diff options
| author | Stefan Fritsch <sf@apache.org> | 2012-12-30 22:24:55 +0100 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2012-12-30 22:24:55 +0100 |
| commit | 39e31f5775d84079ccdeb9fb7f09603b67904a96 (patch) | |
| tree | 17222a81b97234578472cb6ff9cefd9121132158 /server | |
| parent | remove comment; empty host headers can happen in proxy requests (diff) | |
| download | apache2-39e31f5775d84079ccdeb9fb7f09603b67904a96.tar.xz apache2-39e31f5775d84079ccdeb9fb7f09603b67904a96.zip | |
change protocol number parsing in strict mode according to HTTPbis draft
- only accept single digit version components
- don't accept white-space after protocol specification
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1426992 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
| -rw-r--r-- | server/protocol.c | 39 |
1 files changed, 8 insertions, 31 deletions
diff --git a/server/protocol.c b/server/protocol.c index c0adfbb9a6..5163ed6232 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -672,40 +672,17 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) r->proto_num = HTTP_VERSION(pro[5] - '0', pro[7] - '0'); } else { - int nmatch, pos; - nmatch = sscanf(r->protocol, "%4s/%u.%u%n", http, &major, &minor, &pos); if (strict) { - /* - * According to the GNU sscanf man page, there are implementations - * that increment the number of matches for %n. Therefore we check - * nmatch with "<" instead of "!=". - */ - if (nmatch < 3 || (strcmp("HTTP", http) != 0) - || (minor >= HTTP_VERSION(1, 0)) ) { /* don't allow HTTP/0.1000 */ - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418) - "Invalid protocol: %s", r->protocol); - if (enforce_strict) { - r->status = HTTP_NOT_IMPLEMENTED; - return 0; - } - } - if (r->protocol[pos] != '\0') { - while (r->protocol[pos] == ' ') - pos++; - if (r->protocol[pos] != '\0') { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02419) - "Garbage after request line: ... %s", - r->protocol); - if (enforce_strict) { - r->status = HTTP_BAD_REQUEST; - return 0; - } - } + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02418) + "Invalid protocol '%s'", r->protocol); + if (enforce_strict) { + r->status = HTTP_BAD_REQUEST; + return 0; } - r->proto_num = HTTP_VERSION(major, minor); } - else if (nmatch >= 3 && (strcasecmp("http", http) == 0) - && (minor < HTTP_VERSION(1, 0)) ) { /* don't allow HTTP/0.1000 */ + if (3 == sscanf(r->protocol, "%4s/%u.%u", http, &major, &minor) + && (strcasecmp("http", http) == 0) + && (minor < HTTP_VERSION(1, 0)) ) { /* don't allow HTTP/0.1000 */ r->proto_num = HTTP_VERSION(major, minor); } else { |