httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1178566 - in /httpd/httpd/trunk: CHANGES server/protocol.c
Date Mon, 03 Oct 2011 20:37:49 GMT
Author: sf
Date: Mon Oct  3 20:37:49 2011
New Revision: 1178566

URL: http://svn.apache.org/viewvc?rev=1178566&view=rev
Log:
Enforce LimitRequestFieldSize after multiple headers with the same
name have been merged.

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/protocol.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1178566&r1=1178565&r2=1178566&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Oct  3 20:37:49 2011
@@ -12,6 +12,9 @@ Changes with Apache 2.3.15
      PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener,
      <lowprio20 gmail.com>]
 
+  *) core: Enforce LimitRequestFieldSize after multiple headers with the same
+     name have been merged. [Stefan Fritsch]
+
   *) mod_ssl: If MaxMemFree is set, ask OpenSSL >= 1.0.0 to reduce memory
      usage.  PR 51618. [Cristian Rodr�guez <crrodriguez opensuse org>,
      Stefan Fritsch]

Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1178566&r1=1178565&r2=1178566&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Mon Oct  3 20:37:49 2011
@@ -685,6 +685,23 @@ static int read_request_line(request_rec
     return 1;
 }
 
+static int table_do_fn_check_lengths(void *r_, const char *key,
+                                     const char *value)
+{
+    request_rec *r = r_;
+    if (value == NULL || r->server->limit_req_fieldsize >= strlen(value) )
+        return 1;
+
+    r->status = HTTP_BAD_REQUEST;
+    apr_table_setn(r->notes, "error-notes",
+                   apr_pstrcat(r->pool, "Size of a request header field "
+                               "after merging exceeds server limit.<br />"
+                               "\n<pre>\n",
+                               ap_escape_html(r->pool, key),
+                               "</pre>\n", NULL));
+    return 0;
+}
+
 AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
 {
     char *last_field = NULL;
@@ -850,6 +867,9 @@ AP_DECLARE(void) ap_get_mime_headers_cor
      * field-name, following RFC 2616, 4.2.
      */
     apr_table_compress(r->headers_in, APR_OVERLAP_TABLES_MERGE);
+
+    /* enforce LimitRequestFieldSize for merged headers */
+    apr_table_do(table_do_fn_check_lengths, r, r->headers_in, NULL);
 }
 
 AP_DECLARE(void) ap_get_mime_headers(request_rec *r)



Mime
View raw message