From: William A. Rowe Jr Date: Fri, 5 Aug 2016 09:08:35 +0000 (+0000) Subject: Treat an empty obs-fold line as abusive traffic X-Git-Tag: 2.5.0-alpha~1326 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=61c3d599363fb5a2cd886ad67ef77e252f9b3b3b;p=apache Treat an empty obs-fold line as abusive traffic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1755263 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number index b65d63da78..6486a3aaf5 100644 --- a/docs/log-message-tags/next-number +++ b/docs/log-message-tags/next-number @@ -1 +1 @@ -3443 +3444 diff --git a/server/protocol.c b/server/protocol.c index e65b062e5e..e66fdcbdf3 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -853,17 +853,22 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb if (last_field == NULL) { r->status = HTTP_BAD_REQUEST; ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03442) - "Line folding encounterd before first" + "Line folding encountered before first" " header line"); return; } - if (field[1] != '\0') { - /* ...and leading whitespace on an obs-fold line can be - * similarly discarded */ - while (field[1] == '\t' || field[1] == ' ') { - ++field; --len; - } + if (field[1] == '\0') { + r->status = HTTP_BAD_REQUEST; + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03443) + "Empty folded line encountered"); + return; + } + + /* Leading whitespace on an obs-fold line can be + * similarly discarded */ + while (field[1] == '\t' || field[1] == ' ') { + ++field; --len; } /* This line is a continuation of the preceding line(s),