Treat an empty obs-fold line as abusive traffic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1755263 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index b65d63da78bf08a4c4d3aad71d827ec4c7aee4d3..6486a3aaf5ba30a64aa440483db32a8b136337fd 100644 (file)
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-3443
+3444

diff --git a/server/protocol.c b/server/protocol.c
index e65b062e5e26849030c26161c9d905102dd15c84..e66fdcbdf35e9ae5c1760d70dfb62f1c53639b9e 100644 (file)
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -853,17 +853,22 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
             if (last_field == NULL) {
                 r->status = HTTP_BAD_REQUEST;
                 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442)
-                              "Line folding encounterd before first"
+                              "Line folding encountered before first"
                               " header line");
                 return;
             }
 
-            if (field[1] != '\0') {
-                /* ...and leading whitespace on an obs-fold line can be
-                 * similarly discarded */
-                while (field[1] == '\t' || field[1] == ' ') {
-                    ++field; --len;
-                }
+            if (field[1] == '\0') {
+                r->status = HTTP_BAD_REQUEST;
+                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443)
+                              "Empty folded line encountered");
+                return;
+            }
+
+            /* Leading whitespace on an obs-fold line can be
+             * similarly discarded */
+            while (field[1] == '\t' || field[1] == ' ') {
+                ++field; --len;
             }
 
             /* This line is a continuation of the preceding line(s),