httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <champio...@gmail.com>
Subject Re: svn commit: r1777460 - /httpd/httpd/trunk/modules/http/http_filters.c
Date Fri, 06 Jan 2017 17:06:29 GMT
On 01/05/2017 04:31 AM, ylavic@apache.org wrote:
> Author: ylavic
> Date: Thu Jan  5 12:31:48 2017
> New Revision: 1777460
>
> URL: http://svn.apache.org/viewvc?rev=1777460&view=rev
> Log:
> http: allow folding in check_headers(), still compliant with RFC 7230 (3.2.4).
>
> Modified:
>     httpd/httpd/trunk/modules/http/http_filters.c
>
> Modified: httpd/httpd/trunk/modules/http/http_filters.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?rev=1777460&r1=1777459&r2=1777460&view=diff
> ==============================================================================
> [...]
> @@ -683,8 +726,10 @@ static APR_INLINE int check_headers(requ
>
>      ctx.r = r;
>      ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);
> -    return apr_table_do(check_header, &ctx, r->headers_out, NULL) &&
> -           apr_table_do(check_header, &ctx, r->err_headers_out, NULL);
> +    ctx.unfold = (!r->content_type || strncmp(r->content_type,
> +                                              "message/http", 12));

I don't think this unfolding exception should exist, at least not in 
this part of the code. My reading of 7230 is not that folded headers are 
allowed when the Content-Type is message/http, but rather that folded 
headers are allowed *inside* the message/http payload body:

    This specification deprecates such
    line folding except within the message/http media type
    (Section 8.3.1). A sender MUST NOT generate a message that includes
    line folding (i.e., that has any field-value that contains a match to
    the obs-fold rule) unless the message is intended for packaging
    within the message/http media type.

IOW, the message/http payload body is allowed to be line-length limited, 
I assume because it's a message/* media type. But that doesn't apply to 
the HTTP-level headers.

--Jacob

Mime
View raw message