From 108f897191ac318519fca628bdad254db853b6f7 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Tue, 22 Nov 2016 18:33:20 +0000
Subject: [PATCH] List discussion resulted in rejecting all but SP characters
 in the request line, but in the strict mode prioritize excessive space
 testing over bad space testing (which is captured later) and make both more
 efficient (at this test ll[0] is already whitespace or \0 char). Also correct
 a comment.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68
---
 server/protocol.c | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/server/protocol.c b/server/protocol.c
index b25807d65b..5a6981b780 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -680,8 +680,8 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-                 && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -689,8 +689,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (uri = ll; apr_isspace(*uri); ++uri) 
-        if (ap_strchr_c("\t\n\v\f\r", *uri)
-                && deferred_error == rrl_none)
+        if (*uri != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';
 
@@ -706,14 +705,14 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         ll = strpbrk(ll, "\t\n\v\f\r ");
     }
 
-    /* Verify method terminated with a single SP, or mark as specific error */
+    /* Verify URI terminated with a single SP, or mark as specific error */
     if (!ll) {
         r->protocol = "";
         len = 0;
         goto rrl_done;
     }
-    else if (strict && ll[0] && (ll[0] != ' ' || apr_isspace(ll[1]))
-            && deferred_error == rrl_none) {
+    else if (strict && ll[0] && apr_isspace(ll[1])
+             && deferred_error == rrl_none) {
         deferred_error = rrl_excesswhitespace; 
     }
 
@@ -721,8 +720,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
      * If non-SP whitespace is encountered, mark as specific error
      */
     for (r->protocol = ll; apr_isspace(*r->protocol); ++r->protocol) 
-        if (ap_strchr_c("\t\n\v\f\r", *r->protocol)
-                && deferred_error == rrl_none)
+        if (*r->protocol != ' ' && deferred_error == rrl_none)
             deferred_error = rrl_badwhitespace; 
     *ll = '\0';
 
-- 
2.50.1