in_bbs_inject_header.pm

stevehay Wed, 04 Jan 2017 06:09:37 -0800

Author: stevehay
Date: Wed Jan  4 14:09:09 2017
New Revision: 1777320

URL: http://svn.apache.org/viewvc?rev=1777320&view=rev
Log:
Since Apache 2.4.25, header injection fails with


  protocol.c(957): (22)Invalid argument: [client 127.0.0.1:53182] Failed to 
read request header line X-Extra-Header2: Value 2
  protocol.c(1313): [client 127.0.0.1:53182] AH00567: request failed: error 
reading the headers

making the server issue a 400 Bad request response and causing test
failures.

The problem is that the injected header lines only have a LF and no CR.

RFC 7230, section 3.5 says:

  Although the line terminator for the start-line and header fields is
   the sequence CRLF, a recipient MAY recognize a single LF as a line
   terminator and ignore any preceding CR.

Apache with strict enabled chooses not to implement the MAY. This may or
may not be a good idea, but that is a  different question. In any case, 
mod_perl's test should send a compliant HTTP request.

Bug-Debian: https://bugs.debian.org/849082

[Patch from Stefan Fritsch <s...@sfritsch.de>]

Modified:
    perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm

Modified: perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm
URL: 
http://svn.apache.org/viewvc/perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm?rev=1777320&r1=1777319&r2=1777320&view=diff
==============================================================================
--- perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm (original)
+++ perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm Wed Jan  4 
14:09:09 2017
@@ -181,7 +181,7 @@ sub handler : FilterConnectionHandler {
 
         if ($data and $data =~ /^POST/) {
             # demonstrate how to add a header while processing other headers
-            my $header = "$header1_key: $header1_val\n";
+            my $header = "$header1_key: $header1_val\r\n";
             push @{ $ctx->{buckets} }, APR::Bucket->new($c->bucket_alloc, 
$header);
             debug "queued header [$header]";
         }
@@ -199,7 +199,7 @@ sub handler : FilterConnectionHandler {
             # we hit the headers and body separator, which is a good
             # time to add extra headers:
             for my $key (keys %headers) {
-                my $header = "$key: $headers{$key}\n";
+                my $header = "$key: $headers{$key}\r\n";
                 push @{ $ctx->{buckets} }, APR::Bucket->new($c->bucket_alloc, 
$header);
                 debug "queued header [$header]";
             }

svn commit: r1777320 - /perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm

Reply via email to