From: William A. Rowe Jr Date: Thu, 14 Jul 2005 16:17:56 +0000 (+0000) Subject: Missed an edge case; once we know the C-L didn't match, it's X-Git-Tag: 2.1.7~23 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=00b86812a870cdce79979c67da544e2bbde4aa71;p=apache Missed an edge case; once we know the C-L didn't match, it's time to shut down the body already. Finish reading from the client but do nothing else, returning an error. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@219057 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index 10e6ad4475..b3c33e758b 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -332,6 +332,7 @@ static apr_status_t stream_reqbody_cl(apr_pool_t *p, } apr_brigade_length(input_brigade, 1, &bytes); + bytes_streamed += bytes; /* If this brigade contains EOS, either stop or remove it. */ if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(input_brigade))) { @@ -349,6 +350,18 @@ static apr_status_t stream_reqbody_cl(apr_pool_t *p, apr_bucket_delete(e); } + /* C-L < bytes streamed?!? + * We will error out after the body is completely + * consumed, but we can't stream more bytes at the + * back end since they would in part be interpreted + * as another request! If nothing is sent, then + * just send nothing. + * + * Prevents HTTP Response Splitting. + */ + if (bytes_streamed > cl_val) + continue; + if (header_brigade) { /* we never sent the header brigade, so go ahead and * take care of that now @@ -365,8 +378,6 @@ static apr_status_t stream_reqbody_cl(apr_pool_t *p, if (status != APR_SUCCESS) { return status; } - - bytes_streamed += bytes; } while (!seen_eos); if (bytes_streamed != cl_val) {