httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1756847 - /httpd/httpd/trunk/server/protocol.c
Date Thu, 18 Aug 2016 20:26:53 GMT
Author: wrowe
Date: Thu Aug 18 20:26:53 2016
New Revision: 1756847

URL: http://svn.apache.org/viewvc?rev=1756847&view=rev
Log:
Correct request header handling of whitespace with the new possible config of
HttpProtocolOptions Unsafe StrictWhitespace

I have elected not to preserve any significance to excess whitespace in the
now-deprecated obs-fold code path, that's certainly open for discussion.

This can be reviewed by tweaking t/conf/extra.conf to switch Strict to Unsafe.

Modified:
    httpd/httpd/trunk/server/protocol.c

Modified: httpd/httpd/trunk/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/protocol.c?rev=1756847&r1=1756846&r2=1756847&view=diff
==============================================================================
--- httpd/httpd/trunk/server/protocol.c (original)
+++ httpd/httpd/trunk/server/protocol.c Thu Aug 18 20:26:53 2016
@@ -878,6 +878,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
     char *tmp_field;
     core_server_config *conf = ap_get_core_module_config(r->server->module_config);
     int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);
+    int strictspaces = (conf->http_whitespace == AP_HTTP_WHITESPACE_STRICT);
 
     /*
      * Read header lines until we get the empty separator line, a read error,
@@ -988,7 +989,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
             }
             memcpy(last_field + last_len, field, len +1); /* +1 for nul */
             /* Replace obs-fold w/ SP per RFC 7230 3.2.4 */
-            if (strict) {
+            if (strict || strictspaces) {
                 last_field[last_len] = ' ';
             }
             last_len += len;
@@ -1017,9 +1018,23 @@ AP_DECLARE(void) ap_get_mime_headers_cor
                 return;
             }
 
-            if (!strict) {
+            if (!strict)
+            {
                 /* Not Strict ('Unsafe' mode), using the legacy parser */
 
+                if (strictspaces && strpbrk(last_field, "\n\v\f\r")) {
+                    r->status = HTTP_BAD_REQUEST;
+                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03451)
+                                  "Request header presented bad whitespace "
+                                  "(disallowed by StrictWhitespace)");
+                    return;
+                }
+                else {
+                    char *ll = last_field;
+                    while ((ll = strpbrk(ll, "\n\v\f\r")))
+                        *(ll++) = ' ';
+                }
+
                 if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
                     r->status = HTTP_BAD_REQUEST;   /* abort bad request */
                     ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00564)
@@ -1029,10 +1044,19 @@ AP_DECLARE(void) ap_get_mime_headers_cor
                     return;
                 }
 
-                tmp_field = value - 1; /* last character of field-name */
+                /* last character of field-name */
+                tmp_field = value - (value > last_field ? 1 : 0);
 
                 *value++ = '\0'; /* NUL-terminate at colon */
 
+                if (strictspaces && strpbrk(last_field, " \t")) {
+                    r->status = HTTP_BAD_REQUEST;
+                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03452)
+                                  "Request header field name with whitespace "
+                                  "(disallowed by StrictWhitespace)");
+                    return;
+                }
+
                 while (*value == ' ' || *value == '\t') {
                      ++value;            /* Skip to start of value   */
                 }
@@ -1040,7 +1064,14 @@ AP_DECLARE(void) ap_get_mime_headers_cor
                 /* Strip LWS after field-name: */
                 while (tmp_field > last_field
                            && (*tmp_field == ' ' || *tmp_field == '\t')) {
-                    *tmp_field-- = '\0';
+                    *(tmp_field--) = '\0';
+                }
+
+                if (tmp_field == last_field) {
+                    r->status = HTTP_BAD_REQUEST;
+                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03453)
+                                  "Request header field name was empty");
+                    return;
                 }
             }
             else /* Using strict RFC7230 parsing */



Mime
View raw message