Author: stevehay Date: Wed Jan 4 14:09:09 2017 New Revision: 1777320 URL: http://svn.apache.org/viewvc?rev=1777320&view=rev Log: Since Apache 2.4.25, header injection fails with
protocol.c(957): (22)Invalid argument: [client 127.0.0.1:53182] Failed to read request header line X-Extra-Header2: Value 2 protocol.c(1313): [client 127.0.0.1:53182] AH00567: request failed: error reading the headers making the server issue a 400 Bad request response and causing test failures. The problem is that the injected header lines only have a LF and no CR. RFC 7230, section 3.5 says: Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR. Apache with strict enabled chooses not to implement the MAY. This may or may not be a good idea, but that is a different question. In any case, mod_perl's test should send a compliant HTTP request. Bug-Debian: https://bugs.debian.org/849082 [Patch from Stefan Fritsch <s...@sfritsch.de>] Modified: perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm Modified: perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm URL: http://svn.apache.org/viewvc/perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm?rev=1777320&r1=1777319&r2=1777320&view=diff ============================================================================== --- perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm (original) +++ perl/modperl/trunk/t/filter/TestFilter/in_bbs_inject_header.pm Wed Jan 4 14:09:09 2017 @@ -181,7 +181,7 @@ sub handler : FilterConnectionHandler { if ($data and $data =~ /^POST/) { # demonstrate how to add a header while processing other headers - my $header = "$header1_key: $header1_val\n"; + my $header = "$header1_key: $header1_val\r\n"; push @{ $ctx->{buckets} }, APR::Bucket->new($c->bucket_alloc, $header); debug "queued header [$header]"; } @@ -199,7 +199,7 @@ sub handler : FilterConnectionHandler { # we hit the headers and body separator, which is a good # time to add extra headers: for my $key (keys %headers) { - my $header = "$key: $headers{$key}\n"; + my $header = "$key: $headers{$key}\r\n"; push @{ $ctx->{buckets} }, APR::Bucket->new($c->bucket_alloc, $header); debug "queued header [$header]"; }