From: Paul J. Reder <rederpj@apache.org>
Date: Tue, 8 Jul 2003 21:21:13 +0000 (+0000)
Subject: Update the header token parsing code to allow LWS between the token word
X-Git-Tag: pre_ajp_proxy~1476
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0cab3cd57a7cfeb8dff32525f86b7f55e3a8894b;p=apache

Update the header token parsing code to allow LWS between the token word
and the ':' seperator.  [PR 16520]
[submitted: Kris Verbeeck <kris.verbeeck@advalvas.be> and
            Nicel KM <mnicel@yahoo.com>]
[Reviewed: <coad@measurement-factory.com> and
           Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100492 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 378c6f5fd7..44a1f4a586 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,13 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Update the header token parsing code to allow LWS between the
+     token word and the ':' seperator.  [PR 16520]
+     [submitted: Kris Verbeeck <kris.verbeeck@advalvas.be> and
+                 Nicel KM <mnicel@yahoo.com>]
+     [Reviewed: <coad@measurement-factory.com> and
+                Paul J. Reder]
+
   *) mod_ext_filter: Add the ability to filter request bodies.
      [Philipp Reisner <philipp.reisner@linbit.com>]
 
diff --git a/server/protocol.c b/server/protocol.c
index b1f31bbdd6..a205be9e7d 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -705,6 +705,7 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
     char *value;
     apr_size_t len;
     int fields_read = 0;
+    char *tmp_field;
 
     /*
      * Read header lines until we get the empty separator line, a read error,
@@ -787,11 +788,27 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
                 }
 
                 *value = '\0';
-                ++value;
+                tmp_field = value;  /*Used to trim the whitespace between key */
+                ++value;            /*     token and seperator*/
                 while (*value == ' ' || *value == '\t') {
                     ++value;            /* Skip to start of value   */
                 }
 
+                /* This check is to avoid any invalid memory reference while
+                 *   traversing backwards in the key. To avoid a case where
+                 *   the header starts with ':' (or with just some white
+                 *   space and the ':') followed by the value
+		         */
+                if(tmp_field > last_field) {
+                    --tmp_field;
+                    while ((tmp_field > last_field) &&
+                           (*tmp_field == ' ' || *tmp_field == '\t')) {
+                        --tmp_field;   /* Removing LWS between key and ':' */
+                    }
+                    ++tmp_field;
+                    *tmp_field = '\0';
+                }
+
                 apr_table_addn(r->headers_in, last_field, value);
 
                 /* reset the alloc_len so that we'll allocate a new