Skip to content

Commit e98c400

Browse files
covenercovener
committed
header validation after content-* are eval'ed
Submitted By: ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1916770 13f79535-47bb-0310-9956-ffa450edef68
1 parent 61645ea commit e98c400

File tree

1 file changed

+24
-15
lines changed

1 file changed

+24
-15
lines changed

modules/http/http_filters.c

+24-15
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,7 @@ APLOG_USE_MODULE(http);
5959

6060
static apr_bucket *create_trailers_bucket(request_rec *r, apr_bucket_alloc_t *bucket_alloc);
6161
static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bucket_alloc);
62+
static void merge_response_headers(request_rec *r);
6263

6364
typedef struct http_filter_ctx
6465
{
@@ -1239,12 +1240,16 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
12391240
ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
12401241
"ap_http_header_filter prep response status %d",
12411242
r->status);
1243+
merge_response_headers(r);
12421244
if (!check_headers(r)) {
12431245
/* We may come back here from ap_die() below,
12441246
* so clear anything from this response.
12451247
*/
12461248
apr_table_clear(r->headers_out);
12471249
apr_table_clear(r->err_headers_out);
1250+
r->content_type = r->content_encoding = NULL;
1251+
r->content_languages = NULL;
1252+
r->clength = r->chunked = 0;
12481253
apr_brigade_cleanup(b);
12491254

12501255
/* Don't recall ap_die() if we come back here (from its own internal
@@ -1261,8 +1266,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
12611266
APR_BRIGADE_INSERT_TAIL(b, e);
12621267
e = apr_bucket_eos_create(c->bucket_alloc);
12631268
APR_BRIGADE_INSERT_TAIL(b, e);
1264-
r->content_type = r->content_encoding = NULL;
1265-
r->content_languages = NULL;
12661269
ap_set_content_length(r, 0);
12671270
recursive_error = 1;
12681271
}
@@ -2044,7 +2047,7 @@ static const char *get_status_reason(const char *status_line)
20442047
return NULL;
20452048
}
20462049

2047-
static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bucket_alloc)
2050+
static void merge_response_headers(request_rec *r)
20482051
{
20492052
const char *ctype;
20502053

@@ -2056,6 +2059,7 @@ static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bu
20562059
if (!apr_is_empty_table(r->err_headers_out)) {
20572060
r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
20582061
r->headers_out);
2062+
apr_table_clear(r->err_headers_out);
20592063
}
20602064

20612065
ap_set_std_response_headers(r);
@@ -2077,6 +2081,9 @@ static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bu
20772081
fixup_vary(r);
20782082
}
20792083

2084+
/* Determine the protocol and whether we should use keepalives. */
2085+
basic_http_header_check(r);
2086+
20802087
/*
20812088
* Now remove any ETag response header field if earlier processing
20822089
* says so (such as a 'FileETag None' directive).
@@ -2085,10 +2092,19 @@ static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bu
20852092
apr_table_unset(r->headers_out, "ETag");
20862093
}
20872094

2088-
/* determine the protocol and whether we should use keepalives. */
2089-
basic_http_header_check(r);
2095+
/*
2096+
* Control cachability for non-cacheable responses if not already set by
2097+
* some other part of the server configuration.
2098+
*/
2099+
if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
2100+
char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
2101+
ap_recent_rfc822_date(date, r->request_time);
2102+
apr_table_addn(r->headers_out, "Expires", date);
2103+
}
20902104

2105+
/* 204/304 responses don't have content related headers */
20912106
if (AP_STATUS_IS_HEADER_ONLY(r->status)) {
2107+
apr_table_unset(r->headers_out, "Transfer-Encoding");
20922108
apr_table_unset(r->headers_out, "Content-Length");
20932109
r->content_type = r->content_encoding = NULL;
20942110
r->content_languages = NULL;
@@ -2124,17 +2140,10 @@ static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bu
21242140
field = apr_array_pstrcat(r->pool, r->content_languages, ',');
21252141
apr_table_setn(r->headers_out, "Content-Language", field);
21262142
}
2143+
}
21272144

2128-
/*
2129-
* Control cachability for non-cacheable responses if not already set by
2130-
* some other part of the server configuration.
2131-
*/
2132-
if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
2133-
char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
2134-
ap_recent_rfc822_date(date, r->request_time);
2135-
apr_table_addn(r->headers_out, "Expires", date);
2136-
}
2137-
2145+
static apr_bucket *create_response_bucket(request_rec *r, apr_bucket_alloc_t *bucket_alloc)
2146+
{
21382147
/* r->headers_out fully prepared. Create a headers bucket
21392148
* containing the response to send down the filter chain.
21402149
*/

0 commit comments

Comments
 (0)