|
|
57e3a1 |
From 8b6d55f6a047acf62675e32606b037f5eea8ccc7 Mon Sep 17 00:00:00 2001
|
|
|
57e3a1 |
From: Eric Covener <covener@apache.org>
|
|
|
57e3a1 |
Date: Tue, 10 Jan 2023 13:20:09 +0000
|
|
|
57e3a1 |
Subject: [PATCH] Merge r1906539 from trunk:
|
|
|
57e3a1 |
|
|
|
57e3a1 |
fail on bad header
|
|
|
57e3a1 |
|
|
|
57e3a1 |
Submitted By: covener
|
|
|
57e3a1 |
Reviewed By: covener, rpluem, gbechis
|
|
|
57e3a1 |
|
|
|
57e3a1 |
|
|
|
57e3a1 |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1906541 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
57e3a1 |
---
|
|
|
57e3a1 |
modules/proxy/mod_proxy_http.c | 46 ++++++++++++++++++++--------------
|
|
|
57e3a1 |
server/protocol.c | 2 ++
|
|
|
57e3a1 |
2 files changed, 29 insertions(+), 19 deletions(-)
|
|
|
57e3a1 |
|
|
|
57e3a1 |
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
|
|
|
57e3a1 |
index d74ae054ac9..ec4e7fb06b5 100644
|
|
|
57e3a1 |
--- a/modules/proxy/mod_proxy_http.c
|
|
|
57e3a1 |
+++ b/modules/proxy/mod_proxy_http.c
|
|
|
57e3a1 |
@@ -788,7 +788,7 @@ static void process_proxy_header(request_rec *r, proxy_dir_conf *c,
|
|
|
57e3a1 |
* any sense at all, since we depend on buffer still containing
|
|
|
57e3a1 |
* what was read by ap_getline() upon return.
|
|
|
57e3a1 |
*/
|
|
|
57e3a1 |
-static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
+static apr_status_t ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
char *buffer, int size,
|
|
|
57e3a1 |
conn_rec *c, int *pread_len)
|
|
|
57e3a1 |
{
|
|
|
57e3a1 |
@@ -820,19 +820,26 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
rc = ap_proxygetline(tmp_bb, buffer, size, rr,
|
|
|
57e3a1 |
AP_GETLINE_FOLD | AP_GETLINE_NOSPC_EOL, &len;;
|
|
|
57e3a1 |
|
|
|
57e3a1 |
- if (len <= 0)
|
|
|
57e3a1 |
- break;
|
|
|
57e3a1 |
|
|
|
57e3a1 |
- if (APR_STATUS_IS_ENOSPC(rc)) {
|
|
|
57e3a1 |
- /* The header could not fit in the provided buffer, warn.
|
|
|
57e3a1 |
- * XXX: falls through with the truncated header, 5xx instead?
|
|
|
57e3a1 |
- */
|
|
|
57e3a1 |
- int trunc = (len > 128 ? 128 : len) / 2;
|
|
|
57e3a1 |
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10124)
|
|
|
57e3a1 |
- "header size is over the limit allowed by "
|
|
|
57e3a1 |
- "ResponseFieldSize (%d bytes). "
|
|
|
57e3a1 |
- "Bad response header: '%.*s[...]%s'",
|
|
|
57e3a1 |
- size, trunc, buffer, buffer + len - trunc);
|
|
|
57e3a1 |
+ if (rc != APR_SUCCESS) {
|
|
|
57e3a1 |
+ if (APR_STATUS_IS_ENOSPC(rc)) {
|
|
|
57e3a1 |
+ int trunc = (len > 128 ? 128 : len) / 2;
|
|
|
57e3a1 |
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10124)
|
|
|
57e3a1 |
+ "header size is over the limit allowed by "
|
|
|
57e3a1 |
+ "ResponseFieldSize (%d bytes). "
|
|
|
57e3a1 |
+ "Bad response header: '%.*s[...]%s'",
|
|
|
57e3a1 |
+ size, trunc, buffer, buffer + len - trunc);
|
|
|
57e3a1 |
+ }
|
|
|
57e3a1 |
+ else {
|
|
|
57e3a1 |
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, rc, r, APLOGNO(10404)
|
|
|
57e3a1 |
+ "Error reading headers from backend");
|
|
|
57e3a1 |
+ }
|
|
|
57e3a1 |
+ r->headers_out = NULL;
|
|
|
57e3a1 |
+ return rc;
|
|
|
57e3a1 |
+ }
|
|
|
57e3a1 |
+
|
|
|
57e3a1 |
+ if (len <= 0) {
|
|
|
57e3a1 |
+ break;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
else {
|
|
|
57e3a1 |
ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r, "%s", buffer);
|
|
|
57e3a1 |
@@ -855,7 +862,7 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
if (psc->badopt == bad_error) {
|
|
|
57e3a1 |
/* Nope, it wasn't even an extra HTTP header. Give up. */
|
|
|
57e3a1 |
r->headers_out = NULL;
|
|
|
57e3a1 |
- return;
|
|
|
57e3a1 |
+ return APR_EINVAL;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
else if (psc->badopt == bad_body) {
|
|
|
57e3a1 |
/* if we've already started loading headers_out, then
|
|
|
57e3a1 |
@@ -869,13 +876,13 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
"in headers returned by %s (%s)",
|
|
|
57e3a1 |
r->uri, r->method);
|
|
|
57e3a1 |
*pread_len = len;
|
|
|
57e3a1 |
- return;
|
|
|
57e3a1 |
+ return APR_SUCCESS;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
else {
|
|
|
57e3a1 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01099)
|
|
|
57e3a1 |
"No HTTP headers returned by %s (%s)",
|
|
|
57e3a1 |
r->uri, r->method);
|
|
|
57e3a1 |
- return;
|
|
|
57e3a1 |
+ return APR_SUCCESS;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
@@ -905,6 +912,7 @@ static void ap_proxy_read_headers(request_rec *r, request_rec *rr,
|
|
|
57e3a1 |
process_proxy_header(r, dconf, buffer, value);
|
|
|
57e3a1 |
saw_headers = 1;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
+ return APR_SUCCESS;
|
|
|
57e3a1 |
}
|
|
|
57e3a1 |
|
|
|
57e3a1 |
|
|
|
57e3a1 |
@@ -1218,10 +1226,10 @@ int ap_proxy_http_process_response(proxy_http_req_t *req)
|
|
|
57e3a1 |
"Set-Cookie", NULL);
|
|
|
57e3a1 |
|
|
|
57e3a1 |
/* shove the headers direct into r->headers_out */
|
|
|
57e3a1 |
- ap_proxy_read_headers(r, backend->r, buffer, response_field_size,
|
|
|
57e3a1 |
- origin, &pread_len);
|
|
|
57e3a1 |
+ rc = ap_proxy_read_headers(r, backend->r, buffer, response_field_size,
|
|
|
57e3a1 |
+ origin, &pread_len);
|
|
|
57e3a1 |
|
|
|
57e3a1 |
- if (r->headers_out == NULL) {
|
|
|
57e3a1 |
+ if (rc != APR_SUCCESS || r->headers_out == NULL) {
|
|
|
57e3a1 |
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01106)
|
|
|
57e3a1 |
"bad HTTP/%d.%d header returned by %s (%s)",
|
|
|
57e3a1 |
major, minor, r->uri, r->method);
|
|
|
57e3a1 |
diff --git a/server/protocol.c b/server/protocol.c
|
|
|
57e3a1 |
index 7adc7f75c10..6f9540ad1de 100644
|
|
|
57e3a1 |
--- a/server/protocol.c
|
|
|
57e3a1 |
+++ b/server/protocol.c
|
|
|
57e3a1 |
@@ -508,6 +508,8 @@ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
|
|
|
57e3a1 |
/* PR#43039: We shouldn't accept NULL bytes within the line */
|
|
|
57e3a1 |
bytes_handled = strlen(*s);
|
|
|
57e3a1 |
if (bytes_handled < *read) {
|
|
|
57e3a1 |
+ ap_log_data(APLOG_MARK, APLOG_DEBUG, ap_server_conf,
|
|
|
57e3a1 |
+ "NULL bytes in header", *s, *read, 0);
|
|
|
57e3a1 |
*read = bytes_handled;
|
|
|
57e3a1 |
if (rv == APR_SUCCESS) {
|
|
|
57e3a1 |
rv = APR_EINVAL;
|