Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 05F6D200BD5 for ; Thu, 8 Dec 2016 20:58:08 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 0479E160B1F; Thu, 8 Dec 2016 19:58:08 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4B1DD160B0A for ; Thu, 8 Dec 2016 20:58:07 +0100 (CET) Received: (qmail 99706 invoked by uid 500); 8 Dec 2016 19:58:01 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 99697 invoked by uid 99); 8 Dec 2016 19:58:01 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Dec 2016 19:58:01 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id D9CDD18BB8D for ; Thu, 8 Dec 2016 19:58:00 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=6.31 tests=[KAM_LAZY_DOMAIN_SECURITY=1, RP_MATCHES_RCVD=-2.999] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id mNcaRJi_-9df for ; Thu, 8 Dec 2016 19:57:59 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 6CF1C5F246 for ; Thu, 8 Dec 2016 19:57:59 +0000 (UTC) Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 8709AE017A for ; Thu, 8 Dec 2016 19:57:58 +0000 (UTC) Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id 307DC3A0026 for ; Thu, 8 Dec 2016 19:57:58 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1773293 - /httpd/httpd/trunk/modules/http/http_filters.c Date: Thu, 08 Dec 2016 19:57:57 -0000 To: cvs@httpd.apache.org From: covener@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20161208195758.307DC3A0026@svn01-us-west.apache.org> archived-at: Thu, 08 Dec 2016 19:58:08 -0000 Author: covener Date: Thu Dec 8 19:57:57 2016 New Revision: 1773293 URL: http://svn.apache.org/viewvc?rev=1773293&view=rev Log: change error handling for bad resp headers - avoid looping between ap_die and the http filter - remove the header that failed the check - keep calling apr_table_do until our fn stops matching This is still not great. We get the original body, a 500 status code and status line. (r1773285 + fix for first return from check_headers) Modified: httpd/httpd/trunk/modules/http/http_filters.c Modified: httpd/httpd/trunk/modules/http/http_filters.c URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1773293&r1=1773292&r2=1773293&view=diff ============================================================================== --- httpd/httpd/trunk/modules/http/http_filters.c (original) +++ httpd/httpd/trunk/modules/http/http_filters.c Thu Dec 8 19:57:57 2016 @@ -632,6 +632,7 @@ apr_status_t ap_http_filter(ap_filter_t struct check_header_ctx { request_rec *r; int strict; + const char *badheader; }; /* check a single header, to be used with apr_table_do() */ @@ -643,6 +644,7 @@ static int check_header(void *arg, const if (name[0] == '\0') { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428) "Empty response header name, aborting request"); + ctx->badheader = name; return 0; } @@ -657,6 +659,7 @@ static int check_header(void *arg, const "Response header name '%s' contains invalid " "characters, aborting request", name); + ctx->badheader = name; return 0; } @@ -666,6 +669,7 @@ static int check_header(void *arg, const "Response header '%s' value of '%s' contains invalid " "characters, aborting request", name, val); + ctx->badheader = name; return 0; } return 1; @@ -680,13 +684,21 @@ static APR_INLINE int check_headers(requ struct check_header_ctx ctx; core_server_config *conf = ap_get_core_module_config(r->server->module_config); + int rv = 1; ctx.r = r; ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); - if (!apr_table_do(check_header, &ctx, r->headers_out, NULL)) - return 0; /* problem has been logged by check_header() */ + ctx.badheader = NULL; - return 1; + while (!apr_table_do(check_header, &ctx, r->headers_out, NULL)){ + if (ctx.badheader) { + apr_table_unset(r->headers_out, ctx.badheader); + apr_table_unset(r->err_headers_out, ctx.badheader); + } + rv = 0; /* problem has been logged by check_header() */ + } + + return rv; } typedef struct header_struct { @@ -1249,8 +1261,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ } if (!check_headers(r)) { - ap_die(HTTP_INTERNAL_SERVER_ERROR, r); - return AP_FILTER_ERROR; + r->status = 500; } /*