https://bz.apache.org/bugzilla/show_bug.cgi?id=63288
Bug ID: 63288
Summary: mod_cache (util_cache.c) fails to read quoted
Cache-Control parameters like max-age
Product: Apache httpd-2
Version: 2.4.38
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: mod_cache
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
I found a bug that causes Apache httpd's cache modules to fail on quoted
max-age values. It correctly parses the field to extract either max-age=100 or
max-age="100", but when it converts the value to a large integer it assumes the
value is unquoted.
This is in modules/cache/cache_util.c: ap_cache_control()
if (!ap_cstr_casecmpn(token, "max-age", 7)) {
if (token[7] == '='
&& !apr_strtoff(&offt, token + 8, &endp, 10)
&& endp > token + 8 && !*endp) {
cc->max_age = 1;
cc->max_age_value = offt;
}
}
where the value of token is produced by cache_strqtok() as either
max-age=100
max-age="100"
but the above code assumes only the former is possible and tries to convert the
DQUOTE into an off_t.
The same bug is present for the s-max-age, max-stale, and min-fresh parameters.
A reasonable fix would be to check if token[8] == '"' and then extract just the
quoted value. A better fix would use a common parameter parser that returns
both the parameter name and the optional value unquoted at the same time
(rather than returning the entire substring and requiring the caller to
reparse it).
See also https://github.com/httpwg/http-core/issues/128
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
