Commit de9c9a7c authored by Ryan Bloom's avatar Ryan Bloom
Browse files

Ignore CRLF (or LF) when PEEK'ing at data on the socket. The general 

problem is that some browsers send an extra line at the end of a POST
request.  We use the PEEK method to determine if there is any data left
on the socket, if there is then we delay sending the response until we
have enough data to make it worthwhile.  If the browser sends an extra
blank line, we don't want to delay the response at all.  The only time
we use the PEEK method is to check for a second request, so this is safe
to do.

This also solves Joe Orton's problem of specifying a Content- Length
of 1 for a blank line, and having the server wait to send back a response.
The problem is that Linux (all Unix really) sends two characters \r\n for
a blank line, so specifying a C-L of 1 means that the server still sees
a \n when it PEEKs that the socket data.  That \n can be safely ignored
however.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87540 13f79535-47bb-0310-9956-ffa450edef68
parent 79e0ee22

CHANGES

+5 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0b1



  *) Ignore \r\n or \n when using PEEK mode for input filters.  The problem

     is that some browsers send extra lines at the end of POST requests, and

     we don't want to delay sending data back to the user just because the

     browser isn't well behaved. [Ryan Bloom]



  *) Get SuEXEC working again.  We can't send absolute paths to suExec

     because it refuses to execute those programs.  SuEXEC also wasn't

     always recognizing configuration changes made using the autoconf

modules/http/http_protocol.c

+29 −20
Original line number Diff line number Diff line
@@ -969,28 +969,37 @@ apr_status_t ap_http_filter(ap_filter_t *f, ap_bucket_brigade *b, ap_input_mode_ 
        const char *str;

        apr_size_t length;



        if (AP_BRIGADE_EMPTY(ctx->b)) {

            return APR_EOF;

        }



        e = AP_BRIGADE_FIRST(ctx->b);

        while (e->length == 0) {

            AP_BUCKET_REMOVE(e);

            ap_bucket_destroy(e);



        /* The purpose of this loop is to ignore any CRLF (or LF) at the end

         * of a request.  Many browsers send extra lines at the end of POST

         * requests.  We use the PEEK method to determine if there is more

         * data on the socket, so that we know if we should delay sending the

         * end of one request until we have served the second request in a

         * pipelined situation.  We don't want to actually delay sending a

         * response if the server finds a CRLF (or LF), becuause that doesn't

         * mean that there is another request, just a blank line.

         */

        while (1) {

            if (AP_BRIGADE_EMPTY(ctx->b)) {

                e = NULL;

                break;

            }



            else {

                e = AP_BRIGADE_FIRST(ctx->b);

            }



            if (!e || ap_bucket_read(e, &str, &length, AP_NONBLOCK_READ) != APR_SUCCESS) {

                return APR_EOF;

            }

            else {

            return APR_SUCCESS;

                const char *c = str;

                while (c - str < length) {

                    if (*c == ASCII_LF)

                        c++;

                    else if (*c == ASCII_CR && *(c + 1) == ASCII_LF)

                        c += 2;

                    else return APR_SUCCESS;

                }

                AP_BUCKET_REMOVE(e);

                ap_bucket_destroy(e);

            }

        }

    }