| Summary: | 1.3.31 does no longer discard POST data on denied access | ||
|---|---|---|---|
| Product: | Apache httpd-1.3 | Reporter: | Andreas Leimbacher <aleimbacher> |
| Component: | core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
| Status: | CLOSED FIXED | ||
| Severity: | normal | ||
| Priority: | P3 | ||
| Version: | HEAD | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
Some more info: The second request re-uses the connection of the first denied POST request. I have checked the current snapshot apache-1.3_20040615104126.tar.gz and I've seen that this bug has been already fixed! Sorry for the hassling |
Scenario: - Client sends POST data - Access checker (my custom module) returns 403 For 1.3.29 ap_die() calls ap_discard_request_body(), 1.3.31 does not. This causes the start of POST data to be interpreted as next valid request line! Code details below 1.3.31 main/http_request.c:1057 if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT) && !ap_status_drops_connection(r->status) && r->connection && (r->connection->keepalive > 0 )) { (void) ap_discard_request_body(r); } 1.3.29 main/http_request.c:1110 if ((r->status != HTTP_NOT_MODIFIED) && (r->status != HTTP_NO_CONTENT) && !ap_status_drops_connection(r->status) && r->connection && (r->connection->keepalive != -1)) { (void) ap_discard_request_body(r); } I changed the this code back to 1.2.29 and everything works fine for me