httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r374894 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS server/util_script.c
Date Sat, 04 Feb 2006 17:41:14 GMT
Author: niq
Date: Sat Feb  4 09:41:09 2006
New Revision: 374894

URL: http://svn.apache.org/viewcvs?rev=374894&view=rev
Log:
Fix PR#38070
Avoid server-driven negotiation when a script has sent a Status: header.

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/server/util_script.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=374894&r1=374893&r2=374894&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Sat Feb  4 09:41:09 2006
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
 
+  *) Fix PR#38070: Avoid server-driven negotiation when a CGI script
+     has emitted an explicit Status: header [Nick Kew].
+
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
      mod_ssl: Fix a possible crash during access control checks if a
      non-SSL request is processed for an SSL vhost (such as the

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=374894&r1=374893&r2=374894&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Sat Feb  4 09:41:09 2006
@@ -117,11 +117,6 @@
          http://svn.apache.org/viewcvs?view=rev&rev=154319
        +1: stoddard, striker, wrowe (as corrected in subsequent patches)
 
-    *) util_script: FIX PR38070, correctly honor a CGI Status: header.
-         http://svn.apache.org/viewcvs?rev=370692&view=rev
-       +1: colm,niq,wrowe
-
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to
     identify exactly what the proposed changes are!  Add all new

Modified: httpd/httpd/branches/2.0.x/server/util_script.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/server/util_script.c?rev=374894&r1=374893&r2=374894&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/server/util_script.c (original)
+++ httpd/httpd/branches/2.0.x/server/util_script.c Sat Feb  4 09:41:09 2006
@@ -394,6 +394,8 @@
     return 1;
 }
 
+#define HTTP_UNSET (-HTTP_OK)
+
 AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer,
 				       int (*getsfunc) (char *, int, void *),
 				       void *getsfunc_data)
@@ -401,7 +403,7 @@
     char x[MAX_STRING_LEN];
     char *w, *l;
     int p;
-    int cgi_status = HTTP_OK;
+    int cgi_status = HTTP_UNSET;
     apr_table_t *merge;
     apr_table_t *cookie_table;
 
@@ -462,7 +464,18 @@
 	if (w[0] == '\0') {
 	    int cond_status = OK;
 
-	    if ((cgi_status == HTTP_OK) && (r->method_number == M_GET)) {
+	    /* PR#38070: This fails because it gets confused when a
+             * CGI Status header overrides ap_meets_conditions.
+             * 
+             * We can fix that by dropping ap_meets_conditions when
+             * Status has been set.  Since this is the only place
+             * cgi_status gets used, let's test it explicitly.
+             *
+             * The alternative would be to ignore CGI Status when
+             * ap_meets_conditions returns anything interesting.
+             * That would be safer wrt HTTP, but would break CGI.
+             */
+	    if ((cgi_status == HTTP_UNSET) && (r->method_number == M_GET)) {
 		cond_status = ap_meets_conditions(r);
 	    }
 	    apr_table_overlap(r->err_headers_out, merge,



Mime
View raw message