]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3515c0c)
Follow up to r1684513: allow spaces before and after chunk-size.
authorYann Ylavic <ylavic@apache.org>
Sat, 13 Jun 2015 23:35:04 +0000 (23:35 +0000)
committerYann Ylavic <ylavic@apache.org>
Sat, 13 Jun 2015 23:35:04 +0000 (23:35 +0000)
Slightly modified version of trawick's proposal.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1685345 13f79535-47bb-0310-9956-ffa450edef68

modules/http/http_filters.c patch | blob | history

diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 8a628b907839adf2d46ceca5c7f297420fcb8ecb..834b3ba38dfb7030735a475ef97695d46bab5a5b 100644 (file)
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -71,10 +71,11 @@ typedef struct http_filter_ctx
         BODY_CHUNK, /* chunk expected */
         BODY_CHUNK_PART, /* chunk digits */
         BODY_CHUNK_EXT, /* chunk extension */
-        BODY_CHUNK_LF, /* got CR, expect LF after digits/extension */
+        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */
+        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */
         BODY_CHUNK_DATA, /* data constrained by chunked encoding */
         BODY_CHUNK_END, /* chunked data terminating CRLF */
-        BODY_CHUNK_END_LF, /* got CR, expect LF after data */
+        BODY_CHUNK_END_LF, /* got CR after data, expect LF */
         BODY_CHUNK_TRAILER /* trailers */
     } state;
     unsigned int eos_sent :1;
@@ -119,6 +120,10 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
 
         /* handle start of the chunk */
         if (ctx->state == BODY_CHUNK) {
+            if (c == ' ' || c == '\t') {
+                i++;
+                continue;
+            }
             if (!apr_isxdigit(c)) {
                 /*
                  * Detect invalid character at beginning. This also works for
@@ -162,6 +167,15 @@ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
                 return APR_EINVAL;
             }
         }
+        else if (c == ' ' || c == '\t') {
+            ctx->state = BODY_CHUNK_CR;
+        }
+        else if (ctx->state == BODY_CHUNK_CR) {
+            /*
+             * ';', CR or LF expected.
+             */
+            return APR_EINVAL;
+        }
         else if (ctx->state == BODY_CHUNK_PART) {
             int xvalue;
 
Unnamed repository; edit this file 'description' to name the repository.