httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r684100 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS modules/metadata/mod_headers.c
Date Fri, 08 Aug 2008 21:25:04 GMT
Author: rpluem
Date: Fri Aug  8 14:25:04 2008
New Revision: 684100

URL: http://svn.apache.org/viewvc?rev=684100&view=rev
Log:
Merge r674000 from trunk:

* Prevent Header edit from processing only the first header it should
  edit and deleting the remaining ones by iterating over all headers
  with the same name.

PR: 45333

Submitted by: rpluem
Reviewed by: rpluem, niq, mturk

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/STATUS
    httpd/httpd/branches/2.2.x/modules/metadata/mod_headers.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=684100&r1=684099&r2=684100&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Aug  8 14:25:04 2008
@@ -5,6 +5,10 @@
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_headers: Prevent Header edit from processing only the first header
+     of possibly multiple headers with the same name and deleting the
+     remaining ones. PR 45333.  [Ruediger Pluem]
+
   *) mod_proxy_balancer: Move nonce field in the balancer manager page inside
      the html form where it belongs. PR 45578. [Ruediger Pluem]
 

Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=684100&r1=684099&r2=684100&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Fri Aug  8 14:25:04 2008
@@ -90,15 +90,6 @@
    http://svn.apache.org/viewvc?rev=639010&view=rev (mmn)
    +1: niq, rpluem, mturk
 
- * mod_headers: Prevent Header edit from processing only the first header it
-   should edit and deleting the remaining ones by iterating over all headers
-   with the same name. PR: 45333
-     Trunk version of patch:
-        http://svn.apache.org/viewvc?rev=674000&view=rev
-     Backport version for 2.2.x of patch:
-        Trunk version of patch works
-    +1: rpluem, niq, mturk
-
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
 

Modified: httpd/httpd/branches/2.2.x/modules/metadata/mod_headers.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/metadata/mod_headers.c?rev=684100&r1=684099&r2=684100&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/metadata/mod_headers.c (original)
+++ httpd/httpd/branches/2.2.x/modules/metadata/mod_headers.c Fri Aug  8 14:25:04 2008
@@ -133,6 +133,13 @@
     header_entry *hdr;
 } echo_do;
 
+/* edit_do is used for Header edit to iterate through the request headers */
+typedef struct {
+    apr_pool_t *p;
+    header_entry *hdr;
+    apr_table_t *t;
+} edit_do;
+
 /*
  * headers_conf is our per-module configuration. This is used as both
  * a per-dir and per-server config
@@ -578,6 +585,22 @@
     return 1;
 }
 
+static int edit_header(void *v, const char *key, const char *val)
+{
+    edit_do *ed = (edit_do *)v;
+
+    apr_table_addn(ed->t, key, process_regexp(ed->hdr, val, ed->p));
+    return 1;
+}
+
+static int add_them_all(void *v, const char *key, const char *val)
+{
+    apr_table_t *headers = (apr_table_t *)v;
+
+    apr_table_addn(headers, key, val);
+    return 1;
+}
+
 static void do_headers_fixup(request_rec *r, apr_table_t *headers,
                              apr_array_header_t *fixup, int early)
 {
@@ -669,10 +692,16 @@
                          echo_header, (void *) &v, r->headers_in, NULL);
             break;
         case hdr_edit:
-            val = apr_table_get(headers, hdr->header);
-            if (val != NULL) {
-                apr_table_setn(headers, hdr->header,
-                               process_regexp(hdr, val, r->pool));
+            if (apr_table_get(headers, hdr->header)) {
+                edit_do ed;
+
+                ed.p = r->pool;
+                ed.hdr = hdr;
+                ed.t = apr_table_make(r->pool, 5);
+                apr_table_do(edit_header, (void *) &ed, headers, hdr->header,
+                             NULL);
+                apr_table_unset(headers, hdr->header);
+                apr_table_do(add_them_all, (void *) headers, ed.t, NULL);
             }
             break;
         }



Mime
View raw message