File httpd-2.4.x-fate317766-config-control-two-protocol-options.diff of Package Apache2

From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Mon, 30 Dec 2013 20:01:14 +0000
Subject: [PATCH] Add directives to control two protocol options:

 HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
 HttpExpectStrict - allow admin to control whether we must see "100-continue"

This is helpful when using Ceph's radosgw and httpd.

Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise

* include/http_core.h
  (core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
  (ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
  explictly set.
* server/core.c
  (merge_core_server_configs): Add new fields.
  (set_cl_head_zero, set_expect_strict): New config helpers.
  (HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
  (ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
  (MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68

Conflicts:
	CHANGES
	include/ap_mmn.h
	include/http_core.h
	server/core.c
---
 CHANGES                     |  3 +++
 include/ap_mmn.h            |  4 +++-
 include/http_core.h         |  9 +++++++++
 modules/http/http_filters.c | 10 +++++++++-
 server/core.c               | 36 ++++++++++++++++++++++++++++++++++++
 server/protocol.c           | 25 +++++++++++++++++--------
 6 files changed, 77 insertions(+), 10 deletions(-)

diff --git a/CHANGES b/CHANGES
index 14ede61..6fd8b9d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 
 Changes with Apache 2.4.10
 
+  *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
+     [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
+
   *) SECURITY: CVE-2014-0117 (cve.mitre.org)
      mod_proxy: Fix crash in Connection header handling which 
      allowed a denial of service attack against a reverse proxy
diff --git a/include/ap_mmn.h b/include/ap_mmn.h
index a36a999..0eeb123 100644
--- a/include/ap_mmn.h
+++ b/include/ap_mmn.h
@@ -432,6 +432,8 @@
  * 20120211.35 (2.4.10-dev) Add "r", "must_rebind", and last_backend_conn  
                             to util_ldap_connection_t
  * 20120211.36 (2.4.10-dev) Add ap_copy_scoreboard_worker()
+ * 20120211.37 (2.5.0-dev)  cl_head_zero & expect_strict added to server_config,
+                            size changes
  */
 
 #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */
@@ -439,7 +441,7 @@
 #ifndef MODULE_MAGIC_NUMBER_MAJOR
 #define MODULE_MAGIC_NUMBER_MAJOR 20120211
 #endif
-#define MODULE_MAGIC_NUMBER_MINOR 36                   /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 37                  /* 0...n */
 
 /**
  * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
diff --git a/include/http_core.h b/include/http_core.h
index 8730d1f..d3b2152 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -668,6 +668,15 @@ typedef struct {
 #define AP_TRACE_EXTENDED  2
     int trace_enable;
 
+#define AP_HTTP_CL_HEAD_ZERO_UNSET    0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE   1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE  2
+    int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET    0
+#define AP_HTTP_EXPECT_STRICT_ENABLE   1
+#define AP_HTTP_EXPECT_STRICT_DISABLE  2
+    int http_expect_strict;
 } core_server_config;
 
 /* for AddOutputFiltersByType in core.c */
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 2a0a979..e564fb4 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1177,6 +1177,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
     header_filter_ctx *ctx = f->ctx;
     const char *ctype;
     ap_bucket_error *eb = NULL;
+    core_server_config *conf;
 
     AP_DEBUG_ASSERT(!r->main);
 
@@ -1317,10 +1318,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
      * zero C-L to the client.  We can't just remove the C-L filter,
      * because well behaved 2.0 handlers will send their data down the stack,
      * and we will compute a real C-L for the head request. RBB
+     *
+     * Allow modification of this behavior through the
+     * HttpContentLengthHeadZero directive.
+     *
+     * The default (unset) behavior is to squelch the C-L in this case.
      */
+    conf = ap_get_core_module_config(r->server->module_config);
     if (r->header_only
         && (clheader = apr_table_get(r->headers_out, "Content-Length"))
-        && !strcmp(clheader, "0")) {
+        && !strcmp(clheader, "0")
+        && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
         apr_table_unset(r->headers_out, "Content-Length");
     }
 
diff --git a/server/core.c b/server/core.c
index dd1a375..c63c5fd 100644
--- a/server/core.c
+++ b/server/core.c
@@ -503,6 +503,12 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
     if (virt->trace_enable != AP_TRACE_UNSET)
         conf->trace_enable = virt->trace_enable;
 
+    if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+        conf->http_cl_head_zero = virt->http_cl_head_zero;
+
+    if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
+        conf->http_expect_strict = virt->http_expect_strict;
+
     /* no action for virt->accf_map, not allowed per-vhost */
 
     if (virt->protocol)
@@ -3630,6 +3636,32 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (arg) {
+        conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
+    } else {
+        conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
+    }
+    return NULL;
+}
+
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
+{
+    core_server_config *conf =
+        ap_get_core_module_config(cmd->server->module_config);
+
+    if (arg) {
+        conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
+    } else {
+        conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
+    }
+    return NULL;
+}
+
 static apr_hash_t *errorlog_hash;
 
 static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4129,6 +4161,10 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
 #endif
 AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
               "'on' (default), 'off' or 'extended' to trace request body content"),
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
+  "whether to permit Content-Length of 0 responses to HEAD requests"),
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
+  "whether to return a 417 if a client doesn't send 100-Continue"),
 { NULL }
 };
 
diff --git a/server/protocol.c b/server/protocol.c
index bf915a0..5b35e0c 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1126,14 +1126,23 @@ request_rec *ap_read_request(conn_rec *conn)
             r->expecting_100 = 1;
         }
         else {
-            r->status = HTTP_EXPECTATION_FAILED;
-            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
-                          "client sent an unrecognized expectation value of "
-                          "Expect: %s", expect);
-            ap_send_error_response(r, 0);
-            ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
-            ap_run_log_transaction(r);
-            goto traceout;
+            core_server_config *conf;
+
+            conf = ap_get_core_module_config(r->server->module_config);
+            if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) {
+                r->status = HTTP_EXPECTATION_FAILED;
+                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
+                              "client sent an unrecognized expectation value "
+                              "of Expect: %s", expect);
+                ap_send_error_response(r, 0);
+                ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+                ap_run_log_transaction(r);
+                goto traceout;
+            } else {
+                ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570)
+                              "client sent an unrecognized expectation value "
+                              "of Expect (not fatal): %s", expect);
+            }
         }
     }
 
-- 
1.8.4.5