-/* ====================================================================
- * The Apache Software License, Version 1.1
+/* Copyright 2001-2004 The Apache Software Foundation
*
- * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
- * reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
/*
int do_alloc = (*s == NULL), saw_eos = 0;
for (;;) {
- apr_brigade_cleanup(bb);
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
- APR_BLOCK_READ, 0);
-
- if (rv != APR_SUCCESS) {
- return rv;
- }
-
- /* Something horribly wrong happened. Someone didn't block! */
- if (APR_BRIGADE_EMPTY(bb)) {
- return APR_EGENERAL;
- }
-
- APR_BRIGADE_FOREACH(e, bb) {
- const char *str;
- apr_size_t len;
-
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
- saw_eos = 1;
- break;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
-
+ apr_brigade_cleanup(bb);
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
+ APR_BLOCK_READ, 0);
if (rv != APR_SUCCESS) {
return rv;
}
-
- if (len == 0) {
- /* no use attempting a zero-byte alloc (hurts when
- * using --with-efence --enable-pool-debug) or
- * doing any of the other logic either
- */
- continue;
- }
-
- /* Would this overrun our buffer? If so, we'll die. */
- if (n < bytes_handled + len) {
- *read = bytes_handled;
- return APR_ENOSPC;
+
+ /* Something horribly wrong happened. Someone didn't block! */
+ if (APR_BRIGADE_EMPTY(bb)) {
+ return APR_EGENERAL;
}
-
- /* Do we have to handle the allocation ourselves? */
- if (do_alloc) {
- /* We'll assume the common case where one bucket is enough. */
- if (!*s) {
- current_alloc = len;
- if (current_alloc < MIN_LINE_ALLOC) {
- current_alloc = MIN_LINE_ALLOC;
+
+ for (e = APR_BRIGADE_FIRST(bb);
+ e != APR_BRIGADE_SENTINEL(bb);
+ e = APR_BUCKET_NEXT(e))
+ {
+ const char *str;
+ apr_size_t len;
+
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
+ saw_eos = 1;
+ break;
+ }
+
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (len == 0) {
+ /* no use attempting a zero-byte alloc (hurts when
+ * using --with-efence --enable-pool-debug) or
+ * doing any of the other logic either
+ */
+ continue;
+ }
+
+ /* Would this overrun our buffer? If so, we'll die. */
+ if (n < bytes_handled + len) {
+ *read = bytes_handled;
+ if (*s) {
+ /* ensure this string is NUL terminated */
+ if (bytes_handled > 0) {
+ (*s)[bytes_handled-1] = '\0';
+ }
+ else {
+ (*s)[0] = '\0';
+ }
}
- *s = apr_palloc(r->pool, current_alloc);
+ return APR_ENOSPC;
}
- else if (bytes_handled + len > current_alloc) {
- /* Increase the buffer size */
- apr_size_t new_size = current_alloc * 2;
- char *new_buffer;
-
- if (bytes_handled + len > new_size) {
- new_size = (bytes_handled + len) * 2;
+
+ /* Do we have to handle the allocation ourselves? */
+ if (do_alloc) {
+ /* We'll assume the common case where one bucket is enough. */
+ if (!*s) {
+ current_alloc = len;
+ if (current_alloc < MIN_LINE_ALLOC) {
+ current_alloc = MIN_LINE_ALLOC;
+ }
+ *s = apr_palloc(r->pool, current_alloc);
+ }
+ else if (bytes_handled + len > current_alloc) {
+ /* Increase the buffer size */
+ apr_size_t new_size = current_alloc * 2;
+ char *new_buffer;
+
+ if (bytes_handled + len > new_size) {
+ new_size = (bytes_handled + len) * 2;
+ }
+
+ new_buffer = apr_palloc(r->pool, new_size);
+
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
+ current_alloc = new_size;
+ *s = new_buffer;
}
-
- new_buffer = apr_palloc(r->pool, new_size);
-
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
- current_alloc = new_size;
- *s = new_buffer;
}
- }
-
- /* Just copy the rest of the data to the end of the old buffer. */
- pos = *s + bytes_handled;
- memcpy(pos, str, len);
- last_char = pos + len - 1;
-
- /* We've now processed that new data - update accordingly. */
- bytes_handled += len;
- }
+ /* Just copy the rest of the data to the end of the old buffer. */
+ pos = *s + bytes_handled;
+ memcpy(pos, str, len);
+ last_char = pos + len - 1;
+
+ /* We've now processed that new data - update accordingly. */
+ bytes_handled += len;
+ }
+
/* If we got a full line of input, stop reading */
if (last_char && (*last_char == APR_ASCII_LF)) {
break;
*/
if (fold && bytes_handled && !saw_eos) {
for (;;) {
- const char *str;
- apr_size_t len;
- char c;
-
- /* Clear the temp brigade for this filter read. */
- apr_brigade_cleanup(bb);
-
- /* We only care about the first byte. */
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
- APR_BLOCK_READ, 1);
-
- if (rv != APR_SUCCESS) {
- return rv;
- }
-
- if (APR_BRIGADE_EMPTY(bb)) {
+ const char *str;
+ apr_size_t len;
+ char c;
+
+ /* Clear the temp brigade for this filter read. */
+ apr_brigade_cleanup(bb);
+
+ /* We only care about the first byte. */
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
+ APR_BLOCK_READ, 1);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (APR_BRIGADE_EMPTY(bb)) {
break;
- }
-
- e = APR_BRIGADE_FIRST(bb);
-
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
+ }
+
+ e = APR_BRIGADE_FIRST(bb);
+
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
break;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
-
- if (rv != APR_SUCCESS) {
+ }
+
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (rv != APR_SUCCESS) {
apr_brigade_cleanup(bb);
- return rv;
- }
-
- /* Found one, so call ourselves again to get the next line.
- *
- * FIXME: If the folding line is completely blank, should we
- * stop folding? Does that require also looking at the next
- * char?
- */
+ return rv;
+ }
+
+ /* Found one, so call ourselves again to get the next line.
+ *
+ * FIXME: If the folding line is completely blank, should we
+ * stop folding? Does that require also looking at the next
+ * char?
+ */
/* When we call destroy, the buckets are deleted, so save that
* one character we need. This simplifies our execution paths
* at the cost of one character read.
*/
c = *str;
- if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
- /* Do we have enough space? We may be full now. */
+ if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
+ /* Do we have enough space? We may be full now. */
if (bytes_handled >= n) {
*read = n;
+ /* ensure this string is terminated */
+ (*s)[n-1] = '\0';
return APR_ENOSPC;
}
else {
- apr_size_t next_size, next_len;
- char *tmp;
-
- /* If we're doing the allocations for them, we have to
- * give ourselves a NULL and copy it on return.
- */
- if (do_alloc) {
- tmp = NULL;
- } else {
- /* We're null terminated. */
- tmp = last_char;
- }
-
- next_size = n - bytes_handled;
-
+ apr_size_t next_size, next_len;
+ char *tmp;
+
+ /* If we're doing the allocations for them, we have to
+ * give ourselves a NULL and copy it on return.
+ */
+ if (do_alloc) {
+ tmp = NULL;
+ } else {
+ /* We're null terminated. */
+ tmp = last_char;
+ }
+
+ next_size = n - bytes_handled;
+
rv = ap_rgetline_core(&tmp, next_size,
&next_len, r, 0, bb);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (do_alloc && next_len > 0) {
+ char *new_buffer;
+ apr_size_t new_size = bytes_handled + next_len + 1;
+
+ /* we need to alloc an extra byte for a null */
+ new_buffer = apr_palloc(r->pool, new_size);
+
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
+
+ /* copy the new line, including the trailing null */
+ memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
+ *s = new_buffer;
+ }
- if (rv != APR_SUCCESS) {
- return rv;
- }
-
- if (do_alloc && next_len > 0) {
- char *new_buffer;
- apr_size_t new_size = bytes_handled + next_len + 1;
-
- /* we need to alloc an extra byte for a null */
- new_buffer = apr_palloc(r->pool, new_size);
-
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
-
- /* copy the new line, including the trailing null */
- memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
- *s = new_buffer;
- }
-
+ last_char += next_len;
bytes_handled += next_len;
- }
+ }
}
else { /* next character is not tab or space */
break;
* if there are empty lines
*/
r->the_request = NULL;
- rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+ rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the
+ * buffer before finding the end-of-line. This is only going to
+ * happen if it exceeds the configured limit for a request-line.
+ */
+ if (rv == APR_ENOSPC) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
ap_parse_uri(r, uri);
- /* ap_getline returns (size of max buffer - 1) if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
- * The cast is safe, limit_req_line cannot be negative
- */
- if (len > (apr_size_t)r->server->limit_req_line) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
-
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
* continuations that span many many lines.
*/
apr_size_t fold_len = last_len + len + 1; /* trailing null */
+
+ if (fold_len > r->server->limit_req_fieldsize + 1) {
+ r->status = HTTP_BAD_REQUEST;
+ /* report what we have accumulated so far before the
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Size of a request header field "
+ "after folding "
+ "exceeds server limit.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool, last_field),
+ "</pre>\n", NULL));
+ return;
+ }
+
if (fold_len > alloc_len) {
char *fold_buf;
alloc_len += alloc_len;
if (!read_request_line(r, tmp_bb)) {
if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request failed: URI too long");
+ "request failed: URI too long (longer than %d)", r->server->limit_req_line);
ap_send_error_response(r, 0);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
* *someone* has to set the protocol-specific fields...
*/
-void ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
+AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
+ const request_rec *r)
{
rnew->the_request = r->the_request; /* Keep original request-line */
ap_pass_brigade(r->output_filters, bb);
}
-void ap_finalize_sub_req_protocol(request_rec *sub)
+AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub)
{
/* tell the filter chain there is no more content coming */
if (!sub->eos_sent) {
*
* We can only set a C-L in the response header if we haven't already
* sent any buckets on to the next output filter for this request.
+ *
+ * Also check against cases of zero bytes sent, to avoid a bogus
+ * C-L on HEAD requests, or no-body GETs like 204s.
*/
- if (ctx->data_sent == 0 && eos) {
+ if (ctx->data_sent == 0 && eos && r->bytes_sent > 0 ) {
ap_set_content_length(r, r->bytes_sent);
}
return c;
}
-AP_DECLARE(int) ap_rputs(const char *str, request_rec *r)
+AP_DECLARE(apr_ssize_t) ap_rputs(const char *str, request_rec *r)
{
apr_size_t len;
return APR_SUCCESS;
}
-AP_DECLARE(int) ap_vrprintf(request_rec *r, const char *fmt, va_list va)
+AP_DECLARE(apr_ssize_t) ap_vrprintf(request_rec *r, const char *fmt, va_list va)
{
- apr_size_t written;
+ apr_ssize_t written;
struct ap_vrprintf_data vd;
char vrprintf_buf[AP_IOBUFSIZE];
*(vd.vbuff.curpos) = '\0';
if (written != -1) {
- int n = vd.vbuff.curpos - vrprintf_buf;
+ apr_size_t n = vd.vbuff.curpos - vrprintf_buf;
/* last call to buffer_output, to finish clearing the buffer */
if (buffer_output(r, vrprintf_buf,n) != APR_SUCCESS)
return written;
}
-AP_DECLARE_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt, ...)
+AP_DECLARE_NONSTD(apr_ssize_t) ap_rprintf(request_rec *r, const char *fmt, ...)
{
va_list va;
- int n;
+ apr_ssize_t n;
if (r->connection->aborted)
return -1;
return n;
}
-AP_DECLARE_NONSTD(int) ap_rvputs(request_rec *r, ...)
+AP_DECLARE_NONSTD(apr_ssize_t) ap_rvputs(request_rec *r, ...)
{
va_list va;
const char *s;