/* Licensed to the Apache Software Foundation (ASF) under one or more

 * contributor license agreements.  See the NOTICE file distributed with

 * this work for additional information regarding copyright ownership.

 * The ASF licenses this file to You under the Apache License, Version 2.0

 * (the "License"); you may not use this file except in compliance with

 * the License.  You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

/*

 * http_filter.c --- HTTP routines which either filters or deal with filters.

 */

#include "apr.h"

#include "apr_strings.h"

#include "apr_buckets.h"

#include "apr_lib.h"

#include "apr_signal.h"

#define APR_WANT_STDIO          /* for sscanf */

#define APR_WANT_STRFUNC

#define APR_WANT_MEMFUNC

#include "apr_want.h"

#include "util_filter.h"

#include "ap_config.h"

#include "httpd.h"

#include "http_config.h"

#include "http_core.h"

#include "http_protocol.h"

#include "http_main.h"

#include "http_request.h"

#include "http_vhost.h"

#include "http_connection.h"

#include "http_log.h"           /* For errors detected in basic auth common

                                 * support code... */

#include "apr_date.h"           /* For apr_date_parse_http and APR_DATE_BAD */

#include "util_charset.h"

#include "util_ebcdic.h"

#include "util_time.h"

#include "mod_core.h"

#if APR_HAVE_STDARG_H

#include <stdarg.h>

#endif

#if APR_HAVE_UNISTD_H

#include <unistd.h>

#endif

APLOG_USE_MODULE(http);

typedef struct http_filter_ctx

{

    apr_off_t remaining;

    apr_off_t limit;

    apr_off_t limit_used;

    apr_int32_t chunk_used;

    apr_int32_t chunk_bws;

    apr_int32_t chunkbits;

    enum

    {

        BODY_NONE, /* streamed data */

        BODY_LENGTH, /* data constrained by content length */

        BODY_CHUNK, /* chunk expected */

        BODY_CHUNK_PART, /* chunk digits */

        BODY_CHUNK_EXT, /* chunk extension */

        BODY_CHUNK_CR, /* got space(s) after digits, expect [CR]LF or ext */

        BODY_CHUNK_LF, /* got CR after digits or ext, expect LF */

        BODY_CHUNK_DATA, /* data constrained by chunked encoding */

        BODY_CHUNK_END, /* chunked data terminating CRLF */

        BODY_CHUNK_END_LF, /* got CR after data, expect LF */

        BODY_CHUNK_TRAILER /* trailers */

    } state;

    unsigned int eos_sent :1;

    apr_bucket_brigade *bb;

} http_ctx_t;

/* bail out if some error in the HTTP input filter happens */

static apr_status_t bail_out_on_error(http_ctx_t *ctx,

                                      ap_filter_t *f,

                                      int http_error)

{

    apr_bucket *e;

    apr_bucket_brigade *bb = ctx->bb;

    apr_brigade_cleanup(bb);

    if (f->r->proxyreq == PROXYREQ_RESPONSE) {

        switch (http_error) {

        case HTTP_REQUEST_ENTITY_TOO_LARGE:

            return APR_ENOSPC;

        case HTTP_REQUEST_TIME_OUT:

            return APR_INCOMPLETE;

        case HTTP_NOT_IMPLEMENTED:

            return APR_ENOTIMPL;

        default:

            return APR_EGENERAL;

        }

    }

    e = ap_bucket_error_create(http_error,

                               NULL, f->r->pool,

                               f->c->bucket_alloc);

    APR_BRIGADE_INSERT_TAIL(bb, e);

    e = apr_bucket_eos_create(f->c->bucket_alloc);

    APR_BRIGADE_INSERT_TAIL(bb, e);

    ctx->eos_sent = 1;

    /* If chunked encoding / content-length are corrupt, we may treat parts

     * of this request's body as the next one's headers.

     * To be safe, disable keep-alive.

     */

    f->r->connection->keepalive = AP_CONN_CLOSE;

    return ap_pass_brigade(f->r->output_filters, bb);

}

/**

 * Parse a chunk line with optional extension, detect overflow.

 * There are several error cases:

 *  1) If the chunk link is misformatted, APR_EINVAL is returned.

 *  2) If the conversion would require too many bits, APR_EGENERAL is returned.

 *  3) If the conversion used the correct number of bits, but an overflow

 *     caused only the sign bit to flip, then APR_ENOSPC is returned.

 * A negative chunk length always indicates an overflow error.

 */

static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,

                                     apr_size_t len, int linelimit, int strict)

{

    apr_size_t i = 0;

    while (i < len) {

        char c = buffer[i];

        ap_xlate_proto_from_ascii(&c, 1);

        /* handle CRLF after the chunk */

        if (ctx->state == BODY_CHUNK_END

                || ctx->state == BODY_CHUNK_END_LF) {

            if (c == LF) {

                if (strict && (ctx->state != BODY_CHUNK_END_LF)) {

                    /*

                     * CR missing before LF.

                     */

                    return APR_EINVAL;

                }

                ctx->state = BODY_CHUNK;

            }

            else if (c == CR && ctx->state == BODY_CHUNK_END) {

                ctx->state = BODY_CHUNK_END_LF;

            }

            else {

                /*

                 * CRLF expected.

                 */

                return APR_EINVAL;

            }

            i++;

            continue;

        }

        /* handle start of the chunk */

        if (ctx->state == BODY_CHUNK) {

            if (!apr_isxdigit(c)) {

                /*

                 * Detect invalid character at beginning. This also works for

                 * empty chunk size lines.

                 */

                return APR_EINVAL;

            }

            else {

                ctx->state = BODY_CHUNK_PART;

            }

            ctx->remaining = 0;

            ctx->chunkbits = sizeof(apr_off_t) * 8;

            ctx->chunk_used = 0;

            ctx->chunk_bws = 0;

        }

        if (c == LF) {

            if (strict && (ctx->state != BODY_CHUNK_LF)) {

                /*

                 * CR missing before LF.

                 */

                return APR_EINVAL;

            }

            if (ctx->remaining) {

                ctx->state = BODY_CHUNK_DATA;

            }

            else {

                ctx->state = BODY_CHUNK_TRAILER;

            }

        }

        else if (ctx->state == BODY_CHUNK_LF) {

            /*

             * LF expected.

             */

            return APR_EINVAL;

        }

        else if (c == CR) {

            ctx->state = BODY_CHUNK_LF;

        }

        else if (c == ';') {

            ctx->state = BODY_CHUNK_EXT;

        }

        else if (ctx->state == BODY_CHUNK_EXT) {

            /*

             * Control chars (excluding tabs) are invalid.

             * TODO: more precisely limit input

             */

            if (c != '\t' && apr_iscntrl(c)) {

                return APR_EINVAL;

            }

        }

        else if (c == ' ' || c == '\t') {

            /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616,

             * and noted as errata to RFC7230;

             * https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667

             */

            ctx->state = BODY_CHUNK_CR;

            if (++ctx->chunk_bws > 10) {

                return APR_EINVAL;

            }

        }

        else if (ctx->state == BODY_CHUNK_CR) {

            /*

             * ';', CR or LF expected.

             */

            return APR_EINVAL;

        }

        else if (ctx->state == BODY_CHUNK_PART) {

            int xvalue;

            /* ignore leading zeros */

            if (!ctx->remaining && c == '0') {

                i++;

                continue;

            }

            ctx->chunkbits -= 4;

            if (ctx->chunkbits < 0) {

                /* overflow */

                return APR_ENOSPC;

            }

            if (c >= '0' && c <= '9') {

                xvalue = c - '0';

            }

            else if (c >= 'A' && c <= 'F') {

                xvalue = c - 'A' + 0xa;

            }

            else if (c >= 'a' && c <= 'f') {

                xvalue = c - 'a' + 0xa;

            }

            else {

                /* bogus character */

                return APR_EINVAL;

            }

            ctx->remaining = (ctx->remaining << 4) | xvalue;

            if (ctx->remaining < 0) {

                /* overflow */

                return APR_ENOSPC;

            }

        }

        else {

            /* Should not happen */

            return APR_EGENERAL;

        }

        i++;

    }

    /* sanity check */

    ctx->chunk_used += len;

    if (ctx->chunk_used < 0 || ctx->chunk_used > linelimit) {

        return APR_ENOSPC;

    }

    return APR_SUCCESS;

}

static apr_status_t read_chunked_trailers(http_ctx_t *ctx, ap_filter_t *f,

                                          apr_bucket_brigade *b, int merge)

{

    int rv;

    apr_bucket *e;

    request_rec *r = f->r;

    apr_table_t *saved_headers_in = r->headers_in;

    int saved_status = r->status;

    r->status = HTTP_OK;

    r->headers_in = r->trailers_in;

    apr_table_clear(r->headers_in);

    ap_get_mime_headers(r);

    if(r->status == HTTP_OK) {

        r->status = saved_status;

        e = apr_bucket_eos_create(f->c->bucket_alloc);

        APR_BRIGADE_INSERT_TAIL(b, e);

        ctx->eos_sent = 1;

        rv = APR_SUCCESS;

    }

    else {

        const char *error_notes = apr_table_get(r->notes,

                                                "error-notes");

        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(02656)

                      "Error while reading HTTP trailer: %i%s%s",

                      r->status, error_notes ? ": " : "",

                      error_notes ? error_notes : "");

        rv = APR_EINVAL;

    }

    if(!merge) {

        r->headers_in = saved_headers_in;

    }

    else {

        r->headers_in = apr_table_overlay(r->pool, saved_headers_in,

                r->trailers_in);

    }

    return rv;

}

/* This is the HTTP_INPUT filter for HTTP requests and responses from

 * proxied servers (mod_proxy).  It handles chunked and content-length

 * bodies.  This can only be inserted/used after the headers

 * are successfully parsed.

 */

apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,

                            ap_input_mode_t mode, apr_read_type_e block,

                            apr_off_t readbytes)

{

    core_server_config *conf =

        (core_server_config *) ap_get_module_config(f->r->server->module_config,

                                                    &core_module);

    int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);

    apr_bucket *e;

    http_ctx_t *ctx = f->ctx;

    apr_status_t rv;

    int http_error = HTTP_REQUEST_ENTITY_TOO_LARGE;

    apr_bucket_brigade *bb;

    int again;

    /* just get out of the way of things we don't want. */

    if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) {

        return ap_get_brigade(f->next, b, mode, block, readbytes);

    }

    if (!ctx) {

        const char *tenc, *lenp;

        f->ctx = ctx = apr_pcalloc(f->r->pool, sizeof(*ctx));

        ctx->state = BODY_NONE;

        ctx->bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);

        bb = ctx->bb;

        /* LimitRequestBody does not apply to proxied responses.

         * Consider implementing this check in its own filter.

         * Would adding a directive to limit the size of proxied

         * responses be useful?

         */

        if (!f->r->proxyreq) {

            ctx->limit = ap_get_limit_req_body(f->r);

        }

        else {

            ctx->limit = 0;

        }

        tenc = apr_table_get(f->r->headers_in, "Transfer-Encoding");

        lenp = apr_table_get(f->r->headers_in, "Content-Length");

        if (tenc) {

            if (strcasecmp(tenc, "chunked") == 0 /* fast path */

                    || ap_find_last_token(f->r->pool, tenc, "chunked")) {

                ctx->state = BODY_CHUNK;

            }

            else if (f->r->proxyreq == PROXYREQ_RESPONSE) {

                /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23

                 * Section 3.3.3.3: "If a Transfer-Encoding header field is

                 * present in a response and the chunked transfer coding is not

                 * the final encoding, the message body length is determined by

                 * reading the connection until it is closed by the server."

                 */

                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(02555)

                              "Unknown Transfer-Encoding: %s; "

                              "using read-until-close", tenc);

                tenc = NULL;

            }

            else {

                /* Something that isn't a HTTP request, unless some future

                 * edition defines new transfer encodings, is unsupported.

                 */

                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01585)

                              "Unknown Transfer-Encoding: %s", tenc);

                return bail_out_on_error(ctx, f, HTTP_BAD_REQUEST);

            }

            lenp = NULL;

        }

        if (lenp) {

            char *endstr;

            ctx->state = BODY_LENGTH;

            /* Protects against over/underflow, non-digit chars in the

             * string (excluding leading space) (the endstr checks)

             * and a negative number. */

            if (apr_strtoff(&ctx->remaining, lenp, &endstr, 10)

                || endstr == lenp || *endstr || ctx->remaining < 0) {

                ctx->remaining = 0;

                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01587)

                              "Invalid Content-Length");

                return bail_out_on_error(ctx, f, HTTP_BAD_REQUEST);

            }

            /* If we have a limit in effect and we know the C-L ahead of

             * time, stop it here if it is invalid.

             */

            if (ctx->limit && ctx->limit < ctx->remaining) {

                ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01588)

                          "Requested content-length of %" APR_OFF_T_FMT

                          " is larger than the configured limit"

                          " of %" APR_OFF_T_FMT, ctx->remaining, ctx->limit);

                return bail_out_on_error(ctx, f, HTTP_REQUEST_ENTITY_TOO_LARGE);

            }

        }

        /* If we don't have a request entity indicated by the headers, EOS.

         * (BODY_NONE is a valid intermediate state due to trailers,

         *  but it isn't a valid starting state.)

         *

         * RFC 2616 Section 4.4 note 5 states that connection-close

         * is invalid for a request entity - request bodies must be

         * denoted by C-L or T-E: chunked.

         *

         * Note that since the proxy uses this filter to handle the

         * proxied *response*, proxy responses MUST be exempt.

         */

        if (ctx->state == BODY_NONE && f->r->proxyreq != PROXYREQ_RESPONSE) {

            e = apr_bucket_eos_create(f->c->bucket_alloc);

            APR_BRIGADE_INSERT_TAIL(b, e);

            ctx->eos_sent = 1;

            return APR_SUCCESS;

        }

        /* Since we're about to read data, send 100-Continue if needed.

         * Only valid on chunked and C-L bodies where the C-L is > 0. */

        if ((ctx->state == BODY_CHUNK ||

            (ctx->state == BODY_LENGTH && ctx->remaining > 0)) &&

            f->r->expecting_100 && f->r->proto_num >= HTTP_VERSION(1,1) &&

            !(f->r->eos_sent || f->r->bytes_sent)) {

            if (!ap_is_HTTP_SUCCESS(f->r->status)) {

                ctx->state = BODY_NONE;

                ctx->eos_sent = 1;

            }

            else {

                char *tmp;

                int len;

                /* if we send an interim response, we're no longer

                 * in a state of expecting one.

                 */

                f->r->expecting_100 = 0;

                tmp = apr_pstrcat(f->r->pool, AP_SERVER_PROTOCOL " ",

                                  ap_get_status_line(HTTP_CONTINUE), CRLF CRLF,

                                  NULL);

                len = strlen(tmp);

                ap_xlate_proto_to_ascii(tmp, len);

                apr_brigade_cleanup(bb);

                e = apr_bucket_pool_create(tmp, len, f->r->pool,

                                           f->c->bucket_alloc);

                APR_BRIGADE_INSERT_HEAD(bb, e);

                e = apr_bucket_flush_create(f->c->bucket_alloc);

                APR_BRIGADE_INSERT_TAIL(bb, e);

                rv = ap_pass_brigade(f->c->output_filters, bb);

                if (rv != APR_SUCCESS) {

                    return AP_FILTER_ERROR;

                }

            }

        }

    }

    /* sanity check in case we're read twice */

    if (ctx->eos_sent) {

        e = apr_bucket_eos_create(f->c->bucket_alloc);

        APR_BRIGADE_INSERT_TAIL(b, e);

        return APR_SUCCESS;

    }

    do {

        apr_brigade_cleanup(b);

        again = 0; /* until further notice */

        /* read and handle the brigade */

        switch (ctx->state) {

        case BODY_CHUNK:

        case BODY_CHUNK_PART:

        case BODY_CHUNK_EXT:

        case BODY_CHUNK_CR:

        case BODY_CHUNK_LF:

        case BODY_CHUNK_END:

        case BODY_CHUNK_END_LF: {

            rv = ap_get_brigade(f->next, b, AP_MODE_GETLINE, block, 0);

            /* for timeout */

            if (block == APR_NONBLOCK_READ

                    && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))

                            || (APR_STATUS_IS_EAGAIN(rv)))) {

                return APR_EAGAIN;

            }

            if (rv == APR_EOF) {

                return APR_INCOMPLETE;

            }

            if (rv != APR_SUCCESS) {

                return rv;

            }

            e = APR_BRIGADE_FIRST(b);

            while (e != APR_BRIGADE_SENTINEL(b)) {

                const char *buffer;

                apr_size_t len;

                if (!APR_BUCKET_IS_METADATA(e)) {

                    int parsing = 0;

                    rv = apr_bucket_read(e, &buffer, &len, APR_BLOCK_READ);

                    if (rv == APR_SUCCESS) {

                        parsing = 1;

                        rv = parse_chunk_size(ctx, buffer, len,

                                f->r->server->limit_req_fieldsize, strict);

                    }

                    if (rv != APR_SUCCESS) {

                        ap_log_rerror(APLOG_MARK, APLOG_INFO, rv, f->r, APLOGNO(01590)

                                      "Error reading/parsing chunk %s ",

                                      (APR_ENOSPC == rv) ? "(overflow)" : "");

                        if (parsing) {

                            if (rv != APR_ENOSPC) {

                                http_error = HTTP_BAD_REQUEST;

                            }

                            return bail_out_on_error(ctx, f, http_error);

                        }

                        return rv;

                    }

                }

                apr_bucket_delete(e);

                e = APR_BRIGADE_FIRST(b);

            }

            again = 1; /* come around again */

            if (ctx->state == BODY_CHUNK_TRAILER) {

                /* Treat UNSET as DISABLE - trailers aren't merged by default */

                return read_chunked_trailers(ctx, f, b,

                            conf->merge_trailers == AP_MERGE_TRAILERS_ENABLE);

            }

            break;

        }

        case BODY_NONE:

        case BODY_LENGTH:

        case BODY_CHUNK_DATA: {

            /* Ensure that the caller can not go over our boundary point. */

            if (ctx->state != BODY_NONE && ctx->remaining < readbytes) {

                readbytes = ctx->remaining;

            }

            if (readbytes > 0) {

                apr_off_t totalread;

                rv = ap_get_brigade(f->next, b, mode, block, readbytes);

                /* for timeout */

                if (block == APR_NONBLOCK_READ

                        && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))

                                || (APR_STATUS_IS_EAGAIN(rv)))) {

                    return APR_EAGAIN;

                }

                if (rv == APR_EOF && ctx->state != BODY_NONE

                        && ctx->remaining > 0) {

                    return APR_INCOMPLETE;

                }

                if (rv != APR_SUCCESS) {

                    return rv;

                }

                /* How many bytes did we just read? */

                apr_brigade_length(b, 0, &totalread);

                /* If this happens, we have a bucket of unknown length.  Die because

                 * it means our assumptions have changed. */

                AP_DEBUG_ASSERT(totalread >= 0);

                if (ctx->state != BODY_NONE) {

                    ctx->remaining -= totalread;

                    if (ctx->remaining > 0) {

                        e = APR_BRIGADE_LAST(b);

                        if (APR_BUCKET_IS_EOS(e)) {

                            apr_bucket_delete(e);

                            return APR_INCOMPLETE;

                        }

                    }

                    else if (ctx->state == BODY_CHUNK_DATA) {

                        /* next chunk please */

                        ctx->state = BODY_CHUNK_END;

                        ctx->chunk_used = 0;

                    }

                }

                /* We have a limit in effect. */

                if (ctx->limit) {

                    /* FIXME: Note that we might get slightly confused on

                     * chunked inputs as we'd need to compensate for the chunk

                     * lengths which may not really count.  This seems to be up

                     * for interpretation.

                     */

                    ctx->limit_used += totalread;

                    if (ctx->limit < ctx->limit_used) {

                        ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r,

                                      APLOGNO(01591) "Read content length of "

                                      "%" APR_OFF_T_FMT " is larger than the "

                                      "configured limit of %" APR_OFF_T_FMT,

                                      ctx->limit_used, ctx->limit);

                        return bail_out_on_error(ctx, f,

                                                 HTTP_REQUEST_ENTITY_TOO_LARGE);

                    }

                }

            }

            /* If we have no more bytes remaining on a C-L request,

             * save the caller a round trip to discover EOS.

             */

            if (ctx->state == BODY_LENGTH && ctx->remaining == 0) {

                e = apr_bucket_eos_create(f->c->bucket_alloc);

                APR_BRIGADE_INSERT_TAIL(b, e);

                ctx->eos_sent = 1;

            }

            break;

        }

        case BODY_CHUNK_TRAILER: {

            rv = ap_get_brigade(f->next, b, mode, block, readbytes);

            /* for timeout */

            if (block == APR_NONBLOCK_READ

                    && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))

                            || (APR_STATUS_IS_EAGAIN(rv)))) {

                return APR_EAGAIN;

            }

            if (rv != APR_SUCCESS) {

                return rv;

            }

            break;

        }

        default: {

            /* Should not happen */

            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(02901)

                          "Unexpected body state (%i)", (int)ctx->state);

            return APR_EGENERAL;

        }

        }

    } while (again);

    return APR_SUCCESS;

}

struct check_header_ctx {

    request_rec *r;

    int strict;

};

/* check a single header, to be used with apr_table_do() */

static int check_header(struct check_header_ctx *ctx,

                        const char *name, const char **val)

{

    const char *pos, *end;

    char *dst = NULL;

    if (name[0] == '\0') {

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428)

                      "Empty response header name, aborting request");

        return 0;

    }

    if (ctx->strict) { 

        end = ap_scan_http_token(name);

    }

    else {

        end = ap_scan_vchar_obstext(name);

    }

    if (*end) {

        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02429)

                      "Response header name '%s' contains invalid "

                      "characters, aborting request",

                      name);

        return 0;

    }

    for (pos = *val; *pos; pos = end) {

        end = ap_scan_http_field_content(pos);

        if (*end) {

            if (end[0] != CR || end[1] != LF || (end[2] != ' ' &&

                                                 end[2] != '\t')) {

                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02430)

                              "Response header '%s' value of '%s' contains "

                              "invalid characters, aborting request",

                              name, pos);

                return 0;

            }

            if (!dst) {

                *val = dst = apr_palloc(ctx->r->pool, strlen(*val) + 1);

            }

        }

        if (dst) {

            memcpy(dst, pos, end - pos);

            dst += end - pos;

            if (*end) {

                /* skip folding and replace with a single space */

                end += 3 + strspn(end + 3, "\t ");

                *dst++ = ' ';

            }

        }

    }

    if (dst) {

        *dst = '\0';

    }

    return 1;

}

static int check_headers_table(apr_table_t *t, struct check_header_ctx *ctx)

{

    const apr_array_header_t *headers = apr_table_elts(t);

    apr_table_entry_t *header;

    int i;

    for (i = 0; i < headers->nelts; ++i) {

        header = &APR_ARRAY_IDX(headers, i, apr_table_entry_t);

        if (!header->key) {

            continue;

        }

        if (!check_header(ctx, header->key, (const char **)&header->val)) {

            return 0;

        }

    }

    return 1;

}

/**

 * Check headers for HTTP conformance

 * @return 1 if ok, 0 if bad

 */

static APR_INLINE int check_headers(request_rec *r)

{

    struct check_header_ctx ctx;

    core_server_config *conf =

            ap_get_core_module_config(r->server->module_config);

    ctx.r = r;

    ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE);

    return check_headers_table(r->headers_out, &ctx) &&

           check_headers_table(r->err_headers_out, &ctx;;

}

static int check_headers_recursion(request_rec *r)

{

    void *check = NULL;

    apr_pool_userdata_get(&check, "check_headers_recursion", r->pool);

    if (check) {

        return 1;

    }

    apr_pool_userdata_setn("true", "check_headers_recursion", NULL, r->pool);

    return 0;

}

typedef struct header_struct {

    apr_pool_t *pool;

    apr_bucket_brigade *bb;

} header_struct;

/* Send a single HTTP header field to the client.  Note that this function

 * is used in calls to apr_table_do(), so don't change its interface.

 * It returns true unless there was a write error of some kind.

 */

static int form_header_field(header_struct *h,

                             const char *fieldname, const char *fieldval)

{

#if APR_CHARSET_EBCDIC

    char *headfield;

    apr_size_t len;

    headfield = apr_pstrcat(h->pool, fieldname, ": ", fieldval, CRLF, NULL);

    len = strlen(headfield);

    ap_xlate_proto_to_ascii(headfield, len);

    apr_brigade_write(h->bb, NULL, NULL, headfield, len);

#else

    struct iovec vec[4];

    struct iovec *v = vec;

    v->iov_base = (void *)fieldname;

    v->iov_len = strlen(fieldname);

    v++;

    v->iov_base = ": ";

    v->iov_len = sizeof(": ") - 1;

    v++;

    v->iov_base = (void *)fieldval;

    v->iov_len = strlen(fieldval);

    v++;

    v->iov_base = CRLF;

    v->iov_len = sizeof(CRLF) - 1;

    apr_brigade_writev(h->bb, NULL, NULL, vec, 4);

#endif /* !APR_CHARSET_EBCDIC */

    return 1;

}

/* This routine is called by apr_table_do and merges all instances of

 * the passed field values into a single array that will be further

 * processed by some later routine.  Originally intended to help split

 * and recombine multiple Vary fields, though it is generic to any field

 * consisting of comma/space-separated tokens.

 */

static int uniq_field_values(void *d, const char *key, const char *val)

{

    apr_array_header_t *values;

    char *start;

    char *e;

    char **strpp;

    int  i;

    values = (apr_array_header_t *)d;

    e = apr_pstrdup(values->pool, val);

    do {

        /* Find a non-empty fieldname */

        while (*e == ',' || apr_isspace(*e)) {

            ++e;

        }

        if (*e == '\0') {

            break;

        }

        start = e;

        while (*e != '\0' && *e != ',' && !apr_isspace(*e)) {

            ++e;

        }

        if (*e != '\0') {

            *e++ = '\0';

        }

        /* Now add it to values if it isn't already represented.

         * Could be replaced by a ap_array_strcasecmp() if we had one.

         */

        for (i = 0, strpp = (char **) values->elts; i < values->nelts;

             ++i, ++strpp) {

            if (*strpp && strcasecmp(*strpp, start) == 0) {

                break;

            }

        }

        if (i == values->nelts) {  /* if not found */

            *(char **)apr_array_push(values) = start;