From df0ae2afcd5ec81059b8795a91fee18261c041b8 Mon Sep 17 00:00:00 2001 From: Justin Erenkrantz Date: Wed, 1 Sep 2004 17:21:53 +0000 Subject: [PATCH] Fix a trio of bugs in how mod_proxy relays requests: - Fix type error in proxy-sendchunks case that caused an invalid T-E header. - Fix data corruption (seen with mod_ssl/mod_proxy combination) due to not properly setting aside the body_buckets. - Pass along a C-L: 0 if we still have a C-L of 0 after filtering and the original request to us had that as well. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104926 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 9 +++++++++ modules/proxy/proxy_http.c | 28 ++++++++++++++++++++++++++-- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 0d2491c8f2..7379337be3 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,15 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) mod_proxy: Fix type error that prevents proxy-sendchunks from working. + [Justin Erenkrantz] + + *) mod_proxy: Fix data corruption by properly setting aside buckets. + [Justin Erenkrantz] + + *) mod_proxy: If a request has a blank body and has a 0 Content-Length + headers, pass that to the proxy. [Justin Erenkrantz] + *) Fix the handling of URIs containing %2F when AllowEncodedSlashes is enabled. Previously, such urls would still be rejected with 404. [Jeff Trawick] diff --git a/modules/proxy/proxy_http.c b/modules/proxy/proxy_http.c index ed1268d396..ff0207b871 100644 --- a/modules/proxy/proxy_http.c +++ b/modules/proxy/proxy_http.c @@ -467,7 +467,7 @@ apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r, /* If we can send chunks, do so! */ if (send_chunks) { - const char *te_hdr = "Transfer-Encoding: chunked" CRLF; + const char te_hdr[] = "Transfer-Encoding: chunked" CRLF; buf = apr_pmemdup(p, te_hdr, sizeof(te_hdr)-1); ap_xlate_proto_to_ascii(buf, sizeof(te_hdr)-1); @@ -552,6 +552,17 @@ apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r, e = apr_bucket_immortal_create(ASCII_CRLF, 2, c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(input_brigade, e); } + else { + /* The send_chunks case does not need to be setaside, but this + * case does because we may have transient buckets that may get + * overwritten in the next iteration of the loop. + */ + e = APR_BRIGADE_FIRST(input_brigade); + while (e != APR_BRIGADE_SENTINEL(input_brigade)) { + apr_bucket_setaside(e, p); + e = APR_BUCKET_NEXT(e); + } + } e = apr_bucket_flush_create(c->bucket_alloc); APR_BRIGADE_INSERT_TAIL(input_brigade, e); @@ -587,12 +598,25 @@ apr_status_t ap_proxy_http_request(apr_pool_t *p, request_rec *r, if (bytes) { const char *cl_hdr = "Content-Length", *cl_val; - cl_val = apr_off_t_toa(c->pool, bytes); + cl_val = apr_off_t_toa(p, bytes); buf = apr_pstrcat(p, cl_hdr, ": ", cl_val, CRLF, NULL); ap_xlate_proto_to_ascii(buf, strlen(buf)); e = apr_bucket_pool_create(buf, strlen(buf), p, c->bucket_alloc); APR_BUCKET_INSERT_AFTER(last_header_bucket, e); } + else { + /* A client might really have sent a C-L of 0. Pass it on. */ + const char *cl_hdr = "Content-Length", *cl_val; + + cl_val = apr_table_get(r->headers_in, cl_hdr); + if (cl_val && cl_val[0] == '0' && cl_val[1] == 0) { + buf = apr_pstrcat(p, cl_hdr, ": ", cl_val, CRLF, NULL); + ap_xlate_proto_to_ascii(buf, strlen(buf)); + e = apr_bucket_pool_create(buf, strlen(buf), p, + c->bucket_alloc); + APR_BUCKET_INSERT_AFTER(last_header_bucket, e); + } + } status = ap_pass_brigade(origin->output_filters, header_brigade); if (status != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, status, r->server, -- 2.50.1