delta/apache/httpd.git/server/protocol.c, branch httpdunit github.com: apache/httpd.git Fix some spelling errors in comments 2017-03-10T16:42:26+00:00 Mike Rumph mrumph@apache.org 2017-03-10T16:42:26+00:00 cbb95aab0be6373f32c86412eda09b47fdacccff git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1786384 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1786384 13f79535-47bb-0310-9956-ffa450edef68
old IBM EBCDIC fix that never got shared. 2017-01-04T18:04:26+00:00 Eric Covener covener@apache.org 2017-01-04T18:04:26+00:00 b2fb7e185c6f50fa8906bc9b872bad8771dd281e git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777354 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777354 13f79535-47bb-0310-9956-ffa450edef68
Partial port of proposed r1773158 for httpd-2.x only; this change causes all 2016-12-07T23:01:32+00:00 William A. Rowe Jr wrowe@apache.org 2016-12-07T23:01:32+00:00 2b69370fcf758aaddf15e1b395539a8f4e2f5716 illegible protocol args to be rejected, irrespective of the strict toggle as we expect this to occur with a garbage raw SP embedded in the request URI. Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0 error response. String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol member. Submitted by: rpluem, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773159 13f79535-47bb-0310-9956-ffa450edef68 
illegible protocol args to be rejected, irrespective of the strict toggle as
we expect this to occur with a garbage raw SP embedded in the request URI.

Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0
error response.

String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol
member.

Submitted by: rpluem, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773159 13f79535-47bb-0310-9956-ffa450edef68
Optimize away one more strchr 2016-11-22T18:43:28+00:00 William A. Rowe Jr wrowe@apache.org 2016-11-22T18:43:28+00:00 2e501bbb12b6d2299f2336e6e839a968570e97a3 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770869 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770869 13f79535-47bb-0310-9956-ffa450edef68
List discussion resulted in rejecting all but SP characters in the request 2016-11-22T18:33:20+00:00 William A. Rowe Jr wrowe@apache.org 2016-11-22T18:33:20+00:00 108f897191ac318519fca628bdad254db853b6f7 line, but in the strict mode prioritize excessive space testing over bad space testing (which is captured later) and make both more efficient (at this test ll[0] is already whitespace or \0 char). Also correct a comment. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68 
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68
Dropped the never-released ap_has_cntrls() as it had very limited 2016-10-14T20:48:43+00:00 William A. Rowe Jr wrowe@apache.org 2016-10-14T20:48:43+00:00 84ce5d25db7e83ad4103ea106a6f2256f618bc1c and inefficient application at that, added ap_scan_vchar_obstext() to accomplish a similar purpose. Dropped HttpProtocolOptions StrictURL option, this will be better handled in the future with a specific directive and perhaps multiple levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there are no control characters or whitespace within the URI. Changed the scanning of the response header table by check_headers() to follow the same rulesets as reading request headers. Disallow any CTL character within a response header value, and any CTL or whitespace in response header field name, even in strict mode. Apply HttpProtocolOptions Strict to chunk header parsing, invalid whitespace is invalid, line termination must follow CRLF convention. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68 
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.

Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.

Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.

Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68
Clarify 2016-08-30T01:06:48+00:00 William A. Rowe Jr wrowe@apache.org 2016-08-30T01:06:48+00:00 00423058d6f4139183769d41198ec32d34d8413a git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758313 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758313 13f79535-47bb-0310-9956-ffa450edef68
Calm some overly agressive crlf handling 2016-08-29T22:19:25+00:00 William A. Rowe Jr wrowe@apache.org 2016-08-29T22:19:25+00:00 09fcfe627fb1b21477bbca02bc8d5380873ea658 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758305 13f79535-47bb-0310-9956-ffa450edef68 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758305 13f79535-47bb-0310-9956-ffa450edef68
New optional flag to enforce <CR><LF> line delimiters in ap_[r]getline, 2016-08-29T22:17:07+00:00 William A. Rowe Jr wrowe@apache.org 2016-08-29T22:17:07+00:00 28163941ef93594a4e36b775aeaf007a67d92640 created by overloading 'int fold' (1 or 0) as 'int flags', with the same value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value 2 for AP_GETLINE_CRLF Enforce CRLF when HttpProtocolOptions Strict is in force. Correctly introduces a new t/TEST fail. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758304 13f79535-47bb-0310-9956-ffa450edef68 
created by overloading 'int fold' (1 or 0) as 'int flags', with the same
value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value
2 for AP_GETLINE_CRLF

Enforce CRLF when HttpProtocolOptions Strict is in force.

Correctly introduces a new t/TEST fail.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758304 13f79535-47bb-0310-9956-ffa450edef68
Correct the parser construction for several optimizations, 2016-08-29T17:25:35+00:00 William A. Rowe Jr wrowe@apache.org 2016-08-29T17:25:35+00:00 b06490c39c8ea0d4adef20704a8a3f3421a63759 based on the fact that bad whitespace shall not be permitted or corrected in any operating mode, while preserving the ability to extract bad method/uri/proto for later reporting and diagnostics. This change causes badwhitespace in the request line or any request field line to always fail, and not honor the setting of the HttpProtocolOptions Unsafe option. Mult SP characters or trailing SP characters in the request line are still permitted in Unsafe mode. Adjusted several error message emits to match these changes. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758263 13f79535-47bb-0310-9956-ffa450edef68 
based on the fact that bad whitespace shall not be permitted
or corrected in any operating mode, while preserving the 
ability to extract bad method/uri/proto for later reporting
and diagnostics.

This change causes badwhitespace in the request line or any
request field line to always fail, and not honor the setting
of the HttpProtocolOptions Unsafe option. Mult SP characters
or trailing SP characters in the request line are still 
permitted in Unsafe mode.

Adjusted several error message emits to match these changes.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758263 13f79535-47bb-0310-9956-ffa450edef68