Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 998F4200BD5 for ; Thu, 8 Dec 2016 22:56:13 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 981FD160B1F; Thu, 8 Dec 2016 21:56:13 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B9BDF160B0A for ; Thu, 8 Dec 2016 22:56:12 +0100 (CET) Received: (qmail 85765 invoked by uid 500); 8 Dec 2016 21:56:10 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 85643 invoked by uid 99); 8 Dec 2016 21:56:10 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 08 Dec 2016 21:56:10 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id 0EBCAC146E for ; Thu, 8 Dec 2016 21:56:10 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.102 X-Spam-Level: X-Spam-Status: No, score=-0.102 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=disabled Authentication-Results: spamd4-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id 2nWJWdoSN5HV for ; Thu, 8 Dec 2016 21:56:08 +0000 (UTC) Received: from mail-pg0-f48.google.com (mail-pg0-f48.google.com [74.125.83.48]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 994F160E35 for ; Thu, 8 Dec 2016 21:56:08 +0000 (UTC) Received: by mail-pg0-f48.google.com with SMTP id 3so178104290pgd.0 for ; Thu, 08 Dec 2016 13:56:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding; bh=zUd7ViN7jWpV51ebWPqciQ7LxUFasQvIrgKv8Y5kJnU=; b=Bge/VgplGdzPrBuL716uzcd8pM2aiBYrI7S8Xd1VhRk+MLwQ+PF9TNxjZUfiwle2Qc oLKrhCgIrQW+uXNcUXu8wJEn0y+PzBxOQwyx4+fM1vsCAspPhYYbVBk2hCqEvdCfbEjY 4rhfV71MGupSdtsIvuUKju0ZHlsh9ksBu+32xoP/XKnRfzuFUJaWzHfcs7kOnobIZoAU 8VPaMRAoEsDw+kxYurV29xXEzBolstGhWte3CoJlVN8yjtv4dMyl8O30DGCVOaBV6e4g pcMssX180Op+9t/5uYW325BSq8YEeeYZUu2eRoiWCyewdW7Zna1lcKveRDtVMLPZU868 sKKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=zUd7ViN7jWpV51ebWPqciQ7LxUFasQvIrgKv8Y5kJnU=; b=hdFJePO69T896pNWpSow8KMf9qzH0gTB/gQIc+9SUzRdVRQeHQFFDB58yCMsaqPkWp 1Bco6DqIT26elNyKZzGGKCefV2dTi/oULAXpmZelQs/TJXlX38Cs3/TG7wdTt8FlUq1F u1ilzMWL3ss7Ddjq9nLBJsEymT5VwJU5jAiRv7B4DT+cZOqj0+I7fRNOfjMYmO7a3ukG 92tjDnR8twmCkkm5GigrsPY87RbhnbeNOH/rtVERO4Py5cFxGXcITP9GFVCrsSNaoQ8C 8w0h7a0D9U6VeM2Y0cvi5rjxiHm14x662OQexUVlp8Ow/Yj/BxNncMdr7tLPy0lYRHs6 mSeA== X-Gm-Message-State: AKaTC00l24JoOrLawg6O0R/iyCbxvXYrp5qWioBpEdHJKDu/EvNCdgSfyGHldeQK8vIyiw== X-Received: by 10.99.112.13 with SMTP id l13mr136092163pgc.7.1481234150725; Thu, 08 Dec 2016 13:55:50 -0800 (PST) Received: from [192.168.1.7] (50-39-112-180.bvtn.or.frontiernet.net. [50.39.112.180]) by smtp.gmail.com with ESMTPSA id w24sm52345619pfa.9.2016.12.08.13.55.49 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 08 Dec 2016 13:55:50 -0800 (PST) Subject: Re: svn commit: r1773293 - /httpd/httpd/trunk/modules/http/http_filters.c To: dev@httpd.apache.org References: <20161208195758.307DC3A0026@svn01-us-west.apache.org> From: Jacob Champion Message-ID: Date: Thu, 8 Dec 2016 13:55:49 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <20161208195758.307DC3A0026@svn01-us-west.apache.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit archived-at: Thu, 08 Dec 2016 21:56:13 -0000 On 12/08/2016 11:57 AM, covener@apache.org wrote: > Author: covener > Date: Thu Dec 8 19:57:57 2016 > New Revision: 1773293 > > URL: http://svn.apache.org/viewvc?rev=1773293&view=rev > Log: > change error handling for bad resp headers > > - avoid looping between ap_die and the http filter > - remove the header that failed the check > - keep calling apr_table_do until our fn stops matching > > > This is still not great. We get the original body, a 500 status > code and status line. > > (r1773285 + fix for first return from check_headers) > > > > Modified: > httpd/httpd/trunk/modules/http/http_filters.c > > Modified: httpd/httpd/trunk/modules/http/http_filters.c > URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1773293&r1=1773292&r2=1773293&view=diff > ============================================================================== > --- httpd/httpd/trunk/modules/http/http_filters.c (original) > +++ httpd/httpd/trunk/modules/http/http_filters.c Thu Dec 8 19:57:57 2016 > @@ -632,6 +632,7 @@ apr_status_t ap_http_filter(ap_filter_t > struct check_header_ctx { > request_rec *r; > int strict; > + const char *badheader; > }; > > /* check a single header, to be used with apr_table_do() */ > @@ -643,6 +644,7 @@ static int check_header(void *arg, const > if (name[0] == '\0') { > ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428) > "Empty response header name, aborting request"); > + ctx->badheader = name; > return 0; > } > > @@ -657,6 +659,7 @@ static int check_header(void *arg, const > "Response header name '%s' contains invalid " > "characters, aborting request", > name); > + ctx->badheader = name; > return 0; > } > > @@ -666,6 +669,7 @@ static int check_header(void *arg, const > "Response header '%s' value of '%s' contains invalid " > "characters, aborting request", > name, val); > + ctx->badheader = name; > return 0; > } > return 1; > @@ -680,13 +684,21 @@ static APR_INLINE int check_headers(requ > struct check_header_ctx ctx; > core_server_config *conf = > ap_get_core_module_config(r->server->module_config); > + int rv = 1; > > ctx.r = r; > ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); > - if (!apr_table_do(check_header, &ctx, r->headers_out, NULL)) > - return 0; /* problem has been logged by check_header() */ > + ctx.badheader = NULL; > > - return 1; > + while (!apr_table_do(check_header, &ctx, r->headers_out, NULL)){ > + if (ctx.badheader) { > + apr_table_unset(r->headers_out, ctx.badheader); > + apr_table_unset(r->err_headers_out, ctx.badheader); Hmm, I suppose that if something like Transfer-/Content-Encoding is one of the headers to get axed here, we'll end up breaking the protocol entirely if and when we push out the original response body... Ugh, this is tough. > + } > + rv = 0; /* problem has been logged by check_header() */ > + } > + > + return rv; > } > > typedef struct header_struct { > @@ -1249,8 +1261,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ > } > > if (!check_headers(r)) { > - ap_die(HTTP_INTERNAL_SERVER_ERROR, r); > - return AP_FILTER_ERROR; > + r->status = 500; > } > > /* > >