httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Garrett Rooney" <>
Subject mod_dav spamming over r->status
Date Fri, 19 May 2006 22:36:30 GMT
So I've got this module that works as an input filter.  It sits in
front of mod_dav_svn and parses incoming REPORT requests, and when it
determines that something is wrong it sets r->status and
r->status_line and errors out by returning APR_EGENERAL.

In HTTPD 2.0.x this works as I expect, the status line I set is sent
back to the user.  In HTTPD 2.2.x I just get a generic error (400 Bad
Request).  This seems kind of odd, so I looked into it.

It turns out that the source of the difference is that in 2.2.1 we
added code that sanity checks r->status and r->status_line, and only
uses r->status_line if the number at the beginning matches r->status.
It turns out that despite the fact that I set both r->status and
r->status_line at the same time, by the time it hits
basic_http_header_check in http_filters.c they're no longer the same.

So where is r->status getting spammed?  Well, it's actually deep in
mod_dav.  We call ap_xml_parse_input, which ends up causing our filter
to get called and  the underlying error gets returned.  This means
that HTTP_BAD_REQUEST gets returned up the stack.  That eventually
gets passed into ap_die, and in ap_die, which does the actual setting
of r->status to HTTP_BAD_REQUEST, which means our r->status and
r->status_line are out of sync, which means the status line gets

So my first instinct is to fix this in the XML parsing code.  If we
get to the error case and r->status is already set to something
interesting, we should return that instead of our default
HTTP_BAD_REQUEST.  Does that make sense?


View raw message