From: Greg Ames Date: Wed, 23 Mar 2005 16:36:45 +0000 (+0000) Subject: don't propagate input headers describing a body to a subrequest. this can cause a X-Git-Tag: 2.1.5~270 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=235fd33d8f336307ff96e6c8577c51809aa23e5c;p=apache don't propagate input headers describing a body to a subrequest. this can cause a back end server to hang in a read for a body which no longer exists. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@158798 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 98f4a3b5d5..898e131c0b 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes with Apache 2.1.5 Changes with Apache 2.1.4 + *) Don't let a subrequest inherit headers describing the original request's + body. [Greg Ames] + *) Fix Windows CompContext buff size miscalculation [Allan Edwards] diff --git a/server/protocol.c b/server/protocol.c index 1950068182..4d7d54ace9 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -987,6 +987,21 @@ request_rec *ap_read_request(conn_rec *conn) return r; } +/* if a request with a body creates a subrequest, clone the original request's + * input headers minus any headers pertaining to the body which has already + * been read. out-of-line helper function for ap_set_sub_req_protocol. + */ + +static void clone_headers_no_body(request_rec *rnew, + const request_rec *r) +{ + rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); + apr_table_unset(rnew->headers_in, "Content-Length"); + apr_table_unset(rnew->headers_in, "Transfer-Encoding"); + apr_table_unset(rnew->headers_in, "Content-Type"); + apr_table_unset(rnew->headers_in, "Content-Encoding"); +} + /* * A couple of other functions which initialize some of the fields of * a request structure, as appropriate for adjuncts of one kind or another @@ -1008,7 +1023,15 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, rnew->status = HTTP_OK; - rnew->headers_in = r->headers_in; + /* did the original request have a body? (e.g. POST w/SSI tags) + * if so, make sure the subrequest doesn't inherit body headers + */ + if (r->read_length) { + clone_headers_no_body(rnew, r); + } else { + /* no body (common case). clone headers the cheap way */ + rnew->headers_in = r->headers_in; + } rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); rnew->headers_out = apr_table_make(rnew->pool, 5); rnew->err_headers_out = apr_table_make(rnew->pool, 5);