æè¿ä½¿ç¨openwrt ç apache ï¼ç§»æ¤å°å ¨å¿H3 å¹³å°ã
ç¼è¯ä¸åæ£å¸¸ï¼å®é è¿è¡æ¶æå¼ç½é¡µæ»æ¯æ¥é 500 Internal Server Errorï¼
æ¥ç /var/log/error_log å¦ä¸ï¼ï¼éè¦å° http.conf ç LogLevel 设为 debug ï¼
[email protected]:/# cat /var/log/error_log
[Tue Jul 23 07:01:50.739491 2019] [core:debug] [pid 2542] protocol.c(917): [client 172.16.0.158:25524] AH02418: HTTP Request Line; Unrecognized protocol âHTTP/0.9â (perhaps whitespace was injected?)
[Tue Jul 23 07:01:50.740507 2019] [http:error] [pid 2542] [client 172.16.0.158:25524] AH02429: Response header name âContent-Lengthâ contains invalid characters, aborting request
[Tue Jul 23 07:01:50.992364 2019] [core:debug] [pid 2542] protocol.c(917): [client 172.16.0.158:25525] AH02418: HTTP Request Line; Unrecognized protocol âHTTP/0.9â (perhaps whitespace was injected?)
[Tue Jul 23 07:01:50.992502 2019] [http:error] [pid 2542] [client 172.16.0.158:25525] AH02429: Response header name âContent-Lengthâ contains invalid characters, aborting request
AH02418: HTTP Request Line; Unrecognized protocol âHTTP/0.9â (perhaps whitespace was injected?)
æç¨çapache çæ¬æ¯ 2.4.37 ã
ä½¿ç¨ gdb è°è¯è·è¸ªä»£ç ï¼
åæ代ç å«ä¹ï¼ææ£å¸¸æµç¨çè¯å°è¿è¡å° 793 è¡ï¼ä¹ååºè¯¥è¿å ¥794è¡ï¼ä½æ¯ä»gdb è°è¯ç»ææ¥çï¼å¹¶æ²¡æï¼é®é¢å°±åºå¨è¿ã
éç¹åæ 793 è¡ç ap_scan_vchar_obstext å½æ°ã
//ä½äº httpd-2.4.37\server\util.c
/* Scan a string for visible ASCII (0x21-0x7E) or obstext (0x80+)
* and return a pointer to the first ctrl/space character encountered.
*/
AP_DECLARE(const char *) ap_scan_vchar_obstext(const char *ptr)
{
for ( ; TEST_CHAR(*ptr, T_VCHAR_OBSTEXT); ++ptr) ;
return ptr;
}
TEST_CHAR æ¯ä¸ªå®å®ä¹
#include "test_char.h"
/* we assume the folks using this ensure 0 <= c < 256... which means
* you need a cast to (unsigned char) first, you can't just plug a
* char in here and get it to work, because if char is signed then it
* will first be sign extended.
*/
#define TEST_CHAR(c, f) (test_char_table[(unsigned char)(c)] & (f))
test_char_table çå®ä¹ä½äº test_char.h ä¸
æ£å¸¸å¨x86 linux ä¸ test_char.h æ¯å¨ç¼è¯è¿ç¨ä¸æ§è¡ gen_test_char > test_char.h èªå¨çæçã
èå¨opwert ä¸ä½¿ç¨äº¤åç¼è¯ ï¼ç¼åºæ¥çgen_test_char æ¯ä¸è½å¨ x86 linux ä¸è¿è¡çï¼æ以openwrt ä¸ä½¿ç¨äº æè¡¥ä¸çæ¹å¼ãå®çè¡¥ä¸ä½äº openwrt\feeds\packages\net\apache\patches\002-test_char_h.patch
Index: httpd-2.4.25/server/test_char.h
===================================================================
--- /dev/null
+++ httpd-2.4.25/server/test_char.h
@@ -0,0 +1,23 @@
+/* this file is automatically generated by gen_test_char, do not edit */
+#define T_ESCAPE_SHELL_CMD (1)
+#define T_ESCAPE_PATH_SEGMENT (2)
+#define T_OS_ESCAPE_PATH (4)
+#define T_HTTP_TOKEN_STOP (8)
+#define T_ESCAPE_LOGITEM (16)
+#define T_ESCAPE_FORENSIC (32)
+
+static const unsigned char test_char_table[256] = {
+ 32,62,62,62,62,62,62,62,62,62,63,62,62,62,62,62,62,62,62,62,
+ 62,62,62,62,62,62,62,62,62,62,62,62,14,0,23,6,1,38,1,1,
+ 9,9,1,0,8,0,0,10,0,0,0,0,0,0,0,0,0,0,40,15,
+ 15,8,15,15,8,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+ 0,0,0,0,0,0,0,0,0,0,0,15,31,15,7,0,7,0,0,0,
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
+ 0,0,0,15,39,15,1,62,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,
+ 54,54,54,54,54,54,54,54,54,54,54,54,54,54,54,54
+};
è¿è·ä½¿ç¨ gen_test_char çæçæ¯å¦ä¸è´å¢ï¼
æ gen_test_char æ·è´å° H3 çæ¿åç /usr/sbinï¼è¿è¡çä¸ä¸ï¼
[email protected]:/# gen_test_char
/* this file is automatically generated by gen_test_char, do not edit */
#define T_ESCAPE_SHELL_CMD (1)
#define T_ESCAPE_PATH_SEGMENT (2)
#define T_OS_ESCAPE_PATH (4)
#define T_HTTP_TOKEN_STOP (8)
#define T_ESCAPE_LOGITEM (16)
#define T_ESCAPE_FORENSIC (32)
#define T_ESCAPE_URLENCODED (64)
#define T_HTTP_CTRLS (128)
#define T_VCHAR_OBSTEXT (256)
static const unsigned short test_char_table[256] = {
0x0a8,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
0x0fe,0x07e,0x0ff,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
0x00e,0x140,0x15f,0x146,0x141,0x166,0x141,0x141,
0x149,0x149,0x101,0x140,0x148,0x100,0x100,0x14a,
0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x168,0x14b,0x14f,0x148,0x14f,0x14f,
0x148,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x14f,0x15f,0x14f,0x147,0x100,
0x147,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
0x100,0x100,0x100,0x14f,0x167,0x14f,0x141,0x0fe,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e
};
ç»ææç¶ä¸ä¸æ ·ï¼ï¼ï¼ï¼é®é¢å°±åºå¨è¿ï¼ï¼ï¼ï¼
æ以éè¦ä¿®æ¹openwrt\feeds\packages\net\apache\patches\002-test_char_h.patch æ件ï¼openwrt å¯ä»¥ä½¿ç¨quilt è¿è¡è¡¥ä¸ä¿®æ¹ï¼è¿éä¸å ·ä½ä»ç»ä¿®æ¹è¡¥ä¸çæ¹æ³ï¼ç´æ¥éä¸ææ¹å¥½ç 002-test_char_h.patch
--- /dev/null
+++ b/server/test_char.h
@@ -0,0 +1,45 @@
+/* this file is automatically generated by gen_test_char, do not edit */
+#define T_ESCAPE_SHELL_CMD (1)
+#define T_ESCAPE_PATH_SEGMENT (2)
+#define T_OS_ESCAPE_PATH (4)
+#define T_HTTP_TOKEN_STOP (8)
+#define T_ESCAPE_LOGITEM (16)
+#define T_ESCAPE_FORENSIC (32)
+#define T_ESCAPE_URLENCODED (64)
+#define T_HTTP_CTRLS (128)
+#define T_VCHAR_OBSTEXT (256)
+
+static const unsigned short test_char_table[256] = {
+ 0x0a8,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
+ 0x0fe,0x07e,0x0ff,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
+ 0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
+ 0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,0x0fe,
+ 0x00e,0x140,0x15f,0x146,0x141,0x166,0x141,0x141,
+ 0x149,0x149,0x101,0x140,0x148,0x100,0x100,0x14a,
+ 0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x168,0x14b,0x14f,0x148,0x14f,0x14f,
+ 0x148,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x14f,0x15f,0x14f,0x147,0x100,
+ 0x147,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x100,0x100,0x100,0x100,0x100,
+ 0x100,0x100,0x100,0x14f,0x167,0x14f,0x141,0x0fe,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,
+ 0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e,0x17e
+};
--- a/server/util.c
+++ b/server/util.c
@@ -96,6 +96,16 @@
#undef APLOG_MODULE_INDEX
#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
+#define T_ESCAPE_SHELL_CMD (0x01)
+#define T_ESCAPE_PATH_SEGMENT (0x02)
+#define T_OS_ESCAPE_PATH (0x04)
+#define T_HTTP_TOKEN_STOP (0x08)
+#define T_ESCAPE_LOGITEM (0x10)
+#define T_ESCAPE_FORENSIC (0x20)
+#define T_ESCAPE_URLENCODED (0x40)
+#define T_HTTP_CTRLS (0x80)
+#define T_VCHAR_OBSTEXT (0x100)
+
/*
* Examine a field value (such as a media-/content-type) string and return
* it sans any parameters; e.g., strip off any ';charset=foo' and the like.
æ¿æ¢è¡¥ä¸æ件åï¼ä»æ°ç¼è¯ï¼æµè¯ç»æï¼
è¶ï¼ç»äºOKäºï¼
æ»ç»ï¼
AH02418: HTTP Request Line; Unrecognized protocol âHTTP/0.9â (perhaps whitespace was injected?)
é®é¢åå ï¼server/test_char.h å 容ä¸å¯¹
解å³åæ³ï¼çææ£ç¡®ç test_char.h æ件ï¼ä»æ°ç¼è¯
çææ£ç¡®ç test_char.h æ件æ¹æ³ï¼æ·è´ç¼è¯ç®å½ httpd-2.x.x/server/gen_test_char å°æ¿åä¸è¿è¡ï¼
å ¶è¾åºç»æå°±æ¯æ£ç¡®ç test_char.h ã