From 2d93eb4aabfc385f55937feed754dbc09ff65044 Mon Sep 17 00:00:00 2001 From: Jeff Trawick Date: Tue, 21 Feb 2006 19:34:33 +0000 Subject: [PATCH] Ensure that the proper status line is written to the client, fixing incorrect status lines caused by filters which modify r->status without resetting r->status_line, such as the built-in byterange filter. Note: For the byterange example, the handler must set r->status_line even though this is a 200 response. Some proxy-type modules blindly set r->status_line as set by the origin server and thus trigger the problem with byteranges if the origin server didn't handle the byterange. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@379562 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ modules/http/http_filters.c | 20 ++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/CHANGES b/CHANGES index 3b3a73aaf5..e45cd053e4 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.3.0 [Remove entries to the current 2.0 and 2.2 section below, when backported] + *) Ensure that the proper status line is written to the client, fixing + incorrect status lines caused by filters which modify r->status without + resetting r->status_line, such as the built-in byterange filter. + [Jeff Trawick] + *) mod_ssl: Fix spurious hostname mismatch warning for valid wildcard certificates. PR 37911. [Nick Burch ] diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index bde32ab99c..44067f76ab 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -628,6 +628,24 @@ static apr_status_t send_all_header_fields(header_struct *h, #endif } +/* Confirm that the status line is well-formed and matches r->status. + * If they don't match, a filter may have negated the status line set by a + * handler. + * Zap r->status_line if bad. + */ +static void validate_status_line(request_rec *r) +{ + char *end; + + if (r->status_line + && (strlen(r->status_line) <= 4 + || apr_strtoi64(r->status_line, &end, 10) != r->status + || *end != ' ' + || (end - 3) != r->status_line)) { + r->status_line = NULL; + } +} + /* * Determine the protocol to use for the response. Potentially downgrade * to HTTP/1.0 in some situations and/or turn off keepalives. @@ -642,6 +660,8 @@ static void basic_http_header_check(request_rec *r, return; } + validate_status_line(r); + if (!r->status_line) { r->status_line = ap_get_status_line(r->status); } -- 2.50.1