apache-1.3/src/main/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
  retrieving revision 1.323
  retrieving revision 1.324
  diff -u -r1.323 -r1.324
  --- http_protocol.c	8 Jul 2002 18:06:55 -0000	1.323
  +++ http_protocol.c	9 Jul 2002 14:47:24 -0000	1.324
  @@ -2011,10 +2011,16 @@
           const char *pos = lenp;
           int conversion_error = 0;
   
  -        while (ap_isdigit(*pos) || ap_isspace(*pos))
  +        while (ap_isspace(*pos))
               ++pos;
   
           if (*pos == '\0') {
  +            /* special case test - a C-L field NULL or all blanks is
  +             * assumed OK and defaults to 0. Otherwise, we do a
  +             * strict check of the field */
  +            r->remaining = 0;
  +        }
  +        else {
               char *endstr;
               errno = 0;
               r->remaining = ap_strtol(lenp, &endstr, 10);
  @@ -2023,7 +2029,7 @@
               }
           }
   
  -        if (*pos != '\0' || conversion_error) {
  +        if (conversion_error) {
               ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
                           "Invalid Content-Length");
               return HTTP_BAD_REQUEST;
  
  
  

Mime
View raw message