http: follow up to r1685345, also needed in 2.4.x/2.2.x by r1686271/r1687339.
Handle reentrance of state BODY_CHUNK_CR to avoid AH02901 when we eat BWS
from multiple reads.
http: follow up to r1685345.
Be lenient up to 10 (room for 32bit decimals) Bad White Spaces (BWS)
between chunk-size and chunk-ext/CRLF.
Submitted by: ylavic
Reviewed by: ylavic, jim, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1689821 13f79535-47bb-0310-9956-
ffa450edef68
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) http: follow up to r1686271 (trunk) => r1686271 (2.4.x)
- Handle reentrance of state BODY_CHUNK_CR to avoid AH02901 when we eat
- BWS from multiple reads, and limit number of chunk-BWS to 10.
- trunk patch: http://svn.apache.org/r1688536
- http://svn.apache.org/r1688538
- 2.4.x patch: trunk works
- +1: ylavic, jim, wrowe
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
apr_off_t limit;
apr_off_t limit_used;
apr_int32_t chunk_used;
+ apr_int32_t chunk_bws;
apr_int32_t chunkbits;
enum
{
ctx->remaining = 0;
ctx->chunkbits = sizeof(apr_off_t) * 8;
ctx->chunk_used = 0;
+ ctx->chunk_bws = 0;
}
if (c == LF) {
}
}
else if (c == ' ' || c == '\t') {
+ /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3).
+ */
ctx->state = BODY_CHUNK_CR;
+ if (++ctx->chunk_bws > 10) {
+ return APR_EINVAL;
+ }
}
else if (ctx->state == BODY_CHUNK_CR) {
/*
case BODY_CHUNK:
case BODY_CHUNK_PART:
case BODY_CHUNK_EXT:
+ case BODY_CHUNK_CR:
case BODY_CHUNK_LF:
case BODY_CHUNK_END:
case BODY_CHUNK_END_LF: {
projects / apache / commitdiff