On Thu, Dec 8, 2016 at 1:57 PM, <cove...@apache.org> wrote: > Author: covener > Date: Thu Dec 8 19:57:57 2016 > New Revision: 1773293 > > URL: http://svn.apache.org/viewvc?rev=1773293&view=rev > Log: > change error handling for bad resp headers > > - avoid looping between ap_die and the http filter > - remove the header that failed the check > - keep calling apr_table_do until our fn stops matching > > > This is still not great. We get the original body, a 500 status > code and status line. > > (r1773285 + fix for first return from check_headers) >
I'm not clear how the original body makes any sense to send. We should be eating the original body and sending a 500 ErrorDocument body. If it isn't possible to do that, I see two alternatives; 1. clobber the bad header, simply omit it from the headers which we transmit. 2. replace all bad characters in the header with some other value, such as space characters. In the case of bad field name characters, perhaps some permitted symbol such as '$' (no, '?' isn't in the allowed list, that would be ideal.) I don't see any obviously great solution.