diff options
| author | Jim Jagielski <jim@apache.org> | 2015-11-26 13:42:42 +0000 |
|---|---|---|
| committer | Jim Jagielski <jim@apache.org> | 2015-11-26 13:42:42 +0000 |
| commit | a6c311656679385970eaa71ddaeb25d5b9209e5d (patch) | |
| tree | 67ce2b58e2ad0ba57400af4088d784288ffa65af /server | |
| parent | aa09b56e2240d617fb4e2962c8456db6feddb0b2 (diff) | |
| download | httpd-a6c311656679385970eaa71ddaeb25d5b9209e5d.tar.gz | |
Merge r1710095, r1710105, r1711902 from trunk:
core: Limit to ten the number of tolerated empty lines between request,
and consume them before the pipelining check to avoid possible response
delay when reading the next request without flushing.
Before this commit, the maximum number of empty lines was the same as
configured LimitRequestFields, defaulting to 100, which was way too much.
We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).
check_pipeline() is changed to check for (up to the limit) and comsume the
trailing [CR]LFs so that they won't be interpreted as pipelined requests,
otherwise we would block on the next read without flushing data, and hence
possibly delay pending response(s) until the next/real request comes in or
the keepalive timeout expires.
Finally, when the maximum number of empty line is reached in
read_request_line(), or that request line does not contains at least a method
and an (valid) URI, we can fail early and avoid some failure detected in
further processing.
core: follow up to r1710095.
Simplify logic in check_pipeline(), and log unexpected errors.
core: follow up to r1710095, r1710105.
We can do this in a single (no inner) loop, and simplify again the logic.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1716651 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
| -rw-r--r-- | server/protocol.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/server/protocol.c b/server/protocol.c index 386596ec69..7fc5b09663 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -561,12 +561,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) unsigned int major = 1, minor = 0; /* Assume HTTP/1.0 if non-"HTTP" protocol */ char http[5]; apr_size_t len; - int num_blank_lines = 0; - int max_blank_lines = r->server->limit_req_fields; - - if (max_blank_lines <= 0) { - max_blank_lines = DEFAULT_LIMIT_REQUEST_FIELDS; - } + int num_blank_lines = DEFAULT_LIMIT_BLANK_LINES; /* Read past empty lines until we get a real request line, * a read error, the connection closes (EOF), or we timeout. @@ -613,7 +608,7 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); return 0; } - } while ((len <= 0) && (++num_blank_lines < max_blank_lines)); + } while ((len <= 0) && (--num_blank_lines >= 0)); if (APLOGrtrace5(r)) { ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, @@ -627,6 +622,13 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) uri = ap_getword_white(r->pool, &ll); + if (!*r->method || !*uri) { + r->status = HTTP_BAD_REQUEST; + r->proto_num = HTTP_VERSION(1,0); + r->protocol = apr_pstrdup(r->pool, "HTTP/1.0"); + return 0; + } + /* Provide quick information about the request method as soon as known */ r->method_number = ap_method_number_of(r->method); @@ -635,6 +637,9 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) } ap_parse_uri(r, uri); + if (r->status != HTTP_OK) { + return 0; + } if (ll[0]) { r->assbackwards = 0; |