Re: svn commit: r1897940 - in /httpd/httpd/trunk: changes-entries/http2_request_scheme.txt modules/http2/h2_c2.c modules/http2/h2_request.c modules/http2/h2_stream.c test/modules/http2/test_003_get.py

Thu, 10 Feb 2022 05:00:20 -0800 


On 2/10/22 11:59 AM, ic...@apache.org wrote:
> Author: icing
> Date: Thu Feb 10 10:59:08 2022
> New Revision: 1897940
> 
> URL: http://svn.apache.org/viewvc?rev=1897940&view=rev
> Log:
>   *) mod_http2: :scheme pseudo-header values, not matching the
>      connection scheme, are forwarded via absolute uris to the
>      http protocol processing to preserve semantics of the request.
>      Checks on combinations of pseudo-headers values/absence
>      have been added as described in RFC 7540.
>      Fixes <https://github.com/icing/mod_h2/issues/230>.
> 
> 
> Modified:
>     httpd/httpd/trunk/changes-entries/http2_request_scheme.txt
>     httpd/httpd/trunk/modules/http2/h2_c2.c
>     httpd/httpd/trunk/modules/http2/h2_request.c
>     httpd/httpd/trunk/modules/http2/h2_stream.c
>     httpd/httpd/trunk/test/modules/http2/test_003_get.py
> 

> Modified: httpd/httpd/trunk/modules/http2/h2_request.c
> URL: 
> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_request.c?rev=1897940&r1=1897939&r2=1897940&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/http2/h2_request.c (original)
> +++ httpd/httpd/trunk/modules/http2/h2_request.c Thu Feb 10 10:59:08 2022

> @@ -295,9 +300,30 @@ request_rec *h2_create_request_rec(const
>  
>      /* Time to populate r with the data we have. */
>      r->request_time = req->request_time;
> -    r->the_request = apr_psprintf(r->pool, "%s %s HTTP/2.0",
> -                                  req->method, req->path ? req->path : "");
> -    r->headers_in = apr_table_clone(r->pool, req->headers);
> +    AP_DEBUG_ASSERT(req->authority);
> +    if (req->scheme && (ap_cstr_casecmp(req->scheme,
> +                        ap_ssl_conn_is_ssl(c->master? c->master : c)? 
> "https" : "http")
> +                        || !ap_cstr_casecmp("CONNECT", req->method))) {
> +        /* Client sent a non-matching ':scheme' pseudo header. Forward this
> +         * via an absolute URI in the request line.
> +         */
> +        r->the_request = apr_psprintf(r->pool, "%s %s://%s%s HTTP/2.0",
> +                                      req->method, req->scheme, 
> req->authority,
> +                                      req->path ? req->path : "");
> +    }
> +    else if (req->path) {
> +        r->the_request = apr_psprintf(r->pool, "%s %s HTTP/2.0",
> +                                      req->method, req->path);
> +    }
> +    else {
> +        /* We should only come here on a request that is errored already.
> +         * create a request line that passes parsing, we'll die anyway.
> +         */
> +        AP_DEBUG_ASSERT(req->http_status != H2_HTTP_STATUS_UNSET);
> +        r->the_request = apr_psprintf(r->pool, "%s / HTTP/2.0", req->method);
> +    }
> +
> +    r->headers_in = apr_table_copy(r->pool, req->headers);

Why no longer cloning? Are all req->headers elements allocated from r->pool 
anyway and are possible modifications of the headers
on one side no issue for the other side?

>  
>      /* Start with r->hostname = NULL, ap_check_request_header() will get it
>       * form Host: header, otherwise we get complains about port numbers.






















					Reply via email to