Re: svn commit: r1772678 [1/2] - in /httpd/httpd/branches/2.4.x: ./ docs/manual/mod/ include/ modules/http/ server/

Wed, 07 Dec 2016 12:12:07 -0800 

Sorry for chiming in so late :-(.


On 12/05/2016 03:34 PM, j...@apache.org wrote:
> Author: jim
> Date: Mon Dec  5 14:34:29 2016
> New Revision: 1772678
> 
> URL: http://svn.apache.org/viewvc?rev=1772678&view=rev
> Log:

> Modified: httpd/httpd/branches/2.4.x/modules/http/http_filters.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http/http_filters.c?rev=1772678&r1=1772677&r2=1772678&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/http/http_filters.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/http/http_filters.c Mon Dec  5 
> 14:34:29 2016

> @@ -668,14 +684,83 @@ apr_status_t ap_http_filter(ap_filter_t
>      return APR_SUCCESS;
>  }
>  
> +struct check_header_ctx {
> +    request_rec *r;
> +    int strict;
> +};
> +
> +/* check a single header, to be used with apr_table_do() */
> +static int check_header(void *arg, const char *name, const char *val)
> +{
> +    struct check_header_ctx *ctx = arg;
> +    const char *test;
> +
> +    if (name[0] == '\0') {
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428)
> +                      "Empty response header name, aborting request");
> +        return 0;
> +    }
> +
> +    if (ctx->strict) { 
> +        test = ap_scan_http_token(name);
> +    }
> +    else {
> +        test = ap_scan_vchar_obstext(name);
> +    }
> +    if (*test) {
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02429)
> +                      "Response header name '%s' contains invalid "
> +                      "characters, aborting request",
> +                      name);
> +        return 0;
> +    }
> +
> +    if (ctx->strict) { 
> +        test = ap_scan_http_field_content(val);

What characters are not allowed here that are allowed below?

> +    }
> +    else {
> +        /* Simply terminate scanning on a CTL char, allowing whitespace */
> +        test = val;
> +        do {
> +            while (*test == ' ' || *test == '\t') test++;
> +            test = ap_scan_vchar_obstext(test);
> +        } while (*test == ' ' || *test == '\t');
> +    }
> +    if (*test) {
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02430)
> +                      "Response header '%s' value of '%s' contains invalid "
> +                      "characters, aborting request",
> +                      name, val);
> +        return 0;
> +    }
> +    return 1;
> +}
> +

Regards

RĂ¼diger

Reply via email to