From c083c0619194487661e5896efa3738aebf41cc4c Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Wed, 7 Nov 2012 16:56:38 +0000
Subject: [PATCH] New directive HttpProtocol which allows to disable HTTP/0.9
 support.

The syntax is designed to allow addition of a +/- strict option
later on.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1406719 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                           |  3 +++
 docs/log-message-tags/next-number |  2 +-
 include/http_core.h               |  5 +++++
 server/core.c                     | 24 ++++++++++++++++++++++++
 server/protocol.c                 | 13 ++++++++++++-
 5 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8cf7cee214..ddf11732ea 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) core: New directive HttpProtocol which allows to disable HTTP/0.9
+     support. [Stefan Fritsch]
+
   *) mod_allowhandlers: New module to forbid specific handlers for specific
      directories. [Stefan Fritsch]
 
diff --git a/docs/log-message-tags/next-number b/docs/log-message-tags/next-number
index 44085c5057..65b7a7f809 100644
--- a/docs/log-message-tags/next-number
+++ b/docs/log-message-tags/next-number
@@ -1 +1 @@
-2401
+2402
diff --git a/include/http_core.h b/include/http_core.h
index 3c47989cb4..bb1102aa83 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -664,6 +664,11 @@ typedef struct {
 #define AP_TRACE_EXTENDED  2
     int trace_enable;
 
+#define AP_HTTP09_UNSET   0
+#define AP_HTTP09_ENABLE  1
+#define AP_HTTP09_DISABLE 2
+    char http09_enable;
+
 } core_server_config;
 
 /* for AddOutputFiltersByType in core.c */
diff --git a/server/core.c b/server/core.c
index bbaadd7d77..d63b989f17 100644
--- a/server/core.c
+++ b/server/core.c
@@ -502,6 +502,9 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
     if (virt->trace_enable != AP_TRACE_UNSET)
         conf->trace_enable = virt->trace_enable;
 
+    if (virt->http09_enable != AP_HTTP09_UNSET)
+        conf->http09_enable = virt->http09_enable;
+
     /* no action for virt->accf_map, not allowed per-vhost */
 
     if (virt->protocol)
@@ -3611,6 +3614,25 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+static const char *set_http_protocol(cmd_parms *cmd, void *dummy,
+                                     const char *arg1)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (strcmp(arg1, "+0.9") == 0) {
+        conf->http09_enable = AP_HTTP09_ENABLE;
+    }
+    else if (strcmp(arg1, "-0.9") == 0) {
+        conf->http09_enable = AP_HTTP09_DISABLE;
+    }
+    else {
+        return "HttpProtocol must be one of '+0.9' and '-0.9'";
+    }
+
+    return NULL;
+}
+
 static apr_hash_t *errorlog_hash;
 
 static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4110,6 +4132,8 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
 #endif
 AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
               "'on' (default), 'off' or 'extended' to trace request body content"),
+AP_INIT_TAKE1("HttpProtocol", set_http_protocol, NULL, RSRC_CONF,
+              "'+0.9' (default) or '-0.9' to allow/deny HTTP/0.9"),
 { NULL }
 };
 
diff --git a/server/protocol.c b/server/protocol.c
index b0da156eec..decd9982ba 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -657,9 +657,19 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         pro = ll;
         len = strlen(ll);
     } else {
+        core_server_config *conf;
+        conf = ap_get_core_module_config(r->server->module_config);
         r->assbackwards = 1;
         pro = "HTTP/0.9";
         len = 8;
+        if (conf->http09_enable == AP_HTTP09_DISABLE) {
+                r->status = HTTP_VERSION_NOT_SUPPORTED;
+                r->protocol = apr_pstrmemdup(r->pool, pro, len);
+                r->proto_num = HTTP_VERSION(0, 9);
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401)
+                              "HTTP/0.9 denied by server configuration");
+                return 0;
+        }
     }
     r->protocol = apr_pstrmemdup(r->pool, pro, len);
 
@@ -976,7 +986,8 @@ request_rec *ap_read_request(conn_rec *conn)
     /* Get the request... */
     if (!read_request_line(r, tmp_bb)) {
         if (r->status == HTTP_REQUEST_URI_TOO_LARGE
-            || r->status == HTTP_BAD_REQUEST) {
+            || r->status == HTTP_BAD_REQUEST
+            || r->status == HTTP_VERSION_NOT_SUPPORTED) {
             if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
                 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00565)
                               "request failed: URI too long (longer than %d)",
-- 
2.40.0