Commit 473de033 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

  Backport the 2.x C-L/T-E core protocol patch;

Reviewed for 1.3 by: wrowe, jimj, graham

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@230826 13f79535-47bb-0310-9956-ffa450edef68
parent 33a3fc15

src/CHANGES

+7 −0
Original line number Diff line number Diff line 
Changes with Apache 1.3.34



  *) SECURITY: core: If a request contains both Transfer-Encoding and 

     Content-Length headers, remove the Content-Length, mitigating some 

     HTTP Request Splitting/Spoofing attacks.  This has no impact on

     mod_proxy_http, yet affects any module which supports chunked

     encoding yet fails to prefer T-E: chunked over the Content-Length

     purported value.  [Paul Querna, Joe Orton]



  *) Added TraceEnable [on|off|extended] per-server directive to alter

     the behavior of the TRACE method.  This addresses a flaw in proxy

     conformance to RFC 2616 - previously the proxy server would accept

src/main/http_protocol.c

+8 −0
Original line number Diff line number Diff line
@@ -1214,6 +1214,14 @@ API_EXPORT(request_rec *) ap_read_request(conn_rec *conn) 
            ap_log_transaction(r);

            return r;

        }

        if (ap_table_get(r->headers_in, "Transfer-Encoding")

            && ap_table_get(r->headers_in, "Content-Length")) {

            /* 2616 section 4.4, point 3: "if both Transfer-Encoding

             * and Content-Length are received, the latter MUST be

             * ignored"; so unset it here to prevent any confusion

             * later. */

            ap_table_unset(r->headers_in, "Content-Length");

        }

    }

    else {

        ap_kill_timeout(r);