Return-Path: 
 <dev-return-78328-apmail-httpd-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-dev-archive@www.apache.org
Delivered-To: apmail-httpd-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 6C38310B22
	for <apmail-httpd-dev-archive@www.apache.org>;
 Thu, 22 Aug 2013 13:29:11 +0000 (UTC)
Received: (qmail 54103 invoked by uid 500); 22 Aug 2013 13:29:09 -0000
Delivered-To: apmail-httpd-dev-archive@httpd.apache.org
Received: (qmail 54032 invoked by uid 500); 22 Aug 2013 13:29:07 -0000
Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
list-help: <mailto:dev-help@httpd.apache.org>
list-unsubscribe: <mailto:dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:dev@httpd.apache.org>
List-Id: <dev.httpd.apache.org>
Delivered-To: mailing list dev@httpd.apache.org
Received: (qmail 54024 invoked by uid 99); 22 Aug 2013 13:29:06 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Aug 2013 13:29:06 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of covener@gmail.com designates
 209.85.128.172 as permitted sender)
Received: from [209.85.128.172] (HELO mail-ve0-f172.google.com)
 (209.85.128.172)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 22 Aug 2013 13:29:01 +0000
Received: by mail-ve0-f172.google.com with SMTP id oz10so1513089veb.31
        for <dev@httpd.apache.org>; Thu, 22 Aug 2013 06:28:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=Egc25Vf3BSsQ/et1Z3rPFDaI6ZcQ/RFGjvcvPl/3jNs=;
        b=eSOo7Ybqt+0bvyhMxsBJJmOOG3H2hNXl9E1bA5smvYTxv7MZc0LuH8L2xTWT6n+wrQ
         Hqnd4ead5u3jZpGQ3cRpSgwp0IvhKbzk0WKl+C+SFVgZlwnTAf66T+SXB1+LvykGKDhK
         JQs3s8ipBL3Z8aJXy7Q1fiG5/87fulVsadMJM+hbMaOwT/504IY3UfLQ6azbwzB9GgaW
         4gOjemBjtfENlhR4u4N9gRT3oGAmQ2w8vEI+1meEXvuxn5yXW7wDHx63gngzEW0lCzOS
         LIqiUUiRhGQ7AjWajuICyNA3srfUEZW5D089uFRtJxeg02ZgCeBwMpaOOJWXu5qzv0vT
         jFbQ==
MIME-Version: 1.0
X-Received: by 10.52.120.78 with SMTP id la14mr3122830vdb.9.1377178120855;
 Thu, 22 Aug 2013 06:28:40 -0700 (PDT)
Received: by 10.58.49.33 with HTTP; Thu, 22 Aug 2013 06:28:40 -0700 (PDT)
In-Reply-To: <20130528210217.AC7052388847@eris.apache.org>
References: <20130528210217.AC7052388847@eris.apache.org>
Date: Thu, 22 Aug 2013 09:28:40 -0400
Message-ID: 
 <CALK=YjN=Nu89dmEQuc4+_K3yzO8UQ1cx2pmrUdjWzwnwV4Mbqg@mail.gmail.com>
Subject: Re: svn commit: r1487118 - in /httpd/httpd/branches/2.4.x: ./ CHANGES
 STATUS modules/cache/mod_cache.c
From: Eric Covener <covener@gmail.com>
To: dev@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, May 28, 2013 at 5:02 PM,  <minfrin@apache.org> wrote:
> Author: minfrin
> Date: Tue May 28 21:02:17 2013
> New Revision: 1487118
>
> URL: http://svn.apache.org/r1487118
> Log:
> mod_cache: Make sure that contradictory entity headers present in a 304
> Not Modified response are caught and cause the entity to be removed.
>
> trunk patch: http://svn.apache.org/r1479117
> 2.4.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-304sanity.patch2.4.patch
>
> Submitted by: minfrin
> Reviewed by: jim, wrowe
>
> Modified:
>     httpd/httpd/branches/2.4.x/   (props changed)
>     httpd/httpd/branches/2.4.x/CHANGES
>     httpd/httpd/branches/2.4.x/STThjeyATUS
>     httpd/httpd/branches/2.4.x/modules/cache/mod_cache.c
>
> Propchange: httpd/httpd/branches/2.4.x/
> ------------------------------------------------------------------------------
>   Merged /httpd/httpd/trunk:r1479117
>
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1487118&r1=1487117&r2=1487118&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Tue May 28 21:02:17 2013
> @@ -2,6 +2,10 @@
>
>  Changes with Apache 2.4.5
>
> +  *) mod_cache: Make sure that contradictory entity headers present in a 304
> +     Not Modified response are caught and cause the entity to be removed.
> +     [Graham Leggett]
> +
>    *) mod_cache: Make sure Vary processing handles multivalued Vary headers and
>       multivalued headers referred to via Vary. [Graham Leggett]
>
>
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1487118&r1=1487117&r2=1487118&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Tue May 28 21:02:17 2013
> @@ -90,12 +90,6 @@ RELEASE SHOWSTOPPERS:
>  PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>    [ start all new proposals below, under PATCHES PROPOSED. ]
>
> -    * mod_cache: Make sure that contradictory entity headers present in a 304
> -      Not Modified response are caught and cause the entity to be removed.
> -      trunk patch: http://svn.apache.org/r1479117
> -      2.4.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-304sanity.patch2.4.patch
> -      +1: minfrin, jim, wrowe
> -
>      * mod_cache: Honour Cache-Control: no-store in a request.
>        trunk patch: http://svn.apache.org/r1479222
>        2.4.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-nostore2.4.patch
>
> Modified: httpd/httpd/branches/2.4.x/modules/cache/mod_cache.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/cache/mod_cache.c?rev=1487118&r1=1487117&r2=1487118&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/cache/mod_cache.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/cache/mod_cache.c Tue May 28 21:02:17 2013
> @@ -743,6 +743,22 @@ static int cache_save_store(ap_filter_t
>      return rv;
>  }
>
> +/**
> + * Sanity check for 304 Not Modified responses, as per RFC2616 Section 10.3.5.
> + */
> +static const char *cache_header_cmp(apr_pool_t *pool, apr_table_t *left,
> +        apr_table_t *right, const char *key)
> +{
> +    const char *h1, *h2;
> +
> +    if ((h1 = cache_table_getm(pool, left, key))
> +            && (h2 = cache_table_getm(pool, right, key)) && (strcmp(h1, h2))) {
> +        return apr_pstrcat(pool, "contradiction: 304 Not Modified, but ", key,
> +                " modified", NULL);
> +    }
> +    return NULL;
> +}
> +
>  /*
>   * CACHE_SAVE filter
>   * ---------------
> @@ -776,7 +792,7 @@ static apr_status_t cache_save_filter(ap
>      apr_time_t exp, date, lastmod, now;
>      apr_off_t size = -1;
>      cache_info *info = NULL;
> -    char *reason;
> +    const char *reason;
>      apr_pool_t *p;
>      apr_bucket *e;
>      apr_table_t *headers;
> @@ -1063,6 +1079,56 @@ static apr_status_t cache_save_filter(ap
>          /* or we've been asked not to cache it above */
>          reason = "r->no_cache present";
>      }
> +    else if (r->status == HTTP_NOT_MODIFIED && cache->stale_handle) {
> +        apr_table_t *left = cache->stale_handle->resp_hdrs;
> +        apr_table_t *right = r->headers_out;
> +
> +        /* and lastly, contradiction checks for revalidated responses
> +         * as per RFC2616 Section 10.3.5
> +         */
> +        if (((reason = cache_header_cmp(r->pool, left, right, "Allow")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Encoding")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Language")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Length")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Location")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-MD5")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Range")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Content-Type")))
> +                || ((reason = cache_header_cmp(r->pool, left, right, "Expires")))
> +                || ((reason = cache_header_cmp(r->pool, left, right, "ETag")))
> +                || ((reason = cache_header_cmp(r->pool, left, right,
> +                        "Last-Modified")))) {
> +            /* contradiction: 304 Not Modified, but entity header modified */


I stumbled on this contradiction/revalidating message today in 2.4.

Shouldn't Expires be omitted in this check since it applies to the
original entity?

   The response MUST include the following header fields:
...

      - Expires, Cache-Control, and/or Vary, if the field-value might
        differ from that sent in any previous response for the same
        variant



-- 
Eric Covener
covener@gmail.com