Change HttpProtocol to again only allow to enable/disable 0.9

This reverts r1407643, but changes the syntax of HttpProtocol to min=0.9|1.0, which is less ambiguous than the previous +0.9|-0.9. Allowing to configure an arbitrary version range was a bad idea, because it only checked the version in the request line, without affecting the semantics of the headers, etc. A tighter restriction off the version in the request line is still possible with <If "%{SERVER_PROTOCOL_NUM} ..."> . git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1425366 13f79535-47bb-0310-9956-ffa450edef68
author: Stefan Fritsch <sf@apache.org> 2012-12-22 23:55:38 +0100
committer: Stefan Fritsch <sf@apache.org> 2012-12-22 23:55:38 +0100
commit: b5c09660069ab60641fde8417ce7a40bca60e062 (patch)
tree: 604f2d815d236aa9c86adaeb466f7377d4d3e747 /server
parent: style fixes, add comment (diff)
download: apache2-b5c09660069ab60641fde8417ce7a40bca60e062.tar.xz
apache2-b5c09660069ab60641fde8417ce7a40bca60e062.zip
2 files changed, 29 insertions, 59 deletions
diff --git a/server/core.c b/server/core.c
index 341598ab0b..9043920101 100644
--- a/server/core.c
+++ b/server/core.c
@@ -507,10 +507,8 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
     if (virt->trace_enable != AP_TRACE_UNSET)
         conf->trace_enable = virt->trace_enable;
 
-    if (virt->min_http_version != AP_HTTP_VERSION_UNSET) {
-        conf->min_http_version = virt->min_http_version;
-        conf->max_http_version = virt->max_http_version;
-    }
+    if (virt->http09_enable != AP_HTTP09_UNSET)
+        conf->http09_enable = virt->http09_enable;
 
     /* no action for virt->accf_map, not allowed per-vhost */
 
@@ -3704,44 +3702,20 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy,
 static const char *set_http_protocol(cmd_parms *cmd, void *dummy,
                                      const char *arg)
 {
-    core_server_config *conf;
-    conf = ap_get_core_module_config(cmd->server->module_config);
-    if (apr_isdigit(arg[0])) {
-        unsigned short min_major, min_minor, max_major, max_minor;
-        unsigned int min, max;
-        char ch;
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
 
-        if (sscanf(arg, "%hu.%hu-%hu.%hu%c", &min_major, &min_minor,
-                   &max_major, &max_minor, &ch) == 4) {
-        }
-        else if (sscanf(arg, "%hu.%hu%c", &min_major, &min_minor, &ch) == 2) {
-            max_major = min_major;
-            max_minor = min_minor;
-        }
-        else {
-            return "Protocol version must be in format a.b or a.b-c.d";
-        }
-        if (   HTTP_VERSION(0, min_minor) >= HTTP_VERSION(1,0)
-            || HTTP_VERSION(0, max_minor) >= HTTP_VERSION(1,0)) {
-            return "HTTP minor version may not be more than 999";
-        }
-        min = HTTP_VERSION(min_major, min_minor);
-        max = HTTP_VERSION(max_major, max_minor);
-        if (min > APR_UINT16_MAX || max > APR_UINT16_MAX)
-            return "HTTP major version may not be more than 64";
-        if (min > max)
-            return "HTTP version range must be min-max";
-        /* 0 is used for "unset", so make sure the min is larger */
-        if (min < HTTP_VERSION(0,9))
-                min = HTTP_VERSION(0,9);
-        conf->min_http_version = min;
-        conf->max_http_version = max;
-    }
-    else {
-        return "Valid arguments are a version number (e.g. '1.1')"
-               "or a version range (e.g. '1.0-9.9')";
+    if (strncmp(arg, "min=", 4) == 0) {
+        arg += 4;
+        if (strcmp(arg, "0.9") == 0)
+            conf->http09_enable = AP_HTTP09_ENABLE;
+        else if (strcmp(arg, "1.0") == 0)
+            conf->http09_enable = AP_HTTP09_DISABLE;
+        else
+            return "HttpProtocol min must be one of '0.9' and '1.0'";
+	return NULL;
     }
-    return NULL;
+    return "HttpProtocol must be min=0.9|1.0";
 }
 
 static const char *set_http_method(cmd_parms *cmd, void *conf, const char *arg)
@@ -4256,8 +4230,8 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
 #endif
 AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
               "'on' (default), 'off' or 'extended' to trace request body content"),
-AP_INIT_ITERATE("HttpProtocol", set_http_protocol, NULL, RSRC_CONF,
-                "Allowed HTTP version or range (e.g. '1.1', '1.0-9.9'"),
+AP_INIT_TAKE1("HttpProtocol", set_http_protocol, NULL, RSRC_CONF,
+              "'min=0.9' (default) or 'min=1.0' to allow/deny HTTP/0.9"),
 AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF,
                 "Registers non-standard HTTP methods"),
 { NULL }
diff --git a/server/protocol.c b/server/protocol.c
index a3710a58f6..57f33cdb45 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -566,8 +566,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
     apr_size_t len;
     int num_blank_lines = 0;
     int max_blank_lines = r->server->limit_req_fields;
-    core_server_config *conf =
-        ap_get_core_module_config(r->server->module_config);
 
     if (max_blank_lines <= 0) {
         max_blank_lines = DEFAULT_LIMIT_REQUEST_FIELDS;
@@ -646,9 +644,22 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
         pro = ll;
         len = strlen(ll);
     } else {
+        core_server_config *conf;
+        conf = ap_get_core_module_config(r->server->module_config);
         r->assbackwards = 1;
         pro = "HTTP/0.9";
         len = 8;
+        if (conf->http09_enable == AP_HTTP09_DISABLE) {
+                r->status = HTTP_VERSION_NOT_SUPPORTED;
+                r->protocol = apr_pstrmemdup(r->pool, pro, len);
+                /* If we deny 0.9, send error message with 1.x */
+                r->assbackwards = 0;
+                r->proto_num = HTTP_VERSION(0, 9);
+                r->connection->keepalive = AP_CONN_CLOSE;
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401)
+                              "HTTP/0.9 denied by server configuration");
+                return 0;
+        }
     }
     r->protocol = apr_pstrmemdup(r->pool, pro, len);
 
@@ -666,21 +677,6 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
     else
         r->proto_num = HTTP_VERSION(1, 0);
 
-    if (conf->min_http_version != AP_HTTP_VERSION_UNSET
-        && (   conf->min_http_version > r->proto_num
-            || conf->max_http_version < r->proto_num)) {
-        r->status = HTTP_VERSION_NOT_SUPPORTED;
-        if (r->proto_num == HTTP_VERSION(0, 9)) {
-            /* If we deny 0.9, send error message with 1.x */
-            r->assbackwards = 0;
-        }
-        ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02401)
-                      "HTTP/%d.%d denied by server configuration",
-                      HTTP_VERSION_MAJOR(r->proto_num),
-                      HTTP_VERSION_MINOR(r->proto_num));
-        return 0;
-    }
-
     return 1;
 }
author	Stefan Fritsch <sf@apache.org>	2012-12-22 23:55:38 +0100
committer	Stefan Fritsch <sf@apache.org>	2012-12-22 23:55:38 +0100
commit	b5c09660069ab60641fde8417ce7a40bca60e062 (patch)
tree	604f2d815d236aa9c86adaeb466f7377d4d3e747 /server
parent	style fixes, add comment (diff)
download	apache2-b5c09660069ab60641fde8417ce7a40bca60e062.tar.xz apache2-b5c09660069ab60641fde8417ce7a40bca60e062.zip