Merge r1685345, r1685347, r1685349, r1685350 from trunk:

Follow up to r1684513: allow spaces before and after chunk-size.
Slightly modified version of trawick's proposal.

Follow up to r1685345: don't accept spaces *before* the chunk-size.

Follow up to r1685345: CHANGES entry.

Follow up to r1685349: remove a tab.
Submitted by: ylavic
Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1686271 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 62794393ad3f90bb0d58f723d743db8647de0a94..6e28a3f2ba57818936ca07f10b0504c73789db27 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.15
 
+  *) core: Allow spaces after chunk-size for compatibility with implementations
+     using a pre-filled buffer.  [Yann Ylavic, Jeff Trawick]
+
   *) mod_ssl: Remove deprecated SSLCertificateChainFile warning.
      [Yann Ylavic]
 

diff --git a/STATUS b/STATUS
index 18e09cc9b820c40dcc4e1e07f33bc3a3bb01200b..7e3591fa546aa5da3ad212279b08ac0d2ad5fd86 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -107,15 +107,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) core: Allow spaces after chunk-size for compatibility with implementations
-     using a pre-filled buffer, and log parsing failures at level INFO.
-     trunk patch: http://svn.apache.org/r1685345
-                  http://svn.apache.org/r1685347
-                  http://svn.apache.org/r1685349
-                  http://svn.apache.org/r1685350
-     2.4.x patch: http://people.apache.org/~ylavic/httpd-2.4.x-ap_http_filter_chunked-v3.patch
-     +1: ylavic, trawick (v3), wrowe (v3)
-
   *) mod_charset_lite, mod_ext_filter:  Avoid inadvertent filtering of protocol
      data during read of chunked request bodies. PR 58049.
      trunk patch: http://svn.apache.org/r1686085

diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index c6371ed3157aed5558c77542128ed18ee07a763a..70b5484b837527331131c5f76922faf6d5b98a75 100644 (file)
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -71,10 +71,11 @@ typedef struct http_filter_ctx
         BODY_CHUNK, /* chunk expected */
         BODY_CHUNK_PART, /* chunk digits */
         BODY_CHUNK_EXT, /* chunk extension */
-        BODY_CHUNK_LF, /* got CR, expect LF after digits/extension */
+        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */
+        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */
         BODY_CHUNK_DATA, /* data constrained by chunked encoding */
         BODY_CHUNK_END, /* chunked data terminating CRLF */
-        BODY_CHUNK_END_LF, /* got CR, expect LF after data */
+        BODY_CHUNK_END_LF, /* got CR after data, expect LF */
         BODY_CHUNK_TRAILER /* trailers */
     } state;
     unsigned int eos_sent :1;
@@ -204,6 +205,15 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
                 return APR_EINVAL;
             }
         }
+        else if (c == ' ' || c == '\t') {
+            ctx->state = BODY_CHUNK_CR;
+        }
+        else if (ctx->state == BODY_CHUNK_CR) {
+            /*
+             * ';', CR or LF expected.
+             */
+            return APR_EINVAL;
+        }
         else if (ctx->state == BODY_CHUNK_PART) {
             int xvalue;