'ap_unescape_urlencoded()' suggests that NULL can be passed to 'unescape_url()'.
So avoid a potential 'strchr(NULL, ...)' which is an undefined behavior.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838270 13f79535-47bb-0310-9956-ffa450edef68
Current RETRIEVE_BRIGADE_FROM_POOL macro from "http_request.c" is turned into
a helper and used in ap_request_core_filter().
We will need it in a subsequent commit in "util_filter.c" too.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836018 13f79535-47bb-0310-9956-ffa450edef68
ap_pbase64decode_strict() adds to the functionality of
ap_pbase64decode() in two ways:
- the length of the decoded buffer is returned, allowing embedded NULLs
to be retained by the caller
- the input string is strictly checked for Base64 validity, including
correct zero-padding at the end of the string
(This was originally added to the httpdunit feature/backport branch in
r1796208, then reverted in r1799376, since it's currently intended for
trunk only.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799380 13f79535-47bb-0310-9956-ffa450edef68
In the aftermath of CVE-2017-7668, decouple the business logic ("is NULL
a T_HTTP_CTRL") from the postcondition ("must not go past the end of the
string"). The NULL-byte classification in the TEST_CHAR table may change
in the future.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799375 13f79535-47bb-0310-9956-ffa450edef68
no application for this yet in httpd, so hold off adding this function when
we backport the enhancements. ap_scan_http_token was entirely sufficient.
If the community wants this new function, we can add it when backporting
work is complete.
This patch, and the earlier patches Friday actually demanded an mmn major
bump due to struct member changes. In any final backport, new members must
be added to the end of the struct to retain an mmn minor designation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1765451 13f79535-47bb-0310-9956-ffa450edef68
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.
Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.
Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.
Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68
is that it becomes impossible to cleanly merge into branches/2.4.x.
Reverting this one functional/historical edit, to recommit for merging.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747477 13f79535-47bb-0310-9956-ffa450edef68
just like ap_getword_conf[_nc] but allows for {} to be
used as word quotes. That is:
{Hello World} Foo Bar
"Hello World" Foo Bar
are equiv.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1722321 13f79535-47bb-0310-9956-ffa450edef68
use of curlies... That is:
"Hello World" Foo Bar
and
{Hello World} Foo Bar
will both return the same if using ap_getword_conf2()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1722243 13f79535-47bb-0310-9956-ffa450edef68
This simply provides it. Next step is to change all uses of
str[n]casecmp to ap_str[n]casecmp and *then* remove those silly
logic paths where we check the 1st char of a string before
we do the strcasecmp (since this is no longer expensive).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1715401 13f79535-47bb-0310-9956-ffa450edef68
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
