Mailing List Archive: svn commit: r1916773 - /httpd/httpd/tags/2.4.55/modules/http/http

svn commit: r1916773 - /httpd/httpd/tags/2.4.55/modules/http/http_filters.c

Apr 3, 2024, 4:58 AM

Post #1 of 3 (22 views)

Author: covener
Date: Wed Apr 3 11:58:26 2024
New Revision: 1916773

URL: http://svn.apache.org/viewvc?rev=1916773&view=rev
Log:
header validation after content-* are eval'ed

Submitted By: ylavic

Modified:
httpd/httpd/tags/2.4.55/modules/http/http_filters.c

Modified: httpd/httpd/tags/2.4.55/modules/http/http_filters.c
URL: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.55/modules/http/http_filters.c?rev=1916773&r1=1916772&r2=1916773&view=diff
==============================================================================
--- httpd/httpd/tags/2.4.55/modules/http/http_filters.c (original)
+++ httpd/httpd/tags/2.4.55/modules/http/http_filters.c Wed Apr 3 11:58:26 2024
@@ -1365,6 +1365,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
*/
apr_table_clear(r->headers_out);
apr_table_clear(r->err_headers_out);
+ r->content_type = r->content_encoding = NULL;
+ r->content_languages = NULL;
+ r->clength = r->chunked = 0;
apr_brigade_cleanup(b);

/* Don't recall ap_die() if we come back here (from its own internal
@@ -1381,8 +1384,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
APR_BRIGADE_INSERT_TAIL(b, e);
e = apr_bucket_eos_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(b, e);
- r->content_type = r->content_encoding = NULL;
- r->content_languages = NULL;
ap_set_content_length(r, 0);
recursive_error = 1;
}
@@ -1409,6 +1410,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
if (!apr_is_empty_table(r->err_headers_out)) {
r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
r->headers_out);
+ apr_table_clear(r->err_headers_out);
}

/*
@@ -1428,6 +1430,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
fixup_vary(r);
}

+
+ /*
+ * Control cachability for non-cacheable responses if not already set by
+ * some other part of the server configuration.
+ */
+ if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
+ char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
+ ap_recent_rfc822_date(date, r->request_time);
+ apr_table_addn(r->headers_out, "Expires", date);
+ }
+
/*
* Now remove any ETag response header field if earlier processing
* says so (such as a 'FileETag None' directive).
@@ -1440,6 +1453,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
basic_http_header_check(r, &protocol);
ap_set_keepalive(r);

+ /* 204/304 responses don't have content related headers */
if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
apr_table_unset(r->headers_out, "Transfer-Encoding");
apr_table_unset(r->headers_out, "Content-Length");
@@ -1482,16 +1496,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
apr_table_setn(r->headers_out, "Content-Language", field);
}

- /*
- * Control cachability for non-cacheable responses if not already set by
- * some other part of the server configuration.
- */
- if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
- char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
- ap_recent_rfc822_date(date, r->request_time);
- apr_table_addn(r->headers_out, "Expires", date);
- }
-
/* This is a hack, but I can't find anyway around it. The idea is that
* we don't want to send out 0 Content-Lengths if it is a head request.
* This happens when modules try to outsmart the server, and return

Re: svn commit: r1916773 - /httpd/httpd/tags/2.4.55/modules/http/http_filters.c [ In reply to ]

covener at gmail

Apr 3, 2024, 5:09 AM

Post #2 of 3 (22 views)

Permalink

Oops, I did some release activities with an old tag as my checkout from testing.
If anyone can help correct this, I am going to pivot to actual 2.4.x.

On Wed, Apr 3, 2024 at 7:58?AM <covener@apache.org> wrote:
>
> Author: covener
> Date: Wed Apr 3 11:58:26 2024
> New Revision: 1916773
>
> URL: http://svn.apache.org/viewvc?rev=1916773&view=rev
> Log:
> header validation after content-* are eval'ed
>
> Submitted By: ylavic
>
>
>
> Modified:
> httpd/httpd/tags/2.4.55/modules/http/http_filters.c
>
> Modified: httpd/httpd/tags/2.4.55/modules/http/http_filters.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.55/modules/http/http_filters.c?rev=1916773&r1=1916772&r2=1916773&view=diff
> ==============================================================================
> --- httpd/httpd/tags/2.4.55/modules/http/http_filters.c (original)
> +++ httpd/httpd/tags/2.4.55/modules/http/http_filters.c Wed Apr 3 11:58:26 2024
> @@ -1365,6 +1365,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> */
> apr_table_clear(r->headers_out);
> apr_table_clear(r->err_headers_out);
> + r->content_type = r->content_encoding = NULL;
> + r->content_languages = NULL;
> + r->clength = r->chunked = 0;
> apr_brigade_cleanup(b);
>
> /* Don't recall ap_die() if we come back here (from its own internal
> @@ -1381,8 +1384,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> APR_BRIGADE_INSERT_TAIL(b, e);
> e = apr_bucket_eos_create(c->bucket_alloc);
> APR_BRIGADE_INSERT_TAIL(b, e);
> - r->content_type = r->content_encoding = NULL;
> - r->content_languages = NULL;
> ap_set_content_length(r, 0);
> recursive_error = 1;
> }
> @@ -1409,6 +1410,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> if (!apr_is_empty_table(r->err_headers_out)) {
> r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
> r->headers_out);
> + apr_table_clear(r->err_headers_out);
> }
>
> /*
> @@ -1428,6 +1430,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> fixup_vary(r);
> }
>
> +
> + /*
> + * Control cachability for non-cacheable responses if not already set by
> + * some other part of the server configuration.
> + */
> + if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
> + char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
> + ap_recent_rfc822_date(date, r->request_time);
> + apr_table_addn(r->headers_out, "Expires", date);
> + }
> +
> /*
> * Now remove any ETag response header field if earlier processing
> * says so (such as a 'FileETag None' directive).
> @@ -1440,6 +1453,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> basic_http_header_check(r, &protocol);
> ap_set_keepalive(r);
>
> + /* 204/304 responses don't have content related headers */
> if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
> apr_table_unset(r->headers_out, "Transfer-Encoding");
> apr_table_unset(r->headers_out, "Content-Length");
> @@ -1482,16 +1496,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> apr_table_setn(r->headers_out, "Content-Language", field);
> }
>
> - /*
> - * Control cachability for non-cacheable responses if not already set by
> - * some other part of the server configuration.
> - */
> - if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
> - char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
> - ap_recent_rfc822_date(date, r->request_time);
> - apr_table_addn(r->headers_out, "Expires", date);
> - }
> -
> /* This is a hack, but I can't find anyway around it. The idea is that
> * we don't want to send out 0 Content-Lengths if it is a head request.
> * This happens when modules try to outsmart the server, and return
>
>

--
Eric Covener
covener@gmail.com

Re: svn commit: r1916773 - /httpd/httpd/tags/2.4.55/modules/http/http_filters.c [ In reply to ]

covener at gmail

Apr 3, 2024, 5:24 AM

Post #3 of 3 (22 views)

Permalink

attempted to fix, hopefully didn't make it any worse.

On Wed, Apr 3, 2024 at 8:09?AM Eric Covener <covener@gmail.com> wrote:
>
> Oops, I did some release activities with an old tag as my checkout from testing.
> If anyone can help correct this, I am going to pivot to actual 2.4.x.
>
> On Wed, Apr 3, 2024 at 7:58?AM <covener@apache.org> wrote:
> >
> > Author: covener
> > Date: Wed Apr 3 11:58:26 2024
> > New Revision: 1916773
> >
> > URL: http://svn.apache.org/viewvc?rev=1916773&view=rev
> > Log:
> > header validation after content-* are eval'ed
> >
> > Submitted By: ylavic
> >
> >
> >
> > Modified:
> > httpd/httpd/tags/2.4.55/modules/http/http_filters.c
> >
> > Modified: httpd/httpd/tags/2.4.55/modules/http/http_filters.c
> > URL: http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.55/modules/http/http_filters.c?rev=1916773&r1=1916772&r2=1916773&view=diff
> > ==============================================================================
> > --- httpd/httpd/tags/2.4.55/modules/http/http_filters.c (original)
> > +++ httpd/httpd/tags/2.4.55/modules/http/http_filters.c Wed Apr 3 11:58:26 2024
> > @@ -1365,6 +1365,9 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > */
> > apr_table_clear(r->headers_out);
> > apr_table_clear(r->err_headers_out);
> > + r->content_type = r->content_encoding = NULL;
> > + r->content_languages = NULL;
> > + r->clength = r->chunked = 0;
> > apr_brigade_cleanup(b);
> >
> > /* Don't recall ap_die() if we come back here (from its own internal
> > @@ -1381,8 +1384,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > APR_BRIGADE_INSERT_TAIL(b, e);
> > e = apr_bucket_eos_create(c->bucket_alloc);
> > APR_BRIGADE_INSERT_TAIL(b, e);
> > - r->content_type = r->content_encoding = NULL;
> > - r->content_languages = NULL;
> > ap_set_content_length(r, 0);
> > recursive_error = 1;
> > }
> > @@ -1409,6 +1410,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > if (!apr_is_empty_table(r->err_headers_out)) {
> > r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
> > r->headers_out);
> > + apr_table_clear(r->err_headers_out);
> > }
> >
> > /*
> > @@ -1428,6 +1430,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > fixup_vary(r);
> > }
> >
> > +
> > + /*
> > + * Control cachability for non-cacheable responses if not already set by
> > + * some other part of the server configuration.
> > + */
> > + if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
> > + char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
> > + ap_recent_rfc822_date(date, r->request_time);
> > + apr_table_addn(r->headers_out, "Expires", date);
> > + }
> > +
> > /*
> > * Now remove any ETag response header field if earlier processing
> > * says so (such as a 'FileETag None' directive).
> > @@ -1440,6 +1453,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > basic_http_header_check(r, &protocol);
> > ap_set_keepalive(r);
> >
> > + /* 204/304 responses don't have content related headers */
> > if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
> > apr_table_unset(r->headers_out, "Transfer-Encoding");
> > apr_table_unset(r->headers_out, "Content-Length");
> > @@ -1482,16 +1496,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> > apr_table_setn(r->headers_out, "Content-Language", field);
> > }
> >
> > - /*
> > - * Control cachability for non-cacheable responses if not already set by
> > - * some other part of the server configuration.
> > - */
> > - if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
> > - char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
> > - ap_recent_rfc822_date(date, r->request_time);
> > - apr_table_addn(r->headers_out, "Expires", date);
> > - }
> > -
> > /* This is a hack, but I can't find anyway around it. The idea is that
> > * we don't want to send out 0 Content-Lengths if it is a head request.
> > * This happens when modules try to outsmart the server, and return
> >
> >
>
>
> --
> Eric Covener
> covener@gmail.com

--
Eric Covener
covener@gmail.com