Merge r1688274 from trunk. (9094d73b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		@@ -8,6 +8,9 @@ Changes with Apache 2.2.30
		Limit accepted chunk-size to 2^63-1 and be strict about chunk-ext
		authorized characters. [Graham Leggett, Yann Ylavic]

		*) http: Fix LimitRequestBody checks when there is no more bytes to read.
		[Michael Kaufmann <mail michael-kaufmann.ch>]

		*) core: Allow spaces after chunk-size for compatibility with implementations
		using a pre-filled buffer. [Yann Ylavic, Jeff Trawick]

STATUS

+0 −8

Original line number	Diff line number	Diff line
		@@ -97,14 +97,6 @@ CURRENT RELEASE NOTES:

		RELEASE SHOWSTOPPERS:

		*) http: Fix LimitRequestBody checks when there is no more bytes to read.
		[Michael Kaufmann <mail michael-kaufmann.ch>]
		trunk patch: http://svn.apache.org/r1688274
		2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-fix_LimitRequestBody.patch
		(modulo CHANGES, patch needed because of bail_out_on_error
		and APLOGNO)
		+1: ylavic, mrumph, wrowe


		PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
		[ start all new proposals below, under PATCHES PROPOSED. ]

modules/http/http_filters.c

+19 −16

Original line number	Diff line number	Diff line
		@@ -320,7 +320,6 @@ apr_status_t ap_http_filter(ap_filter_t f, apr_bucket_brigade b,
		apr_bucket *e;
		http_ctx_t *ctx = f->ctx;
		apr_status_t rv;
		apr_off_t totalread;
		int http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;
		apr_bucket_brigade *bb;
		int again;
		@@ -556,6 +555,7 @@ apr_status_t ap_http_filter(ap_filter_t f, apr_bucket_brigade b,
		readbytes = ctx->remaining;
		}
		if (readbytes > 0) {
		apr_off_t totalread;

		rv = ap_get_brigade(f->next, b, mode, block, readbytes);

		@@ -598,6 +598,24 @@ apr_status_t ap_http_filter(ap_filter_t f, apr_bucket_brigade b,
		}
		}

		/* We have a limit in effect. */
		if (ctx->limit) {
		/* FIXME: Note that we might get slightly confused on
		* chunked inputs as we'd need to compensate for the chunk
		* lengths which may not really count. This seems to be up
		* for interpretation.
		*/
		ctx->limit_used += totalread;
		if (ctx->limit < ctx->limit_used) {
		ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r,
		"Read content length of "
		"%" APR_OFF_T_FMT " is larger than the "
		"configured limit of %" APR_OFF_T_FMT,
		ctx->limit_used, ctx->limit);
		return bail_out_on_error(ctx, f,
		HTTP_REQUEST_ENTITY_TOO_LARGE);
		}
		}
		}

		/* If we have no more bytes remaining on a C-L request,
		@@ -609,21 +627,6 @@ apr_status_t ap_http_filter(ap_filter_t f, apr_bucket_brigade b,
		ctx->eos_sent = 1;
		}

		/* We have a limit in effect. */
		if (ctx->limit) {
		/* FIXME: Note that we might get slightly confused on chunked inputs
		* as we'd need to compensate for the chunk lengths which may not
		* really count. This seems to be up for interpretation. */
		ctx->limit_used += totalread;
		if (ctx->limit < ctx->limit_used) {
		ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r,
		"Read content-length of %" APR_OFF_T_FMT
		" is larger than the configured limit"
		" of %" APR_OFF_T_FMT, ctx->limit_used, ctx->limit);
		return bail_out_on_error(ctx, f, HTTP_REQUEST_ENTITY_TOO_LARGE);
		}
		}

		break;
		}
		case BODY_CHUNK_TRAILER: {