Merge r1753592 from trunk:

* Do not overwrite r->status with access_status if access_status is OK or DONE
  as in this case r->status might contain the true response code.

PR: 59869

Submitted by: rpluem
Reviewed by: rpluem, jim, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1756562 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e31f69186ee4c596af7ebe66ae9575fa938b7dc6..ed50f1571f2225a7d3d70b93afc36118d35513dd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,6 +5,9 @@ Changes with Apache 2.4.24
   *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
      [Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
 
+  *) mod_proxy: Correctly consider error response codes by the backend when
+     processing failonstatus. PR 59869 [Ruediger Pluem]
+
   *) mod_dav: Add dav_get_provider_name() function to obtain the name
      of the provider from mod_dav.  [Graham Leggett]
 

diff --git a/STATUS b/STATUS
index aef4d01b330517b5fd28e096839d8bd8fe36a732..9958a4f5923b18cd0732c6eb7c850f36e0c7dd46 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -117,14 +117,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_proxy: Correctly consider error response codes by the backend when
-     processing failonstatus. PR 59869
-      Trunk version of patch:
-         http://svn.apache.org/r1753592
-      Backport version for 2.4.x of patch:
-         Trunk version of patch works (modulo CHANGES)
-      +1: rpluem, jim, ylavic
-
   *) mod_proxy_balancer: Prevent redirect loops between workers within a
      balancer by limiting the number of redirects to the number balancer
      members. PR 59864

diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c
index cdcda4f32c4a3c6bdfce1d3609131215c0259f61..1ab17da1c95570960c41f66717b9f09470d564b1 100644 (file)
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -1255,16 +1255,24 @@ cleanup:
      * the error page on the proxy or if the error was not generated by the
      * backend itself but by the proxy e.g. a bad gateway) in order to give
      * ap_proxy_post_request a chance to act correctly on the status code.
+     * But only do the above if access_status is not OK and not DONE, because
+     * in this case r->status might contain the true status and overwriting
+     * it with OK or DONE would be wrong.
      */
-    saved_status = r->status;
-    r->status = access_status;
-    ap_proxy_post_request(worker, balancer, r, conf);
-    /*
-     * Only restore r->status if it has not been changed by
-     * ap_proxy_post_request as we assume that this change was intentional.
-     */
-    if (r->status == access_status) {
-        r->status = saved_status;
+    if ((access_status != OK) && (access_status != DONE)) {
+        saved_status = r->status;
+        r->status = access_status;
+        ap_proxy_post_request(worker, balancer, r, conf);
+        /*
+         * Only restore r->status if it has not been changed by
+         * ap_proxy_post_request as we assume that this change was intentional.
+         */
+        if (r->status == access_status) {
+            r->status = saved_status;
+        }
+    }
+    else {
+        ap_proxy_post_request(worker, balancer, r, conf);
     }
 
     proxy_run_request_status(&access_status, r);