diff options
| author | Ruediger Pluem <rpluem@apache.org> | 2020-06-10 13:24:13 +0200 |
|---|---|---|
| committer | Ruediger Pluem <rpluem@apache.org> | 2020-06-10 13:24:13 +0200 |
| commit | 97bc128df241a30be6466227efe1502bfd96d29c (patch) | |
| tree | fec723521822da226b72bc2cd2f48e7877f01429 /server/protocol.c | |
| parent | * support/htpasswd.c (usage): Fix typo. [skip ci] (diff) | |
| download | apache2-97bc128df241a30be6466227efe1502bfd96d29c.tar.xz apache2-97bc128df241a30be6466227efe1502bfd96d29c.zip | |
* Have the HTTP 0.9 / 1.1 processing code reject requests for
HTTP >= 2.0 with a HTTP Version Not Support status code.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878708 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server/protocol.c')
| -rw-r--r-- | server/protocol.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/server/protocol.c b/server/protocol.c index 76baabbe29..6eb1786459 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -748,7 +748,7 @@ AP_DECLARE(int) ap_parse_request_line(request_rec *r) enum { rrl_none, rrl_badmethod, rrl_badwhitespace, rrl_excesswhitespace, rrl_missinguri, rrl_baduri, rrl_badprotocol, rrl_trailingtext, - rrl_badmethod09, rrl_reject09 + rrl_badmethod09, rrl_reject09, rrl_versionnotsupported } deferred_error = rrl_none; apr_size_t len = 0; char *uri, *ll; @@ -897,6 +897,11 @@ rrl_done: r->proto_num = HTTP_VERSION(0, 9); } + if (strict && deferred_error == rrl_none + && r->proto_num >= HTTP_VERSION(2, 0)) { + deferred_error = rrl_versionnotsupported; + } + /* Determine the method_number and parse the uri prior to invoking error * handling, such that these fields are available for substitution */ @@ -918,6 +923,7 @@ rrl_done: * we can safely resume any deferred error reporting */ if (deferred_error != rrl_none) { + r->status = HTTP_BAD_REQUEST; if (deferred_error == rrl_badmethod) ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(03445) "HTTP Request Line; Invalid method token: '%.*s'", @@ -954,7 +960,13 @@ rrl_done: "HTTP Request Line; Unrecognized protocol '%.*s' " "(perhaps whitespace was injected?)", field_name_len(r->protocol), r->protocol); - r->status = HTTP_BAD_REQUEST; + else if (deferred_error == rrl_versionnotsupported) { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO() + "HTTP Request Line; Protocol '%.*s' >= HTTP/2.0 not" + " supported", field_name_len(r->protocol), + r->protocol); + r->status = HTTP_VERSION_NOT_SUPPORTED; + } goto rrl_failed; } |