-/* ====================================================================
- * The Apache Software License, Version 1.1
+/* Copyright 2001-2004 The Apache Software Foundation
*
- * Copyright (c) 2000-2002 The Apache Software Foundation. All rights
- * reserved.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
/*
#include "apr_buckets.h"
#include "apr_lib.h"
#include "apr_signal.h"
+#include "apr_strmatch.h"
#define APR_WANT_STDIO /* for sscanf */
#define APR_WANT_STRFUNC
#include "mod_core.h"
#include "util_charset.h"
#include "util_ebcdic.h"
+#include "scoreboard.h"
#if APR_HAVE_STDARG_H
#include <stdarg.h>
AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL;
+
+/* Patterns to match in ap_make_content_type() */
+static const char *needcset[] = {
+ "text/plain",
+ "text/html",
+ NULL
+};
+static const apr_strmatch_pattern **needcset_patterns;
+static const apr_strmatch_pattern *charset_pattern;
+
+AP_DECLARE(void) ap_setup_make_content_type(apr_pool_t *pool)
+{
+ int i;
+ for (i = 0; needcset[i]; i++) {
+ continue;
+ }
+ needcset_patterns = (const apr_strmatch_pattern **)
+ apr_palloc(pool, (i + 1) * sizeof(apr_strmatch_pattern *));
+ for (i = 0; needcset[i]; i++) {
+ needcset_patterns[i] = apr_strmatch_precompile(pool, needcset[i], 0);
+ }
+ needcset_patterns[i] = NULL;
+ charset_pattern = apr_strmatch_precompile(pool, "charset=", 0);
+}
+
/*
* Builds the content-type that should be sent to the client from the
* content-type specified. The following rules are followed:
*/
AP_DECLARE(const char *)ap_make_content_type(request_rec *r, const char *type)
{
- static const char *needcset[] = {
- "text/plain",
- "text/html",
- NULL };
- const char **pcset;
+ const apr_strmatch_pattern **pcset;
core_dir_config *conf =
(core_dir_config *)ap_get_module_config(r->per_dir_config,
&core_module);
+ apr_size_t type_len;
if (!type) {
type = ap_default_type(r);
return type;
}
- if (ap_strcasestr(type, "charset=") != NULL) {
+ type_len = strlen(type);
+
+ if (apr_strmatch(charset_pattern, type, type_len) != NULL) {
/* already has parameter, do nothing */
/* XXX we don't check the validity */
;
/* see if it makes sense to add the charset. At present,
* we only add it if the Content-type is one of needcset[]
*/
- for (pcset = needcset; *pcset ; pcset++) {
- if (ap_strcasestr(type, *pcset) != NULL) {
- type = apr_pstrcat(r->pool, type, "; charset=",
- conf->add_default_charset_name, NULL);
+ for (pcset = needcset_patterns; *pcset ; pcset++) {
+ if (apr_strmatch(*pcset, type, type_len) != NULL) {
+ struct iovec concat[3];
+ concat[0].iov_base = (void *)type;
+ concat[0].iov_len = type_len;
+ concat[1].iov_base = (void *)"; charset=";
+ concat[1].iov_len = sizeof("; charset=") - 1;
+ concat[2].iov_base = (void *)(conf->add_default_charset_name);
+ concat[2].iov_len = strlen(conf->add_default_charset_name);
+ type = apr_pstrcatv(r->pool, concat, 3, NULL);
break;
}
}
return (mtime > now) ? now : mtime;
}
+/* Min # of bytes to allocate when reading a request line */
+#define MIN_LINE_ALLOC 80
+
/* Get a line of protocol input, including any continuation lines
* caused by MIME folding (or broken clients) if fold != 0, and place it
* in the buffer s, of size n bytes, without the ending newline.
*/
AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n,
apr_size_t *read, request_rec *r,
- int fold)
+ int fold, apr_bucket_brigade *bb)
{
apr_status_t rv;
- apr_bucket_brigade *b;
apr_bucket *e;
apr_size_t bytes_handled = 0, current_alloc = 0;
char *pos, *last_char = *s;
int do_alloc = (*s == NULL), saw_eos = 0;
- b = apr_brigade_create(r->pool, r->connection->bucket_alloc);
- rv = ap_get_brigade(r->input_filters, b, AP_MODE_GETLINE,
- APR_BLOCK_READ, 0);
-
- if (rv != APR_SUCCESS) {
- apr_brigade_destroy(b);
- return rv;
- }
-
- /* Something horribly wrong happened. Someone didn't block! */
- if (APR_BRIGADE_EMPTY(b)) {
- apr_brigade_destroy(b);
- return APR_EGENERAL;
- }
-
- APR_BRIGADE_FOREACH(e, b) {
- const char *str;
- apr_size_t len;
-
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
- saw_eos = 1;
- break;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
-
+ for (;;) {
+ apr_brigade_cleanup(bb);
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
+ APR_BLOCK_READ, 0);
if (rv != APR_SUCCESS) {
- apr_brigade_destroy(b);
return rv;
}
-
- if (len == 0) {
- /* no use attempting a zero-byte alloc (hurts when
- * using --with-efence --enable-pool-debug) or
- * doing any of the other logic either
- */
- continue;
- }
-
- /* Would this overrun our buffer? If so, we'll die. */
- if (n < bytes_handled + len) {
- apr_brigade_destroy(b);
- return APR_ENOSPC;
- }
-
- /* Do we have to handle the allocation ourselves? */
- if (do_alloc) {
- /* We'll assume the common case where one bucket is enough. */
- if (!*s) {
- current_alloc = len;
- *s = apr_palloc(r->pool, len);
- }
- else if (bytes_handled + len > current_alloc) {
- /* We resize to the next power of 2. */
- apr_size_t new_size = current_alloc;
- char *new_buffer;
-
- do {
- new_size *= 2;
- } while (bytes_handled + len > new_size);
-
- new_buffer = apr_palloc(r->pool, new_size);
-
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
- current_alloc = new_size;
- *s = new_buffer;
- }
+
+ /* Something horribly wrong happened. Someone didn't block! */
+ if (APR_BRIGADE_EMPTY(bb)) {
+ return APR_EGENERAL;
}
-
- /* Just copy the rest of the data to the end of the old buffer. */
- pos = *s + bytes_handled;
- memcpy(pos, str, len);
- last_char = pos + len - 1;
-
- /* We've now processed that new data - update accordingly. */
- bytes_handled += len;
- }
-
- /* We no longer need the returned brigade. */
- apr_brigade_destroy(b);
-
- /* We likely aborted early before reading anything or we read no
- * data. Technically, this might be success condition. But,
- * probably means something is horribly wrong. For now, we'll
- * treat this as APR_SUCCESS, but it may be worth re-examining.
- */
- if (bytes_handled == 0) {
- *read = 0;
- return APR_SUCCESS;
- }
-
- /* If we didn't get a full line of input, try again. */
- if (*last_char != APR_ASCII_LF) {
- /* Do we have enough space? We may be full now. */
- if (bytes_handled < n) {
- apr_size_t next_size, next_len;
- char *tmp;
-
- /* If we're doing the allocations for them, we have to
- * give ourselves a NULL and copy it on return.
- */
- if (do_alloc) {
- tmp = NULL;
- } else {
- /* We're not null terminated yet. */
- tmp = last_char + 1;
+
+ for (e = APR_BRIGADE_FIRST(bb);
+ e != APR_BRIGADE_SENTINEL(bb);
+ e = APR_BUCKET_NEXT(e))
+ {
+ const char *str;
+ apr_size_t len;
+
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
+ saw_eos = 1;
+ break;
}
-
- next_size = n - bytes_handled;
-
- rv = ap_rgetline_core(&tmp, next_size, &next_len, r, fold);
-
+
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
if (rv != APR_SUCCESS) {
return rv;
}
-
- /* XXX this code appears to be dead because the filter chain
- * seems to read until it sees a LF or an error. If it ever
- * comes back to life, we need to make sure that:
- * - we really alloc enough space for the trailing null
- * - we don't allow the tail trimming code to run more than
- * once
- */
- if (do_alloc && next_len > 0) {
- char *new_buffer;
- apr_size_t new_size = bytes_handled + next_len;
-
- /* Again we need to alloc an extra two bytes for LF, null */
- new_buffer = apr_palloc(r->pool, new_size);
-
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
- memcpy(new_buffer + bytes_handled, tmp, next_len);
- current_alloc = new_size;
- *s = new_buffer;
+
+ if (len == 0) {
+ /* no use attempting a zero-byte alloc (hurts when
+ * using --with-efence --enable-pool-debug) or
+ * doing any of the other logic either
+ */
+ continue;
+ }
+
+ /* Would this overrun our buffer? If so, we'll die. */
+ if (n < bytes_handled + len) {
+ *read = bytes_handled;
+ if (*s) {
+ /* ensure this string is NUL terminated */
+ if (bytes_handled > 0) {
+ (*s)[bytes_handled-1] = '\0';
+ }
+ else {
+ (*s)[0] = '\0';
+ }
+ }
+ return APR_ENOSPC;
+ }
+
+ /* Do we have to handle the allocation ourselves? */
+ if (do_alloc) {
+ /* We'll assume the common case where one bucket is enough. */
+ if (!*s) {
+ current_alloc = len;
+ if (current_alloc < MIN_LINE_ALLOC) {
+ current_alloc = MIN_LINE_ALLOC;
+ }
+ *s = apr_palloc(r->pool, current_alloc);
+ }
+ else if (bytes_handled + len > current_alloc) {
+ /* Increase the buffer size */
+ apr_size_t new_size = current_alloc * 2;
+ char *new_buffer;
+
+ if (bytes_handled + len > new_size) {
+ new_size = (bytes_handled + len) * 2;
+ }
+
+ new_buffer = apr_palloc(r->pool, new_size);
+
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
+ current_alloc = new_size;
+ *s = new_buffer;
+ }
}
- bytes_handled += next_len;
- last_char = *s + bytes_handled - 1;
+ /* Just copy the rest of the data to the end of the old buffer. */
+ pos = *s + bytes_handled;
+ memcpy(pos, str, len);
+ last_char = pos + len - 1;
+
+ /* We've now processed that new data - update accordingly. */
+ bytes_handled += len;
}
- else {
- return APR_ENOSPC;
+
+ /* If we got a full line of input, stop reading */
+ if (last_char && (*last_char == APR_ASCII_LF)) {
+ break;
}
}
* Note that if an EOS was seen, we know we can't have another line.
*/
if (fold && bytes_handled && !saw_eos) {
- const char *str;
- apr_bucket_brigade *bb;
- apr_size_t len;
- char c;
-
- /* Create a brigade for this filter read. */
- bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
-
- /* We only care about the first byte. */
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
- APR_BLOCK_READ, 1);
-
- if (rv != APR_SUCCESS) {
- apr_brigade_destroy(bb);
- return rv;
- }
-
- if (APR_BRIGADE_EMPTY(bb)) {
- *read = bytes_handled;
- apr_brigade_destroy(bb);
- return APR_SUCCESS;
- }
-
- e = APR_BRIGADE_FIRST(bb);
-
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
- *read = bytes_handled;
- apr_brigade_destroy(bb);
- return APR_SUCCESS;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
-
- if (rv != APR_SUCCESS) {
- apr_brigade_destroy(bb);
- return rv;
- }
-
- /* When we call destroy, the buckets are deleted, so save that
- * one character we need. This simplifies our execution paths
- * at the cost of one character read.
- */
- c = *str;
-
- /* We no longer need the returned brigade. */
- apr_brigade_destroy(bb);
-
- /* Found one, so call ourselves again to get the next line.
- *
- * FIXME: If the folding line is completely blank, should we
- * stop folding? Does that require also looking at the next
- * char?
- */
- if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
- /* Do we have enough space? We may be full now. */
- if (bytes_handled < n) {
- apr_size_t next_size, next_len;
- char *tmp;
-
- /* If we're doing the allocations for them, we have to
- * give ourselves a NULL and copy it on return.
- */
- if (do_alloc) {
- tmp = NULL;
- } else {
- /* We're null terminated. */
- tmp = last_char;
- }
-
- next_size = n - bytes_handled;
-
- rv = ap_rgetline_core(&tmp, next_size, &next_len, r, fold);
-
- if (rv != APR_SUCCESS) {
- return rv;
+ for (;;) {
+ const char *str;
+ apr_size_t len;
+ char c;
+
+ /* Clear the temp brigade for this filter read. */
+ apr_brigade_cleanup(bb);
+
+ /* We only care about the first byte. */
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
+ APR_BLOCK_READ, 1);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (APR_BRIGADE_EMPTY(bb)) {
+ break;
+ }
+
+ e = APR_BRIGADE_FIRST(bb);
+
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
+ break;
+ }
+
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (rv != APR_SUCCESS) {
+ apr_brigade_cleanup(bb);
+ return rv;
+ }
+
+ /* Found one, so call ourselves again to get the next line.
+ *
+ * FIXME: If the folding line is completely blank, should we
+ * stop folding? Does that require also looking at the next
+ * char?
+ */
+ /* When we call destroy, the buckets are deleted, so save that
+ * one character we need. This simplifies our execution paths
+ * at the cost of one character read.
+ */
+ c = *str;
+ if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
+ /* Do we have enough space? We may be full now. */
+ if (bytes_handled >= n) {
+ *read = n;
+ /* ensure this string is terminated */
+ (*s)[n-1] = '\0';
+ return APR_ENOSPC;
}
+ else {
+ apr_size_t next_size, next_len;
+ char *tmp;
+
+ /* If we're doing the allocations for them, we have to
+ * give ourselves a NULL and copy it on return.
+ */
+ if (do_alloc) {
+ tmp = NULL;
+ } else {
+ /* We're null terminated. */
+ tmp = last_char;
+ }
+
+ next_size = n - bytes_handled;
+
+ rv = ap_rgetline_core(&tmp, next_size,
+ &next_len, r, 0, bb);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (do_alloc && next_len > 0) {
+ char *new_buffer;
+ apr_size_t new_size = bytes_handled + next_len + 1;
+
+ /* we need to alloc an extra byte for a null */
+ new_buffer = apr_palloc(r->pool, new_size);
+
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
+
+ /* copy the new line, including the trailing null */
+ memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
+ *s = new_buffer;
+ }
- if (do_alloc && next_len > 0) {
- char *new_buffer;
- apr_size_t new_size = bytes_handled + next_len + 1;
-
- /* we need to alloc an extra byte for a null */
- new_buffer = apr_palloc(r->pool, new_size);
-
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
-
- /* copy the new line, including the trailing null */
- memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
- *s = new_buffer;
+ last_char += next_len;
+ bytes_handled += next_len;
}
-
- *read = bytes_handled + next_len;
- return APR_SUCCESS;
}
- else {
- return APR_ENOSPC;
+ else { /* next character is not tab or space */
+ break;
}
}
}
#if APR_CHARSET_EBCDIC
AP_DECLARE(apr_status_t) ap_rgetline(char **s, apr_size_t n,
apr_size_t *read, request_rec *r,
- int fold)
+ int fold, apr_bucket_brigade *bb)
{
/* on ASCII boxes, ap_rgetline is a macro which simply invokes
* ap_rgetline_core with the same parms
*/
apr_status_t rv;
- rv = ap_rgetline_core(s, n, read, r, fold);
+ rv = ap_rgetline_core(s, n, read, r, fold, bb);
if (rv == APR_SUCCESS) {
ap_xlate_proto_from_ascii(*s, *read);
}
char *tmp_s = s;
apr_status_t rv;
apr_size_t len;
+ apr_bucket_brigade *tmp_bb;
- rv = ap_rgetline(&tmp_s, n, &len, r, fold);
+ tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ rv = ap_rgetline(&tmp_s, n, &len, r, fold, tmp_bb);
+ apr_brigade_destroy(tmp_bb);
/* Map the out-of-space condition to the old API. */
if (rv == APR_ENOSPC) {
}
}
-static int read_request_line(request_rec *r)
+static int read_request_line(request_rec *r, apr_bucket_brigade *bb)
{
const char *ll;
const char *uri;
conn_rec *conn = r->connection;
#endif
int major = 1, minor = 0; /* Assume HTTP/1.0 if non-"HTTP" protocol */
+ char http[5];
apr_size_t len;
+ int num_blank_lines = 0;
+ int max_blank_lines = r->server->limit_req_fields;
+
+ if (max_blank_lines <= 0) {
+ max_blank_lines = DEFAULT_LIMIT_REQUEST_FIELDS;
+ }
/* Read past empty lines until we get a real request line,
* a read error, the connection closes (EOF), or we timeout.
* if there are empty lines
*/
r->the_request = NULL;
- rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
- &len, r, 0);
+ rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
+ &len, r, 0, bb);
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the
+ * buffer before finding the end-of-line. This is only going to
+ * happen if it exceeds the configured limit for a request-line.
+ */
+ if (rv == APR_ENOSPC) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+
return 0;
}
- } while (len <= 0);
+ } while ((len <= 0) && (++num_blank_lines < max_blank_lines));
/* we've probably got something to do, ignore graceful restart requests */
ap_parse_uri(r, uri);
- /* ap_getline returns (size of max buffer - 1) if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
- * The cast is safe, limit_req_line cannot be negative
- */
- if (len > (apr_size_t)r->server->limit_req_line) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
-
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
&& apr_isdigit(pro[7])) {
r->proto_num = HTTP_VERSION(pro[5] - '0', pro[7] - '0');
}
- else if (2 == sscanf(r->protocol, "HTTP/%u.%u", &major, &minor)
- && minor < HTTP_VERSION(1, 0)) /* don't allow HTTP/0.1000 */
+ else if (3 == sscanf(r->protocol, "%4s/%u.%u", http, &major, &minor)
+ && (strcasecmp("http", http) == 0)
+ && (minor < HTTP_VERSION(1, 0)) ) /* don't allow HTTP/0.1000 */
r->proto_num = HTTP_VERSION(major, minor);
else
r->proto_num = HTTP_VERSION(1, 0);
return 1;
}
-void ap_get_mime_headers(request_rec *r)
+AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
{
- char* field;
+ char *last_field = NULL;
+ apr_size_t last_len = 0;
+ apr_size_t alloc_len = 0;
+ char *field;
char *value;
apr_size_t len;
int fields_read = 0;
- apr_table_t *tmp_headers;
-
- /* We'll use apr_table_overlap later to merge these into r->headers_in. */
- tmp_headers = apr_table_make(r->pool, 50);
+ char *tmp_field;
/*
* Read header lines until we get the empty separator line, a read error,
*/
while(1) {
apr_status_t rv;
+ int folded = 0;
field = NULL;
- rv = ap_rgetline(&field, DEFAULT_LIMIT_REQUEST_FIELDSIZE + 2,
- &len, r, 1);
+ rv = ap_rgetline(&field, r->server->limit_req_fieldsize + 2,
+ &len, r, 0, bb);
- /* ap_rgetline returns APR_ENOSPC if it fills up the buffer before
- * finding the end-of-line. This is only going to happen if it
- * exceeds the configured limit for a field size.
- * The cast is safe, limit_req_fieldsize cannot be negative
- */
- if (rv == APR_ENOSPC
- || (rv == APR_SUCCESS
- && len > (apr_size_t)r->server->limit_req_fieldsize)) {
+ if (rv != APR_SUCCESS) {
r->status = HTTP_BAD_REQUEST;
- apr_table_setn(r->notes, "error-notes",
- apr_pstrcat(r->pool,
- "Size of a request header field "
- "exceeds server limit.<br />\n"
- "<pre>\n",
- ap_escape_html(r->pool, field),
- "</pre>\n", NULL));
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the buffer before
+ * finding the end-of-line. This is only going to happen if it
+ * exceeds the configured limit for a field size.
+ */
+ if (rv == APR_ENOSPC && field) {
+ /* insure ap_escape_html will terminate correctly */
+ field[len - 1] = '\0';
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Size of a request header field "
+ "exceeds server limit.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool, field),
+ "</pre>\n", NULL));
+ }
return;
}
- if (rv != APR_SUCCESS) {
- r->status = HTTP_BAD_REQUEST;
- return;
+ if (last_field != NULL) {
+ if ((len > 0) && ((*field == '\t') || *field == ' ')) {
+ /* This line is a continuation of the preceding line(s),
+ * so append it to the line that we've set aside.
+ * Note: this uses a power-of-two allocator to avoid
+ * doing O(n) allocs and using O(n^2) space for
+ * continuations that span many many lines.
+ */
+ apr_size_t fold_len = last_len + len + 1; /* trailing null */
+
+ if (fold_len > r->server->limit_req_fieldsize + 1) {
+ r->status = HTTP_BAD_REQUEST;
+ /* report what we have accumulated so far before the
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Size of a request header field "
+ "after folding "
+ "exceeds server limit.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool, last_field),
+ "</pre>\n", NULL));
+ return;
+ }
+
+ if (fold_len > alloc_len) {
+ char *fold_buf;
+ alloc_len += alloc_len;
+ if (fold_len > alloc_len) {
+ alloc_len = fold_len;
+ }
+ fold_buf = (char *)apr_palloc(r->pool, alloc_len);
+ memcpy(fold_buf, last_field, last_len);
+ last_field = fold_buf;
+ }
+ memcpy(last_field + last_len, field, len +1); /* +1 for nul */
+ last_len += len;
+ folded = 1;
+ }
+ else {
+
+ if (r->server->limit_req_fields
+ && (++fields_read > r->server->limit_req_fields)) {
+ r->status = HTTP_BAD_REQUEST;
+ apr_table_setn(r->notes, "error-notes",
+ "The number of request header fields "
+ "exceeds this server's limit.");
+ return;
+ }
+
+ if (!(value = strchr(last_field, ':'))) { /* Find ':' or */
+ r->status = HTTP_BAD_REQUEST; /* abort bad request */
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Request header field is "
+ "missing ':' separator.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool,
+ last_field),
+ "</pre>\n", NULL));
+ return;
+ }
+
+ *value = '\0';
+ tmp_field = value; /* used to trim the whitespace between key
+ * token and separator
+ */
+ ++value;
+ while (*value == ' ' || *value == '\t') {
+ ++value; /* Skip to start of value */
+ }
+
+ /* This check is to avoid any invalid memory reference while
+ * traversing backwards in the key. To avoid a case where
+ * the header starts with ':' (or with just some white
+ * space and the ':') followed by the value
+ */
+ if (tmp_field > last_field) {
+ --tmp_field;
+ while ((tmp_field > last_field) &&
+ (*tmp_field == ' ' || *tmp_field == '\t')) {
+ --tmp_field; /* Removing LWS between key and ':' */
+ }
+ ++tmp_field;
+ *tmp_field = '\0';
+ }
+
+ apr_table_addn(r->headers_in, last_field, value);
+
+ /* reset the alloc_len so that we'll allocate a new
+ * buffer if we have to do any more folding: we can't
+ * use the previous buffer because its contents are
+ * now part of r->headers_in
+ */
+ alloc_len = 0;
+
+ } /* end if current line is not a continuation starting with tab */
}
/* Found a blank line, stop. */
break;
}
- if (r->server->limit_req_fields
- && (++fields_read > r->server->limit_req_fields)) {
- r->status = HTTP_BAD_REQUEST;
- apr_table_setn(r->notes, "error-notes",
- "The number of request header fields exceeds "
- "this server's limit.");
- return;
- }
-
- if (!(value = strchr(field, ':'))) { /* Find the colon separator */
- r->status = HTTP_BAD_REQUEST; /* or abort the bad request */
- apr_table_setn(r->notes, "error-notes",
- apr_pstrcat(r->pool,
- "Request header field is missing "
- "colon separator.<br />\n"
- "<pre>\n",
- ap_escape_html(r->pool, field),
- "</pre>\n", NULL));
- return;
- }
-
- *value = '\0';
- ++value;
- while (*value == ' ' || *value == '\t') {
- ++value; /* Skip to start of value */
+ /* Keep track of this line so that we can parse it on
+ * the next loop iteration. (In the folded case, last_field
+ * has been updated already.)
+ */
+ if (!folded) {
+ last_field = field;
+ last_len = len;
}
-
- apr_table_addn(tmp_headers, field, value);
}
- apr_table_overlap(r->headers_in, tmp_headers, APR_OVERLAP_TABLES_MERGE);
+ apr_table_compress(r->headers_in, APR_OVERLAP_TABLES_MERGE);
+}
+
+AP_DECLARE(void) ap_get_mime_headers(request_rec *r)
+{
+ apr_bucket_brigade *tmp_bb;
+ tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ ap_get_mime_headers_core(r, tmp_bb);
+ apr_brigade_destroy(tmp_bb);
}
request_rec *ap_read_request(conn_rec *conn)
apr_pool_t *p;
const char *expect;
int access_status;
+ apr_bucket_brigade *tmp_bb;
apr_pool_create(&p, conn->pool);
+ apr_pool_tag(p, "request");
r = apr_pcalloc(p, sizeof(request_rec));
r->pool = p;
r->connection = conn;
r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
r->the_request = NULL;
+ tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+
/* Get the request... */
- if (!read_request_line(r)) {
+ if (!read_request_line(r, tmp_bb)) {
if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
- "request failed: URI too long");
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "request failed: URI too long (longer than %d)", r->server->limit_req_line);
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
+ apr_brigade_destroy(tmp_bb);
return r;
}
+ apr_brigade_destroy(tmp_bb);
return NULL;
}
if (!r->assbackwards) {
- ap_get_mime_headers(r);
+ ap_get_mime_headers_core(r, tmp_bb);
if (r->status != HTTP_REQUEST_TIME_OUT) {
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"request failed: error reading the headers");
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
+ apr_brigade_destroy(tmp_bb);
return r;
}
}
* headers! Have to dink things just to make sure the error message
* comes through...
*/
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client sent invalid HTTP/0.9 request: HEAD %s",
r->uri);
r->header_only = 0;
r->status = HTTP_BAD_REQUEST;
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
+ apr_brigade_destroy(tmp_bb);
return r;
}
}
+ apr_brigade_destroy(tmp_bb);
+
r->status = HTTP_OK; /* Until further notice. */
/* update what we think the virtual host is based on the headers we've
* a Host: header, and the server MUST respond with 400 if it doesn't.
*/
r->status = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client sent HTTP/1.1 request without hostname "
"(see RFC2616 section 14.23): %s", r->uri);
}
if (r->status != HTTP_OK) {
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
return r;
}
+ if ((access_status = ap_run_post_read_request(r))) {
+ ap_die(access_status, r);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+ ap_run_log_transaction(r);
+ return NULL;
+ }
+
if (((expect = apr_table_get(r->headers_in, "Expect")) != NULL)
&& (expect[0] != '\0')) {
/*
}
else {
r->status = HTTP_EXPECTATION_FAILED;
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_INFO, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"client sent an unrecognized expectation value of "
"Expect: %s", expect);
ap_send_error_response(r, 0);
- (void) ap_discard_request_body(r);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
return r;
}
ap_add_input_filter_handle(ap_http_input_filter_handle,
NULL, r, r->connection);
- if ((access_status = ap_run_post_read_request(r))) {
- ap_die(access_status, r);
- ap_run_log_transaction(r);
- return NULL;
- }
-
return r;
}
* *someone* has to set the protocol-specific fields...
*/
-void ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
+AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
+ const request_rec *r)
{
rnew->the_request = r->the_request; /* Keep original request-line */
ap_pass_brigade(r->output_filters, bb);
}
-void ap_finalize_sub_req_protocol(request_rec *sub)
+AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub)
{
- end_output_stream(sub);
+ /* tell the filter chain there is no more content coming */
+ if (!sub->eos_sent) {
+ end_output_stream(sub);
+ }
}
/* finalize_request_protocol is called at completion of sending the
*/
AP_DECLARE(void) ap_finalize_request_protocol(request_rec *r)
{
- while (r->next) {
- r = r->next;
- }
+ (void) ap_discard_request_body(r);
/* tell the filter chain there is no more content coming */
if (!r->eos_sent) {
ap_note_digest_auth_failure(r);
}
else {
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR,
0, r, "need AuthType to note auth failure: %s", r->uri);
}
}
apr_table_setn(r->err_headers_out,
(PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
: "WWW-Authenticate",
- apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%llx\"",
- ap_auth_name(r), r->request_time));
+ apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\""
+ "%" APR_UINT64_T_HEX_FMT "\"",
+ ap_auth_name(r), (apr_uint64_t)r->request_time));
}
AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
return DECLINED;
if (!ap_auth_name(r)) {
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR,
0, r, "need AuthName: %s", r->uri);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
/* Client tried to authenticate using wrong auth scheme */
- ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client used wrong authentication scheme: %s", r->uri);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
t = ap_pbase64decode(r->pool, auth_line);
- /* Note that this allocation has to be made from r->connection->pool
- * because it has the lifetime of the connection. The other allocations
- * are temporary and can be tossed away any time.
- */
r->user = ap_getword_nulls (r->pool, &t, ':');
r->ap_auth_type = "Basic";
}
struct content_length_ctx {
- apr_bucket_brigade *saved;
- int compute_len;
- apr_size_t curr_len;
+ int data_sent; /* true if the C-L filter has already sent at
+ * least one bucket on to the next output filter
+ * for this request
+ */
};
/* This filter computes the content length, but it also computes the number
* of bytes sent to the client. This means that this filter will always run
* through all of the buckets in all brigades
*/
-AP_CORE_DECLARE_NONSTD(apr_status_t) ap_content_length_filter(ap_filter_t *f,
- apr_bucket_brigade *b)
+AP_CORE_DECLARE_NONSTD(apr_status_t) ap_content_length_filter(
+ ap_filter_t *f,
+ apr_bucket_brigade *b)
{
request_rec *r = f->r;
struct content_length_ctx *ctx;
- apr_status_t rv;
apr_bucket *e;
- int eos = 0, flush = 0, partial_send_okay = 0;
- apr_bucket_brigade *more, *split;
+ int eos = 0;
apr_read_type_e eblock = APR_NONBLOCK_READ;
ctx = f->ctx;
- if (!ctx) { /* first time through */
- f->ctx = ctx = apr_pcalloc(r->pool, sizeof(struct content_length_ctx));
- ctx->compute_len = 1; /* Assume we will compute the length */
+ if (!ctx) {
+ f->ctx = ctx = apr_palloc(r->pool, sizeof(*ctx));
+ ctx->data_sent = 0;
}
- /* Humm, is this check the best it can be?
- * - protocol >= HTTP/1.1 implies support for chunking
- * - non-keepalive implies the end of byte stream will be signaled
- * by a connection close
- * In both cases, we can send bytes to the client w/o needing to
- * compute content-length.
- * Todo:
- * We should be able to force connection close from this filter
- * when we see we are buffering too much.
+ /* Loop through this set of buckets to compute their length
*/
- if ((r->proto_num >= HTTP_VERSION(1, 1)) || (!r->connection->keepalive)) {
- partial_send_okay = 1;
- }
-
- more = b;
- while (more) {
- b = more;
- more = NULL;
- split = NULL;
- flush = 0;
-
- APR_BRIGADE_FOREACH(e, b) {
- const char *ignored;
+ e = APR_BRIGADE_FIRST(b);
+ while (e != APR_BRIGADE_SENTINEL(b)) {
+ if (APR_BUCKET_IS_EOS(e)) {
+ eos = 1;
+ break;
+ }
+ if (e->length == (apr_size_t)-1) {
apr_size_t len;
- len = 0;
- if (APR_BUCKET_IS_EOS(e)) {
- eos = 1;
- }
- else if (APR_BUCKET_IS_FLUSH(e)) {
- if (partial_send_okay) {
- split = b;
- more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
- break;
- }
+ const char *ignored;
+ apr_status_t rv;
+
+ /* This is probably a pipe bucket. Send everything
+ * prior to this, and then read the data for this bucket.
+ */
+ rv = apr_bucket_read(e, &ignored, &len, eblock);
+ if (rv == APR_SUCCESS) {
+ /* Attempt a nonblocking read next time through */
+ eblock = APR_NONBLOCK_READ;
+ r->bytes_sent += len;
}
- else if ((ctx->curr_len > 4 * AP_MIN_BYTES_TO_WRITE)) {
- /* If we've accumulated more than 4xAP_MIN_BYTES_TO_WRITE and
- * the client supports chunked encoding, send what we have
- * and come back for more.
+ else if (APR_STATUS_IS_EAGAIN(rv)) {
+ /* Output everything prior to this bucket, and then
+ * do a blocking read on the next batch.
*/
- if (partial_send_okay) {
- split = b;
- more = apr_brigade_split(b, e);
- break;
- }
- }
- if (e->length == -1) { /* if length unknown */
- rv = apr_bucket_read(e, &ignored, &len, eblock);
- if (rv == APR_SUCCESS) {
- /* Attempt a nonblocking read next time through */
- eblock = APR_NONBLOCK_READ;
- }
- else if (APR_STATUS_IS_EAGAIN(rv)) {
- /* Make the next read blocking. If the client supports
- * chunked encoding, flush the filter stack to the network.
- */
- eblock = APR_BLOCK_READ;
- if (partial_send_okay) {
- split = b;
- more = apr_brigade_split(b, e);
- flush = 1;
- break;
+ if (e != APR_BRIGADE_FIRST(b)) {
+ apr_bucket_brigade *split = apr_brigade_split(b, e);
+ apr_bucket *flush = apr_bucket_flush_create(r->connection->bucket_alloc);
+
+ APR_BRIGADE_INSERT_TAIL(b, flush);
+ rv = ap_pass_brigade(f->next, b);
+ if (rv != APR_SUCCESS || f->c->aborted) {
+ apr_brigade_destroy(split);
+ return rv;
}
+ b = split;
+ e = APR_BRIGADE_FIRST(b);
+
+ ctx->data_sent = 1;
}
- else if (rv != APR_EOF) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
- "ap_content_length_filter: "
- "apr_bucket_read() failed");
- return rv;
- }
+ eblock = APR_BLOCK_READ;
+ continue;
}
else {
- len = e->length;
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "ap_content_length_filter: "
+ "apr_bucket_read() failed");
+ return rv;
}
-
- ctx->curr_len += len;
- r->bytes_sent += len;
}
-
- if (split) {
- ctx->compute_len = 0; /* Ooops, can't compute the length now */
- ctx->curr_len = 0;
- if (ctx->saved) {
- APR_BRIGADE_CONCAT(ctx->saved, split);
- apr_brigade_destroy(split);
- split = ctx->saved;
- ctx->saved = NULL;
- }
-
- if (flush) {
- rv = ap_fflush(f->next, split);
- }
- else {
- rv = ap_pass_brigade(f->next, split);
- }
-
- if (rv != APR_SUCCESS)
- return rv;
+ else {
+ r->bytes_sent += e->length;
}
+ e = APR_BUCKET_NEXT(e);
}
- if ((ctx->curr_len < AP_MIN_BYTES_TO_WRITE) && !eos) {
- return ap_save_brigade(f, &ctx->saved, &b,
- (r->main) ? r->main->pool : r->pool);
- }
-
- if (ctx->compute_len) {
- /* save the brigade; we can't pass any data to the next
- * filter until we have the entire content length
- */
- if (!eos) {
- return ap_save_brigade(f, &ctx->saved, &b, r->pool);
- }
-
+ /* If we've now seen the entire response and it's otherwise
+ * okay to set the C-L in the response header, then do so now.
+ *
+ * We can only set a C-L in the response header if we haven't already
+ * sent any buckets on to the next output filter for this request.
+ *
+ * Also check against cases of zero bytes sent, to avoid a bogus
+ * C-L on HEAD requests, or no-body GETs like 204s.
+ */
+ if (ctx->data_sent == 0 && eos && r->bytes_sent > 0 ) {
ap_set_content_length(r, r->bytes_sent);
}
- if (ctx->saved) {
- APR_BRIGADE_CONCAT(ctx->saved, b);
- apr_brigade_destroy(b);
- b = ctx->saved;
- ctx->saved = NULL;
- }
-
- ctx->curr_len = 0;
+ ctx->data_sent = 1;
return ap_pass_brigade(f->next, b);
}
return c;
}
-AP_DECLARE(int) ap_rputs(const char *str, request_rec *r)
+AP_DECLARE(apr_ssize_t) ap_rputs(const char *str, request_rec *r)
{
apr_size_t len;
return APR_SUCCESS;
}
-AP_DECLARE(int) ap_vrprintf(request_rec *r, const char *fmt, va_list va)
+AP_DECLARE(apr_ssize_t) ap_vrprintf(request_rec *r, const char *fmt, va_list va)
{
- apr_size_t written;
+ apr_ssize_t written;
struct ap_vrprintf_data vd;
char vrprintf_buf[AP_IOBUFSIZE];
*(vd.vbuff.curpos) = '\0';
if (written != -1) {
- int n = vd.vbuff.curpos - vrprintf_buf;
+ apr_size_t n = vd.vbuff.curpos - vrprintf_buf;
/* last call to buffer_output, to finish clearing the buffer */
if (buffer_output(r, vrprintf_buf,n) != APR_SUCCESS)
return written;
}
-AP_DECLARE_NONSTD(int) ap_rprintf(request_rec *r, const char *fmt, ...)
+AP_DECLARE_NONSTD(apr_ssize_t) ap_rprintf(request_rec *r, const char *fmt, ...)
{
va_list va;
- int n;
+ apr_ssize_t n;
if (r->connection->aborted)
return -1;
return n;
}
-AP_DECLARE_NONSTD(int) ap_rvputs(request_rec *r, ...)
+AP_DECLARE_NONSTD(apr_ssize_t) ap_rvputs(request_rec *r, ...)
{
va_list va;
const char *s;