diff options
| author | William A. Rowe Jr <wrowe@apache.org> | 2010-01-21 08:19:41 +0100 |
|---|---|---|
| committer | William A. Rowe Jr <wrowe@apache.org> | 2010-01-21 08:19:41 +0100 |
| commit | 115c1e496d8f7057447571534bd73bb61e99b114 (patch) | |
| tree | c4829df6dddf19e76b6bb922a1de49527d3aef43 /server/protocol.c | |
| parent | Back out mod_serf changes for the immediate alpha, until libs are worked out (diff) | |
| download | apache2-115c1e496d8f7057447571534bd73bb61e99b114.tar.xz apache2-115c1e496d8f7057447571534bd73bb61e99b114.zip | |
Correctly align the behavior of headers_in to be consistent with the
treatment of headers_out, resolving PR 48359 by keeping subrequest
scope changes out of the main request headers. This ensures that all
requests-without-bodies behave as the requests-with-bodies code has.
Mitre: CVE-2010-0434
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@901578 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/protocol.c')
| -rw-r--r-- | server/protocol.c | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/server/protocol.c b/server/protocol.c index 38840f5429..8061dc7de1 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1074,15 +1074,13 @@ request_rec *ap_read_request(conn_rec *conn) return r; } -/* if a request with a body creates a subrequest, clone the original request's - * input headers minus any headers pertaining to the body which has already - * been read. out-of-line helper function for ap_set_sub_req_protocol. +/* if a request with a body creates a subrequest, remove original request's + * input headers which pertain to the body which has already been read. + * out-of-line helper function for ap_set_sub_req_protocol. */ -static void clone_headers_no_body(request_rec *rnew, - const request_rec *r) +static void strip_headers_request_body(request_rec *rnew) { - rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); apr_table_unset(rnew->headers_in, "Content-Encoding"); apr_table_unset(rnew->headers_in, "Content-Language"); apr_table_unset(rnew->headers_in, "Content-Length"); @@ -1116,15 +1114,14 @@ AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew, rnew->status = HTTP_OK; + rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in); + /* did the original request have a body? (e.g. POST w/SSI tags) * if so, make sure the subrequest doesn't inherit body headers */ if (!r->kept_body && (apr_table_get(r->headers_in, "Content-Length") || apr_table_get(r->headers_in, "Transfer-Encoding"))) { - clone_headers_no_body(rnew, r); - } else { - /* no body (common case). clone headers the cheap way */ - rnew->headers_in = r->headers_in; + strip_headers_request_body(rnew); } rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env); rnew->headers_out = apr_table_make(rnew->pool, 5); |