Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c
Right, though several people have requested it now as errata. Seems likely to be in the final update for STD. Roy > On Oct 14, 2016, at 2:16 PM, William A Rowe Jrwrote: > >> On Fri, Oct 14, 2016 at 3:48 PM, wrote: >> Author: wrowe >> Date: Fri Oct 14 20:48:43 2016 >> New Revision: 1764961 >> >> URL: http://svn.apache.org/viewvc?rev=1764961=rev >> Log: >> [...] >> Apply HttpProtocolOptions Strict to chunk header parsing, invalid >> whitespace is invalid, line termination must follow CRLF convention. >> >> [...] > >> static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer, >> [...] > >> -else if (c == ' ' || c == '\t') { >> +else if (!strict && (c == ' ' || c == '\t')) { >> /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). >> */ >> ctx->state = BODY_CHUNK_CR; > > I'm not sure where this myth came from... > > https://tools.ietf.org/html/rfc7230#section-4.1 > > has *NO* provision for BWS in the chunk size.
Re: svn commit: r1764961 - in /httpd/httpd/trunk: docs/manual/mod/core.xml modules/http/http_filters.c server/core.c server/gen_test_char.c server/protocol.c server/util.c
On Fri, Oct 14, 2016 at 3:48 PM,wrote: > Author: wrowe > Date: Fri Oct 14 20:48:43 2016 > New Revision: 1764961 > > URL: http://svn.apache.org/viewvc?rev=1764961=rev > Log: > [...] > Apply HttpProtocolOptions Strict to chunk header parsing, invalid > whitespace is invalid, line termination must follow CRLF convention. > > [...] > static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer, > [...] > -else if (c == ' ' || c == '\t') { > +else if (!strict && (c == ' ' || c == '\t')) { > /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). > */ > ctx->state = BODY_CHUNK_CR; > I'm not sure where this myth came from... https://tools.ietf.org/html/rfc7230#section-4.1 has *NO* provision for BWS in the chunk size.
Re: svn commit: r1688399 - /httpd/httpd/trunk/modules/metadata/mod_remoteip.c
On Fri, Oct 14, 2016 at 11:16 AM, Eric Covenerwrote: > This was not backported and popped up in PR60251. > > Bill, can you have a look including my guess that it really should > just be "temp_sa = r->useragent_addr;"? While that code should *not* be triggered before r->useragent_addr has been populated, some off-beat perl code causes these phases to run out-of-sequence and we segfault not long after if this is run without a post read request hook. I blame a bad mod_perl example, but the cycle wasted to confirm that useragent_addr is non-null isn't worth trimming.
Re: svn commit: r1688399 - /httpd/httpd/trunk/modules/metadata/mod_remoteip.c
This was not backported and popped up in PR60251. Bill, can you have a look including my guess that it really should just be "temp_sa = r->useragent_addr;"? On Tue, Jun 30, 2015 at 4:40 AM,wrote: > Author: jkaluza > Date: Tue Jun 30 08:40:17 2015 > New Revision: 1688399 > > URL: http://svn.apache.org/r1688399 > Log: > mod_remoteip: Use r->useragent_addr as the root trusted address for verifying. > > This fixes issue resulting in setting of bad useragent_ip when internal > redirection has been generated as response to the request (typically as > result of "ErrorDocument 40x"). > > In this case, the original request has been handled by mod_remoteip and its > useragent_ip has been changed properly, but when internal redirection > to ErrorDocument has been generated later, the mod_remoteip's handler has been > executed again with *the same* c->client_addr as in the original request. If > c->client_addr IP is trusted, this results in bad useragent_ip being set. > > When using r->useragent_addr as the root trusted address instead of > c->client_addr, the internal redirection uses the first non-trusted > IP in this particular case, so it won't change the r->useragent_ip during > the internal redirection to ErrorDocument. > > Modified: > httpd/httpd/trunk/modules/metadata/mod_remoteip.c > > Modified: httpd/httpd/trunk/modules/metadata/mod_remoteip.c > URL: > http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/metadata/mod_remoteip.c?rev=1688399=1688398=1688399=diff > == > --- httpd/httpd/trunk/modules/metadata/mod_remoteip.c (original) > +++ httpd/httpd/trunk/modules/metadata/mod_remoteip.c Tue Jun 30 08:40:17 2015 > @@ -255,7 +255,7 @@ static int remoteip_modify_request(reque > } > remote = apr_pstrdup(r->pool, remote); > > -temp_sa = c->client_addr; > +temp_sa = r->useragent_addr ? r->useragent_addr : c->client_addr; > > while (remote) { > > > -- Eric Covener cove...@gmail.com