httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [Patch 1.3] Strict proxy C-L / T-E conformance
Date Wed, 06 Jul 2005 16:45:21 GMT
At 08:12 AM 7/6/2005, Jim Jagielski wrote:

>On Jul 6, 2005, at 9:06 AM, Jim Jagielski wrote:
>
>>+                char *len_end;
>>+                c->len = ap_strtol(content_length, *len_end, 10);
>>+                if ((c->len < 0) || *len_end) {
>>
>>Oops... Should be:
>>
>>     c->len = ap_strtol(content_length, &len_end, 10);
>
>You know, to be anal about it we should check for range errors; it  
>should be:
>
>    char *len_end;
>    int errno = 0;
>      ...
>    if ((c->len < 0) || errno || (len_end && *len_end))

Agreed... revised patch attached.

The patch does leave me some questions, as I began looking
at Apache 2.1.  Doing this in http_filter might be too late, 
it seems that the http_header filter could be a better place.

Also, I'm not clear if mod_gzip can inject itself into the backend
proxy code, and whether or not mod_gzip supports T-E encoding or
only C-E, or if any other modules play with different T-E fields.
I don't have the sources handy.

But in 2.1, we allow filters to inject themselves in all sorts of
places.  I'm unsure how early we want to reject T-E other than
the 'chunked' token.

Bill  
Mime
View raw message