File httpd-2.4.x-fate317766-config-control-two-protocol-options.diff of Package apache2.10087
From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Mon, 30 Dec 2013 20:01:14 +0000
Subject: [PATCH] Add directives to control two protocol options:
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
Conflicts:
CHANGES
include/ap_mmn.h
include/http_core.h
server/core.c
---
CHANGES | 3 +++
include/ap_mmn.h | 4 +++-
include/http_core.h | 9 +++++++++
modules/http/http_filters.c | 10 +++++++++-
server/core.c | 36 ++++++++++++++++++++++++++++++++++++
server/protocol.c | 25 +++++++++++++++++--------
6 files changed, 77 insertions(+), 10 deletions(-)
diff --git a/CHANGES b/CHANGES
index 14ede61..6fd8b9d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
Changes with Apache 2.4.10
+ *) Add HttpContentLengthHeadZero and HttpExpectStrict directives.
+ [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz]
+
*) SECURITY: CVE-2014-0117 (cve.mitre.org)
mod_proxy: Fix crash in Connection header handling which
allowed a denial of service attack against a reverse proxy
diff --git a/include/http_core.h b/include/http_core.h
index 8730d1f..d3b2152 100644
--- a/include/http_core.h
+++ b/include/http_core.h
@@ -668,6 +668,15 @@ typedef struct {
#define AP_TRACE_EXTENDED 2
int trace_enable;
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
+ int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
+ int http_expect_strict;
} core_server_config;
/* for AddOutputFiltersByType in core.c */
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 2a0a979..e564fb4 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1177,6 +1177,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
header_filter_ctx *ctx = f->ctx;
const char *ctype;
ap_bucket_error *eb = NULL;
+ core_server_config *conf;
AP_DEBUG_ASSERT(!r->main);
@@ -1317,10 +1318,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
* zero C-L to the client. We can't just remove the C-L filter,
* because well behaved 2.0 handlers will send their data down the stack,
* and we will compute a real C-L for the head request. RBB
+ *
+ * Allow modification of this behavior through the
+ * HttpContentLengthHeadZero directive.
+ *
+ * The default (unset) behavior is to squelch the C-L in this case.
*/
+ conf = ap_get_core_module_config(r->server->module_config);
if (r->header_only
&& (clheader = apr_table_get(r->headers_out, "Content-Length"))
- && !strcmp(clheader, "0")) {
+ && !strcmp(clheader, "0")
+ && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
apr_table_unset(r->headers_out, "Content-Length");
}
diff --git a/server/core.c b/server/core.c
index dd1a375..c63c5fd 100644
--- a/server/core.c
+++ b/server/core.c
@@ -503,6 +503,12 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv)
if (virt->trace_enable != AP_TRACE_UNSET)
conf->trace_enable = virt->trace_enable;
+ if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+ conf->http_cl_head_zero = virt->http_cl_head_zero;
+
+ if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
+ conf->http_expect_strict = virt->http_expect_strict;
+
/* no action for virt->accf_map, not allowed per-vhost */
if (virt->protocol)
@@ -3630,6 +3636,32 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy,
return NULL;
}
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
+ } else {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
+ }
+ return NULL;
+}
+
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
+ } else {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
+ }
+ return NULL;
+}
+
static apr_hash_t *errorlog_hash;
static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4129,6 +4161,10 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF,
#endif
AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF,
"'on' (default), 'off' or 'extended' to trace request body content"),
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
+ "whether to permit Content-Length of 0 responses to HEAD requests"),
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
+ "whether to return a 417 if a client doesn't send 100-Continue"),
{ NULL }
};
diff --git a/server/protocol.c b/server/protocol.c
index bf915a0..5b35e0c 100644
--- a/server/protocol.c
+++ b/server/protocol.c
@@ -1126,14 +1126,23 @@ request_rec *ap_read_request(conn_rec *conn)
r->expecting_100 = 1;
}
else {
- r->status = HTTP_EXPECTATION_FAILED;
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
- "client sent an unrecognized expectation value of "
- "Expect: %s", expect);
- ap_send_error_response(r, 0);
- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
- ap_run_log_transaction(r);
- goto traceout;
+ core_server_config *conf;
+
+ conf = ap_get_core_module_config(r->server->module_config);
+ if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) {
+ r->status = HTTP_EXPECTATION_FAILED;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
+ "client sent an unrecognized expectation value "
+ "of Expect: %s", expect);
+ ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+ ap_run_log_transaction(r);
+ goto traceout;
+ } else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570)
+ "client sent an unrecognized expectation value "
+ "of Expect (not fatal): %s", expect);
+ }
}
}
--
1.8.4.5
