https://bz.apache.org/bugzilla/show_bug.cgi?id=63669
Bug ID: 63669 Summary: Incomplete error code check for read_request_line() Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Mac OS X 10.1 Status: NEW Severity: major Priority: P2 Component: Core Assignee: bugs@httpd.apache.org Reporter: lege...@foxmail.com Target Milestone: --- at httpd/server/protocol.c around line static int read_request_line(request_rec *r, apr_bucket_brigade *bb) { ... rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2), &len, r, strict ? AP_GETLINE_CRLF : 0, bb); if (rv != APR_SUCCESS) { r->request_time = apr_time_now(); /* ap_rgetline returns APR_ENOSPC if it fills up the * buffer before finding the end-of-line. This is only going to * happen if it exceeds the configured limit for a request-line. */ if (APR_STATUS_IS_ENOSPC(rv)) { r->status = HTTP_REQUEST_URI_TOO_LARGE; } else if (APR_STATUS_IS_TIMEUP(rv)) { r->status = HTTP_REQUEST_TIME_OUT; } else if (APR_STATUS_IS_EINVAL(rv)) { r->status = HTTP_BAD_REQUEST; } r->proto_num = HTTP_VERSION(1,0); r->protocol = "HTTP/1.0"; return 0; } ... However, the function ap_rgetline() can actually return error codes other than APR_ENOSPC, APR_TIMEUP, APR_EINVAL. If the input bb is NULL, it can even return APR_BADARG, and in some cases it returns APR_EGENERAL. These errors are ignored and HTTP status is not correctly set. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org