[apache2] 01/03: mod_proxy_fcgi: Don't send response body with a 304
Stefan Fritsch
sf at moszumanska.debian.org
Sat Jun 25 14:11:00 UTC 2016
This is an automated email from the git hooks/post-receive script.
sf pushed a commit to branch jessie
in repository apache2.
commit c27cbd76c185a7cdaee0bf21f39ad037ae1327a1
Author: Stefan Fritsch <sf at sfritsch.de>
Date: Sat Jun 25 15:34:24 2016 +0200
mod_proxy_fcgi: Don't send response body with a 304
---
debian/changelog | 1 +
debian/patches/mod_proxy_fcgi_304_body.patch | 51 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 53 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index c873d77..1031021 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,7 @@ apache2 (2.4.10-10+deb8u5) UNRELEASED; urgency=medium
broken robots doing a DoS on the site. Closes: #821313
* mod_socache_memcache: Increase idle timeout to 15s to allow keep-alive
connections. Closes: #803035
+ * mod_proxy_fcgi: Fix wrong behavior with 304 responses. Closes: #827472
-- Stefan Fritsch <sf at debian.org> Sat, 28 May 2016 11:23:21 +0200
diff --git a/debian/patches/mod_proxy_fcgi_304_body.patch b/debian/patches/mod_proxy_fcgi_304_body.patch
new file mode 100644
index 0000000..07a01c2
--- /dev/null
+++ b/debian/patches/mod_proxy_fcgi_304_body.patch
@@ -0,0 +1,51 @@
+# https://svn.apache.org/r1650677
+# https://bz.apache.org/bugzilla/show_bug.cgi?id=57198
+--- apache2.orig/modules/proxy/mod_proxy_fcgi.c
++++ apache2/modules/proxy/mod_proxy_fcgi.c
+@@ -367,7 +367,7 @@ static apr_status_t dispatch(proxy_conn_
+ const char **err)
+ {
+ apr_bucket_brigade *ib, *ob;
+- int seen_end_of_headers = 0, done = 0;
++ int seen_end_of_headers = 0, done = 0, ignore_body = 0;
+ apr_status_t rv = APR_SUCCESS;
+ int script_error_status = HTTP_OK;
+ conn_rec *c = r->connection;
+@@ -577,9 +577,16 @@ recv_again:
+ APR_BRIGADE_INSERT_TAIL(ob, tmp_b);
+ r->status = status;
+ ap_pass_brigade(r->output_filters, ob);
+- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
+- "Error parsing script headers");
+- rv = APR_EINVAL;
++ if (status == HTTP_NOT_MODIFIED) {
++ /* The 304 response MUST NOT contain
++ * a message-body, ignore it. */
++ ignore_body = 1;
++ }
++ else {
++ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(01070)
++ "Error parsing script headers");
++ rv = APR_EINVAL;
++ }
+ break;
+ }
+
+@@ -598,7 +605,7 @@ recv_again:
+ }
+
+ if (script_error_status == HTTP_OK
+- && !APR_BRIGADE_EMPTY(ob)) {
++ && !APR_BRIGADE_EMPTY(ob) && !ignore_body) {
+ /* Send the part of the body that we read while
+ * reading the headers.
+ */
+@@ -626,7 +633,7 @@ recv_again:
+ * but that could be a huge amount of data; so we pass
+ * along smaller chunks
+ */
+- if (script_error_status == HTTP_OK) {
++ if (script_error_status == HTTP_OK && !ignore_body) {
+ rv = ap_pass_brigade(r->output_filters, ob);
+ if (rv != APR_SUCCESS) {
+ *err = "passing brigade to output filters";
diff --git a/debian/patches/series b/debian/patches/series
index f6f937a..91a75a4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ mpm_event_graceful_restart_deadlock.diff
mpm_event_crash.diff
split_logfile-strict.patch
mod_socache_memcache_idle_timeout.patch
+mod_proxy_fcgi_304_body.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git
More information about the Pkg-apache-commits
mailing list