diff options
author | William A. Rowe Jr <wrowe@apache.org> | 2010-01-21 08:19:41 +0100 |
---|---|---|
committer | William A. Rowe Jr <wrowe@apache.org> | 2010-01-21 08:19:41 +0100 |
commit | 115c1e496d8f7057447571534bd73bb61e99b114 (patch) | |
tree | c4829df6dddf19e76b6bb922a1de49527d3aef43 /modules/metadata/mod_headers.c | |
parent | Back out mod_serf changes for the immediate alpha, until libs are worked out (diff) | |
download | apache2-115c1e496d8f7057447571534bd73bb61e99b114.tar.xz apache2-115c1e496d8f7057447571534bd73bb61e99b114.zip |
Correctly align the behavior of headers_in to be consistent with the
treatment of headers_out, resolving PR 48359 by keeping subrequest
scope changes out of the main request headers. This ensures that all
requests-without-bodies behave as the requests-with-bodies code has.
Mitre: CVE-2010-0434
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@901578 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'modules/metadata/mod_headers.c')
-rw-r--r-- | modules/metadata/mod_headers.c | 26 |
1 files changed, 10 insertions, 16 deletions
diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c index 5e7834aecc..ad6fde7148 100644 --- a/modules/metadata/mod_headers.c +++ b/modules/metadata/mod_headers.c @@ -547,7 +547,7 @@ static const char *header_cmd(cmd_parms *cmd, void *indirconf, * Concatenate the return from each handler into one string that is * returned from this call. */ -static char* process_tags(header_entry *hdr, request_rec *r, request_rec *rr) +static char* process_tags(header_entry *hdr, request_rec *r) { int i; const char *s; @@ -558,9 +558,9 @@ static char* process_tags(header_entry *hdr, request_rec *r, request_rec *rr) for (i = 0; i < hdr->ta->nelts; i++) { s = tag[i].func(r, tag[i].arg); if (str == NULL) - str = apr_pstrdup(rr->pool, s); + str = apr_pstrdup(r->pool, s); else - str = apr_pstrcat(rr->pool, str, s, NULL); + str = apr_pstrcat(r->pool, str, s, NULL); } return str ? str : ""; } @@ -627,12 +627,6 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers, echo_do v; int i; const char *val; - request_rec *rr; - - rr = r; - while (rr->main != NULL) { - rr = rr->main; - } for (i = 0; i < fixup->nelts; ++i) { header_entry *hdr = &((header_entry *) (fixup->elts))[i]; @@ -673,17 +667,17 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers, switch (hdr->action) { case hdr_add: - apr_table_addn(headers, hdr->header, process_tags(hdr, r, rr)); + apr_table_addn(headers, hdr->header, process_tags(hdr, r)); break; case hdr_append: - apr_table_mergen(headers, hdr->header, process_tags(hdr, r, rr)); + apr_table_mergen(headers, hdr->header, process_tags(hdr, r)); break; case hdr_merge: val = apr_table_get(headers, hdr->header); if (val == NULL) { - apr_table_addn(headers, hdr->header, process_tags(hdr, r, rr)); + apr_table_addn(headers, hdr->header, process_tags(hdr, r)); } else { - char *new_val = process_tags(hdr, r, rr); + char *new_val = process_tags(hdr, r); apr_size_t new_val_len = strlen(new_val); int tok_found = 0; @@ -720,9 +714,9 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers, break; case hdr_set: if (!strcasecmp(hdr->header, "Content-Type")) { - ap_set_content_type(r, process_tags(hdr, r, rr)); + ap_set_content_type(r, process_tags(hdr, r)); } - apr_table_setn(headers, hdr->header, process_tags(hdr, r, rr)); + apr_table_setn(headers, hdr->header, process_tags(hdr, r)); break; case hdr_unset: apr_table_unset(headers, hdr->header); @@ -742,7 +736,7 @@ static void do_headers_fixup(request_rec *r, apr_table_t *headers, if (apr_table_get(headers, hdr->header)) { edit_do ed; - ed.p = rr->pool; + ed.p = r->pool; ed.hdr = hdr; ed.t = apr_table_make(r->pool, 5); apr_table_do(edit_header, (void *) &ed, headers, hdr->header, |