mod_cache: Fix (max-stale with no '=') and enforce (check integers after '=')

Cache-Control header parsing.

Submitted by: jailletc36
Reviewed by: jim, minfrin

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1748330 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index ffa442d132db7d37d5d66e515b5a4bd7e3ae487f..1250c794b6ed330c5cc288aa498fc69388a7ddc9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.4.21
 
+  *) mod_cache: Fix (max-stale with no '=') and enforce (check
+     integers after '=') Cache-Control header parsing.
+     [Christophe Jaillet]
+
   *) core: Add -DDUMP_INCLUDES configtest option to show the tree
      of Included configuration files.
      [Jacob Champion <champion.pxi gmail.com>]

diff --git a/STATUS b/STATUS
index 162c2282f496bdc4eb0fdb46859caf43aa8f8a8f..f5c0f9fa87a72c409edef013e046a1d4e27b5590 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -114,11 +114,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_cache: Fix (max-stale with no '=') and enforce (check integers after '=')
-     Cache-Control header parsing.
-     trunk patch: http://svn.apache.org/r1715886
-     2.4.x: trunk works
-     +1: jailletc36, jim, minfrin
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:

diff --git a/modules/cache/cache_util.c b/modules/cache/cache_util.c
index 070a5f0d4c11a7528845d416a140154947a31efc..1d65d3f7f8ceba0d32c6ec22c89c19f6843fefaf 100644 (file)
--- a/modules/cache/cache_util.c
+++ b/modules/cache/cache_util.c
@@ -576,7 +576,12 @@ int cache_check_freshness(cache_handle_t *h, cache_request_rec *cache,
     }
 
     if ((agestr = apr_table_get(h->resp_hdrs, "Age"))) {
-        age_c = apr_atoi64(agestr);
+        char *endp;
+        apr_off_t offt;
+        if (!apr_strtoff(&offt, agestr, &endp, 10)
+                && endp > agestr && !*endp) {
+            age_c = offt;
+        }
     }
 
     /* calculate age of object */
@@ -990,6 +995,8 @@ int ap_cache_control(request_rec *r, cache_control_t *cc,
     }
 
     if (cc_header) {
+        char *endp;
+        apr_off_t offt;
         char *header = apr_pstrdup(r->pool, cc_header);
         const char *token = cache_strqtok(header, CACHE_SEPARATOR, &last);
         while (token) {
@@ -1033,27 +1040,33 @@ int ap_cache_control(request_rec *r, cache_control_t *cc,
                 }
                 /* ...then try slowest cases */
                 else if (!strncasecmp(token, "max-age", 7)) {
-                    if (token[7] == '=') {
+                    if (token[7] == '='
+                            && !apr_strtoff(&offt, token + 8, &endp, 10)
+                            && endp > token + 8 && !*endp) {
                         cc->max_age = 1;
-                        cc->max_age_value = apr_atoi64(token + 8);
+                        cc->max_age_value = offt;
                     }
                     break;
                 }
                 else if (!strncasecmp(token, "max-stale", 9)) {
-                    if (token[9] == '=') {
+                    if (token[9] == '='
+                            && !apr_strtoff(&offt, token + 10, &endp, 10)
+                            && endp > token + 10 && !*endp) {
                         cc->max_stale = 1;
-                        cc->max_stale_value = apr_atoi64(token + 10);
+                        cc->max_stale_value = offt;
                     }
-                    else if (!token[10]) {
+                    else if (!token[9]) {
                         cc->max_stale = 1;
                         cc->max_stale_value = -1;
                     }
                     break;
                 }
                 else if (!strncasecmp(token, "min-fresh", 9)) {
-                    if (token[9] == '=') {
+                    if (token[9] == '='
+                            && !apr_strtoff(&offt, token + 10, &endp, 10)
+                            && endp > token + 10 && !*endp) {
                         cc->min_fresh = 1;
-                        cc->min_fresh_value = apr_atoi64(token + 10);
+                        cc->min_fresh_value = offt;
                     }
                     break;
                 }
@@ -1096,9 +1109,11 @@ int ap_cache_control(request_rec *r, cache_control_t *cc,
             case 's':
             case 'S': {
                 if (!strncasecmp(token, "s-maxage", 8)) {
-                    if (token[8] == '=') {
+                    if (token[8] == '='
+                            && !apr_strtoff(&offt, token + 9, &endp, 10)
+                            && endp > token + 9 && !*endp) {
                         cc->s_maxage = 1;
-                        cc->s_maxage_value = apr_atoi64(token + 9);
+                        cc->s_maxage_value = offt;
                     }
                     break;
                 }