From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 29 Jun 2017 00:16:27 +0000 (+0000)
Subject: Restore single-char field names inadvertantly disallowed in 2.4.25.
X-Git-Tag: 2.4.27~37
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3170de3d464f5b4c8c9e11fecb3ed0604b7e9761;p=apache

Restore single-char field names inadvertantly disallowed in 2.4.25.
Backports: r1800173
PR: 61220
Submitted by: ylavic
Reviewed by: wrowe, jchampion, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800215 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index f647de2b4c..1fb1e58db4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,9 @@
 
 Changes with Apache 2.4.27
 
+  *) Allow single-char field names inadvertantly disallowed in 2.4.25.
+     PR 61220. [Yann Ylavic]
+
   *) core: Avoid duplicate HEAD in Allow header.
      This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
      PR 61207. [Christophe Jaillet]
diff --git a/STATUS b/STATUS
index 3be7fcb2a0..b34e96ebb1 100644
--- a/STATUS
+++ b/STATUS
@@ -140,15 +140,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
       2.4.x patch: svn merge -c 1551611,1783765,1788996,1788998,1789000,1795651 ^/httpd/httpd/trunk .
       +1: jailletc36, jim, ylavic
 
-   *) Restore single-char field names inadvertantly disallowed in 2.4.25.
-      Message ID: <CAKQ1sVPrHx911sBDp3-BDsqS=qsQ4Eap0zjSz42j_vuZV2si_g@mail.gmail.com>
-      Backports: r1800173
-      PR: 61220
-      Submitted by: ylavic
-      trunk patch: http://svn.apache.org/r1800173 (mod CHANGES)
-      2.4 patch: trunk works
-      +1: wrowe, ylavic, jchampion
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/server/protocol.c b/server/protocol.c
index ff44b3937c..edf3ed91c1 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1088,8 +1088,12 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
                     return;
                 }
 
-                /* last character of field-name */
-                tmp_field = value - (value > last_field ? 1 : 0);
+                if (value == last_field) {
+                    r->status = HTTP_BAD_REQUEST;
+                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
+                                  "Request header field name was empty");
+                    return;
+                }
 
                 *value++ = '\0'; /* NUL-terminate at colon */
 
@@ -1112,13 +1116,6 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb
                                   " bad whitespace");
                     return;
                 }
-
-                if (tmp_field == last_field) {
-                    r->status = HTTP_BAD_REQUEST;
-                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03453)
-                                  "Request header field name was empty");
-                    return;
-                }
             }
             else /* Using strict RFC7230 parsing */
             {