summaryrefslogtreecommitdiffstats
path: root/modules/metadata/mod_headers.c
diff options
context:
space:
mode:
authorWilliam A. Rowe Jr <wrowe@apache.org>2010-01-21 08:19:41 +0100
committerWilliam A. Rowe Jr <wrowe@apache.org>2010-01-21 08:19:41 +0100
commit115c1e496d8f7057447571534bd73bb61e99b114 (patch)
treec4829df6dddf19e76b6bb922a1de49527d3aef43 /modules/metadata/mod_headers.c
parentBack out mod_serf changes for the immediate alpha, until libs are worked out (diff)
downloadapache2-115c1e496d8f7057447571534bd73bb61e99b114.tar.xz
apache2-115c1e496d8f7057447571534bd73bb61e99b114.zip
Correctly align the behavior of headers_in to be consistent with the
treatment of headers_out, resolving PR 48359 by keeping subrequest scope changes out of the main request headers. This ensures that all requests-without-bodies behave as the requests-with-bodies code has. Mitre: CVE-2010-0434 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@901578 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/metadata/mod_headers.c')
-rw-r--r--modules/metadata/mod_headers.c26
1 files changed, 10 insertions, 16 deletions
diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index 5e7834aecc..ad6fde7148 100644
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -547,7 +547,7 @@ static const char *header_cmd(cmd_parms *cmd, void *indirconf,
* Concatenate the return from each handler into one string that is
* returned from this call.
*/
-static char* process_tags(header_entry *hdr, request_rec *r, request_rec *rr)
+static char* process_tags(header_entry *hdr, request_rec *r)
{
int i;
const char *s;
@@ -558,9 +558,9 @@ static char* process_tags(header_entry *hdr, request_rec *r, request_rec *rr)
for (i = 0; i < hdr->ta->nelts; i++) {
s = tag[i].func(r, tag[i].arg);
if (str == NULL)
- str = apr_pstrdup(rr->pool, s);
+ str = apr_pstrdup(r->pool, s);
else
- str = apr_pstrcat(rr->pool, str, s, NULL);
+ str = apr_pstrcat(r->pool, str, s, NULL);
}
return str ? str : "";
}
@@ -627,12 +627,6 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers,
echo_do v;
int i;
const char *val;
- request_rec *rr;
-
- rr = r;
- while (rr->main != NULL) {
- rr = rr->main;
- }
for (i = 0; i < fixup->nelts; ++i) {
header_entry *hdr = &((header_entry *) (fixup->elts))[i];
@@ -673,17 +667,17 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers,
switch (hdr->action) {
case hdr_add:
- apr_table_addn(headers, hdr->header, process_tags(hdr, r, rr));
+ apr_table_addn(headers, hdr->header, process_tags(hdr, r));
break;
case hdr_append:
- apr_table_mergen(headers, hdr->header, process_tags(hdr, r, rr));
+ apr_table_mergen(headers, hdr->header, process_tags(hdr, r));
break;
case hdr_merge:
val = apr_table_get(headers, hdr->header);
if (val == NULL) {
- apr_table_addn(headers, hdr->header, process_tags(hdr, r, rr));
+ apr_table_addn(headers, hdr->header, process_tags(hdr, r));
} else {
- char *new_val = process_tags(hdr, r, rr);
+ char *new_val = process_tags(hdr, r);
apr_size_t new_val_len = strlen(new_val);
int tok_found = 0;
@@ -720,9 +714,9 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers,
break;
case hdr_set:
if (!strcasecmp(hdr->header, "Content-Type")) {
- ap_set_content_type(r, process_tags(hdr, r, rr));
+ ap_set_content_type(r, process_tags(hdr, r));
}
- apr_table_setn(headers, hdr->header, process_tags(hdr, r, rr));
+ apr_table_setn(headers, hdr->header, process_tags(hdr, r));
break;
case hdr_unset:
apr_table_unset(headers, hdr->header);
@@ -742,7 +736,7 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers,
if (apr_table_get(headers, hdr->header)) {
edit_do ed;
- ed.p = rr->pool;
+ ed.p = r->pool;
ed.hdr = hdr;
ed.t = apr_table_make(r->pool, 5);
apr_table_do(edit_header, (void *) &ed, headers, hdr->header,