Return-Path: Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 98207 invoked by uid 500); 9 Jul 2002 14:47:28 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 98102 invoked by uid 500); 9 Jul 2002 14:47:28 -0000 Delivered-To: apmail-apache-1.3-cvs@apache.org Date: 9 Jul 2002 14:47:24 -0000 Message-ID: <20020709144724.59663.qmail@icarus.apache.org> From: jim@apache.org To: apache-1.3-cvs@apache.org Subject: cvs commit: apache-1.3/src/main http_protocol.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N jim 2002/07/09 07:47:24 Modified: src CHANGES src/main http_protocol.c Log: Allow for null/all-whitespace C-L fields as we did pre-1.3.26. However, we do not allow for the total bogusness of values for C-L, just this one special case. IMO a C-L field of "iloveyou" is bogus as is one of "123yabbadabbado", which older versions appear to have allowed (and in the 1st case, assume 0 and in the 2nd assume 123). Didn't make sense to make this runtime, but a documented special case instead. Revision Changes Path 1.1836 +8 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1835 retrieving revision 1.1836 diff -u -r1.1835 -r1.1836 --- CHANGES 8 Jul 2002 18:06:54 -0000 1.1835 +++ CHANGES 9 Jul 2002 14:47:23 -0000 1.1836 @@ -1,5 +1,13 @@ Changes with Apache 1.3.27 + *) In 1.3.26, a null or all blank Content-Length field would be + triggered as an error; previous versions would silently ignore + this and assume 0. As a special case, we now allow this and + behave as we previously did. HOWEVER, previous versions would + also silently accept bogus C-L values; We do NOT do that. That + *is* an invalid value and we treat it as such. + [Jim Jagielski] + *) Add ProtocolReqCheck directive, which determines if Apache will check for a valid protocol string in the request (eg: HTTP/1.1) and return HTTP_BAD_REQUEST if not valid. Versions of Apache 1.324 +8 -2 apache-1.3/src/main/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.323 retrieving revision 1.324 diff -u -r1.323 -r1.324 --- http_protocol.c 8 Jul 2002 18:06:55 -0000 1.323 +++ http_protocol.c 9 Jul 2002 14:47:24 -0000 1.324 @@ -2011,10 +2011,16 @@ const char *pos = lenp; int conversion_error = 0; - while (ap_isdigit(*pos) || ap_isspace(*pos)) + while (ap_isspace(*pos)) ++pos; if (*pos == '\0') { + /* special case test - a C-L field NULL or all blanks is + * assumed OK and defaults to 0. Otherwise, we do a + * strict check of the field */ + r->remaining = 0; + } + else { char *endstr; errno = 0; r->remaining = ap_strtol(lenp, &endstr, 10); @@ -2023,7 +2029,7 @@ } } - if (*pos != '\0' || conversion_error) { + if (conversion_error) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "Invalid Content-Length"); return HTTP_BAD_REQUEST;