From: William A. Rowe Jr <wrowe@apache.org>
Date: Tue, 22 Nov 2016 18:33:20 +0000 (+0000)
Subject: List discussion resulted in rejecting all but SP characters in the request
X-Git-Tag: 2.5.0-alpha~984
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=108f897191ac318519fca628bdad254db853b6f7;p=apache

List discussion resulted in rejecting all but SP characters in the request
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/server/protocol.c b/server/protocol.c
index b25807d65b..5a6981b780 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -680,8 +680,8 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-                 && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -689,8 +689,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (uri = ll; apr_isspace(*uri); ++uri) 
-        if (ap_strchr_c("\t\n\v\f\r", *uri)
-                && deferred_error == rrl_none)
+        if (*uri != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';
 
@@ -706,14 +705,14 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         ll = strpbrk(ll, "\t\n\v\f\r ");
     }
 
-    /* Verify method terminated with a single SP, or mark as specific error */
+    /* Verify URI terminated with a single SP, or mark as specific error */
     if (!ll) {
         r->protocol = "";
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-            && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -721,8 +720,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (r->protocol = ll; apr_isspace(*r->protocol); ++r->protocol) 
-        if (ap_strchr_c("\t\n\v\f\r", *r->protocol)
-                && deferred_error == rrl_none)
+        if (*r->protocol != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';