-/* ====================================================================
- * The Apache Software License, Version 1.1
+/* Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
- * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
- * reserved.
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The end-user documentation included with the redistribution,
- * if any, must include the following acknowledgment:
- * "This product includes software developed by the
- * Apache Software Foundation (http://www.apache.org/)."
- * Alternately, this acknowledgment may appear in the software itself,
- * if and wherever such third-party acknowledgments normally appear.
- *
- * 4. The names "Apache" and "Apache Software Foundation" must
- * not be used to endorse or promote products derived from this
- * software without prior written permission. For written
- * permission, please contact apache@apache.org.
- *
- * 5. Products derived from this software may not be called "Apache",
- * nor may "Apache" appear in their name, without prior written
- * permission of the Apache Software Foundation.
- *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
- * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
- * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
- * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * ====================================================================
- *
- * This software consists of voluntary contributions made by many
- * individuals on behalf of the Apache Software Foundation. For more
- * information on the Apache Software Foundation, please see
- * <http://www.apache.org/>.
- *
- * Portions of this software are based upon public domain software
- * originally written at the National Center for Supercomputing Applications,
- * University of Illinois, Urbana-Champaign.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
/*
- * http_protocol.c --- routines which directly communicate with the client.
+ * protocol.c --- routines which directly communicate with the client.
*
* Code originally by Rob McCool; much redone by Robert S. Thau
* and the Apache Software Foundation.
#define APR_WANT_MEMFUNC
#include "apr_want.h"
-#define CORE_PRIVATE
#include "util_filter.h"
#include "ap_config.h"
#include "httpd.h"
#include "mod_core.h"
#include "util_charset.h"
#include "util_ebcdic.h"
+#include "scoreboard.h"
#if APR_HAVE_STDARG_H
#include <stdarg.h>
#include <unistd.h>
#endif
+/* we know core's module_index is 0 */
+#undef APLOG_MODULE_INDEX
+#define APLOG_MODULE_INDEX AP_CORE_MODULE_INDEX
APR_HOOK_STRUCT(
+ APR_HOOK_LINK(pre_read_request)
APR_HOOK_LINK(post_read_request)
APR_HOOK_LINK(log_transaction)
- APR_HOOK_LINK(http_method)
+ APR_HOOK_LINK(http_scheme)
APR_HOOK_LINK(default_port)
+ APR_HOOK_LINK(note_auth_failure)
)
AP_DECLARE_DATA ap_filter_rec_t *ap_old_write_func = NULL;
/*
* Builds the content-type that should be sent to the client from the
* content-type specified. The following rules are followed:
- * - if type is NULL, type is set to ap_default_type(r)
+ * - if type is NULL or "", return NULL (do not set content-type).
* - if charset adding is disabled, stop processing and return type.
* - then, if there are no parameters on type, add the default charset
* - return type
{
const apr_strmatch_pattern **pcset;
core_dir_config *conf =
- (core_dir_config *)ap_get_module_config(r->per_dir_config,
- &core_module);
+ (core_dir_config *)ap_get_core_module_config(r->per_dir_config);
+ core_request_config *request_conf;
apr_size_t type_len;
- if (!type) {
- type = ap_default_type(r);
+ if (!type || *type == '\0') {
+ return NULL;
}
if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) {
return type;
}
+ request_conf = ap_get_core_module_config(r->request_config);
+ if (request_conf->suppress_charset) {
+ return type;
+ }
+
type_len = strlen(type);
if (apr_strmatch(charset_pattern, type, type_len) != NULL) {
char *pos, *last_char = *s;
int do_alloc = (*s == NULL), saw_eos = 0;
- for (;;) {
- apr_brigade_cleanup(bb);
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
- APR_BLOCK_READ, 0);
-
- if (rv != APR_SUCCESS) {
- return rv;
- }
-
- /* Something horribly wrong happened. Someone didn't block! */
- if (APR_BRIGADE_EMPTY(bb)) {
- return APR_EGENERAL;
- }
-
- APR_BRIGADE_FOREACH(e, bb) {
- const char *str;
- apr_size_t len;
-
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
- saw_eos = 1;
- break;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ /*
+ * Initialize last_char as otherwise a random value will be compared
+ * against APR_ASCII_LF at the end of the loop if bb only contains
+ * zero-length buckets.
+ */
+ if (last_char)
+ *last_char = '\0';
+ for (;;) {
+ apr_brigade_cleanup(bb);
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_GETLINE,
+ APR_BLOCK_READ, 0);
if (rv != APR_SUCCESS) {
return rv;
}
- if (len == 0) {
- /* no use attempting a zero-byte alloc (hurts when
- * using --with-efence --enable-pool-debug) or
- * doing any of the other logic either
- */
- continue;
+ /* Something horribly wrong happened. Someone didn't block! */
+ if (APR_BRIGADE_EMPTY(bb)) {
+ return APR_EGENERAL;
}
- /* Would this overrun our buffer? If so, we'll die. */
- if (n < bytes_handled + len) {
- *read = bytes_handled;
- return APR_ENOSPC;
- }
+ for (e = APR_BRIGADE_FIRST(bb);
+ e != APR_BRIGADE_SENTINEL(bb);
+ e = APR_BUCKET_NEXT(e))
+ {
+ const char *str;
+ apr_size_t len;
+
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
+ saw_eos = 1;
+ break;
+ }
- /* Do we have to handle the allocation ourselves? */
- if (do_alloc) {
- /* We'll assume the common case where one bucket is enough. */
- if (!*s) {
- current_alloc = len;
- if (current_alloc < MIN_LINE_ALLOC) {
- current_alloc = MIN_LINE_ALLOC;
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
+
+ if (len == 0) {
+ /* no use attempting a zero-byte alloc (hurts when
+ * using --with-efence --enable-pool-debug) or
+ * doing any of the other logic either
+ */
+ continue;
+ }
+
+ /* Would this overrun our buffer? If so, we'll die. */
+ if (n < bytes_handled + len) {
+ *read = bytes_handled;
+ if (*s) {
+ /* ensure this string is NUL terminated */
+ if (bytes_handled > 0) {
+ (*s)[bytes_handled-1] = '\0';
+ }
+ else {
+ (*s)[0] = '\0';
+ }
}
- *s = apr_palloc(r->pool, current_alloc);
+ return APR_ENOSPC;
}
- else if (bytes_handled + len > current_alloc) {
- /* Increase the buffer size */
- apr_size_t new_size = current_alloc * 2;
- char *new_buffer;
- if (bytes_handled + len > new_size) {
- new_size = (bytes_handled + len) * 2;
+ /* Do we have to handle the allocation ourselves? */
+ if (do_alloc) {
+ /* We'll assume the common case where one bucket is enough. */
+ if (!*s) {
+ current_alloc = len;
+ if (current_alloc < MIN_LINE_ALLOC) {
+ current_alloc = MIN_LINE_ALLOC;
+ }
+ *s = apr_palloc(r->pool, current_alloc);
}
+ else if (bytes_handled + len > current_alloc) {
+ /* Increase the buffer size */
+ apr_size_t new_size = current_alloc * 2;
+ char *new_buffer;
- new_buffer = apr_palloc(r->pool, new_size);
+ if (bytes_handled + len > new_size) {
+ new_size = (bytes_handled + len) * 2;
+ }
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
- current_alloc = new_size;
- *s = new_buffer;
+ new_buffer = apr_palloc(r->pool, new_size);
+
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
+ current_alloc = new_size;
+ *s = new_buffer;
+ }
}
- }
- /* Just copy the rest of the data to the end of the old buffer. */
- pos = *s + bytes_handled;
- memcpy(pos, str, len);
- last_char = pos + len - 1;
+ /* Just copy the rest of the data to the end of the old buffer. */
+ pos = *s + bytes_handled;
+ memcpy(pos, str, len);
+ last_char = pos + len - 1;
- /* We've now processed that new data - update accordingly. */
- bytes_handled += len;
- }
+ /* We've now processed that new data - update accordingly. */
+ bytes_handled += len;
+ }
/* If we got a full line of input, stop reading */
if (last_char && (*last_char == APR_ASCII_LF)) {
}
}
- /* We now go backwards over any CR (if present) or white spaces.
- *
- * Trim any extra trailing spaces or tabs except for the first
- * space or tab at the beginning of a blank string. This makes
- * it much easier to check field values for exact matches, and
- * saves memory as well. Terminate string at end of line.
- */
- pos = last_char;
- if (pos > *s && *(pos - 1) == APR_ASCII_CR) {
- --pos;
- }
-
- /* Trim any extra trailing spaces or tabs except for the first
- * space or tab at the beginning of a blank string. This makes
- * it much easier to check field values for exact matches, and
- * saves memory as well.
- */
- while (pos > ((*s) + 1)
- && (*(pos - 1) == APR_ASCII_BLANK || *(pos - 1) == APR_ASCII_TAB)) {
- --pos;
+ /* Now NUL-terminate the string at the end of the line;
+ * if the last-but-one character is a CR, terminate there */
+ if (last_char > *s && last_char[-1] == APR_ASCII_CR) {
+ last_char--;
}
-
- /* Since we want to remove the LF from the line, we'll go ahead
- * and set this last character to be the term NULL and reset
- * bytes_handled accordingly.
- */
- *pos = '\0';
- last_char = pos;
- bytes_handled = pos - *s;
+ *last_char = '\0';
+ bytes_handled = last_char - *s;
/* If we're folding, we have more work to do.
*
*/
if (fold && bytes_handled && !saw_eos) {
for (;;) {
- const char *str;
- apr_size_t len;
- char c;
-
- /* Clear the temp brigade for this filter read. */
- apr_brigade_cleanup(bb);
+ const char *str;
+ apr_size_t len;
+ char c;
- /* We only care about the first byte. */
- rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
- APR_BLOCK_READ, 1);
+ /* Clear the temp brigade for this filter read. */
+ apr_brigade_cleanup(bb);
- if (rv != APR_SUCCESS) {
- return rv;
- }
+ /* We only care about the first byte. */
+ rv = ap_get_brigade(r->input_filters, bb, AP_MODE_SPECULATIVE,
+ APR_BLOCK_READ, 1);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
- if (APR_BRIGADE_EMPTY(bb)) {
+ if (APR_BRIGADE_EMPTY(bb)) {
break;
- }
+ }
- e = APR_BRIGADE_FIRST(bb);
+ e = APR_BRIGADE_FIRST(bb);
- /* If we see an EOS, don't bother doing anything more. */
- if (APR_BUCKET_IS_EOS(e)) {
+ /* If we see an EOS, don't bother doing anything more. */
+ if (APR_BUCKET_IS_EOS(e)) {
break;
- }
-
- rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ }
- if (rv != APR_SUCCESS) {
+ rv = apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (rv != APR_SUCCESS) {
apr_brigade_cleanup(bb);
- return rv;
- }
+ return rv;
+ }
- /* Found one, so call ourselves again to get the next line.
- *
- * FIXME: If the folding line is completely blank, should we
- * stop folding? Does that require also looking at the next
- * char?
- */
+ /* Found one, so call ourselves again to get the next line.
+ *
+ * FIXME: If the folding line is completely blank, should we
+ * stop folding? Does that require also looking at the next
+ * char?
+ */
/* When we call destroy, the buckets are deleted, so save that
* one character we need. This simplifies our execution paths
* at the cost of one character read.
*/
c = *str;
- if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
- /* Do we have enough space? We may be full now. */
+ if (c == APR_ASCII_BLANK || c == APR_ASCII_TAB) {
+ /* Do we have enough space? We may be full now. */
if (bytes_handled >= n) {
*read = n;
+ /* ensure this string is terminated */
+ (*s)[n-1] = '\0';
return APR_ENOSPC;
}
else {
- apr_size_t next_size, next_len;
- char *tmp;
+ apr_size_t next_size, next_len;
+ char *tmp;
- /* If we're doing the allocations for them, we have to
- * give ourselves a NULL and copy it on return.
- */
- if (do_alloc) {
- tmp = NULL;
- } else {
- /* We're null terminated. */
- tmp = last_char;
- }
+ /* If we're doing the allocations for them, we have to
+ * give ourselves a NULL and copy it on return.
+ */
+ if (do_alloc) {
+ tmp = NULL;
+ } else {
+ /* We're null terminated. */
+ tmp = last_char;
+ }
- next_size = n - bytes_handled;
+ next_size = n - bytes_handled;
rv = ap_rgetline_core(&tmp, next_size,
&next_len, r, 0, bb);
+ if (rv != APR_SUCCESS) {
+ return rv;
+ }
- if (rv != APR_SUCCESS) {
- return rv;
- }
-
- if (do_alloc && next_len > 0) {
- char *new_buffer;
- apr_size_t new_size = bytes_handled + next_len + 1;
+ if (do_alloc && next_len > 0) {
+ char *new_buffer;
+ apr_size_t new_size = bytes_handled + next_len + 1;
- /* we need to alloc an extra byte for a null */
- new_buffer = apr_palloc(r->pool, new_size);
+ /* we need to alloc an extra byte for a null */
+ new_buffer = apr_palloc(r->pool, new_size);
- /* Copy what we already had. */
- memcpy(new_buffer, *s, bytes_handled);
+ /* Copy what we already had. */
+ memcpy(new_buffer, *s, bytes_handled);
- /* copy the new line, including the trailing null */
- memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
- *s = new_buffer;
- }
+ /* copy the new line, including the trailing null */
+ memcpy(new_buffer + bytes_handled, tmp, next_len + 1);
+ *s = new_buffer;
+ }
+ last_char += next_len;
bytes_handled += next_len;
- }
+ }
}
else { /* next character is not tab or space */
break;
}
}
}
-
*read = bytes_handled;
+
+ /* PR#43039: We shouldn't accept NULL bytes within the line */
+ if (strlen(*s) < bytes_handled) {
+ return APR_EINVAL;
+ }
+
return APR_SUCCESS;
}
r->unparsed_uri = apr_pstrdup(r->pool, uri);
+ /* http://issues.apache.org/bugzilla/show_bug.cgi?id=31875
+ * http://issues.apache.org/bugzilla/show_bug.cgi?id=28450
+ *
+ * This is not in fact a URI, it's a path. That matters in the
+ * case of a leading double-slash. We need to resolve the issue
+ * by normalising that out before treating it as a URI.
+ */
+ while ((uri[0] == '/') && (uri[1] == '/')) {
+ ++uri ;
+ }
if (r->method_number == M_CONNECT) {
status = apr_uri_parse_hostinfo(r->pool, uri, &r->parsed_uri);
}
if (status == APR_SUCCESS) {
/* if it has a scheme we may need to do absoluteURI vhost stuff */
if (r->parsed_uri.scheme
- && !strcasecmp(r->parsed_uri.scheme, ap_http_method(r))) {
+ && !strcasecmp(r->parsed_uri.scheme, ap_http_scheme(r))) {
r->hostname = r->parsed_uri.hostname;
}
else if (r->method_number == M_CONNECT) {
* if there are empty lines
*/
r->the_request = NULL;
- rv = ap_rgetline(&(r->the_request), DEFAULT_LIMIT_REQUEST_LINE + 2,
+ rv = ap_rgetline(&(r->the_request), (apr_size_t)(r->server->limit_req_line + 2),
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
r->request_time = apr_time_now();
+
+ /* ap_rgetline returns APR_ENOSPC if it fills up the
+ * buffer before finding the end-of-line. This is only going to
+ * happen if it exceeds the configured limit for a request-line.
+ */
+ if (APR_STATUS_IS_ENOSPC(rv)) {
+ r->status = HTTP_REQUEST_URI_TOO_LARGE;
+ r->proto_num = HTTP_VERSION(1,0);
+ r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
+ }
+ else if (APR_STATUS_IS_TIMEUP(rv)) {
+ r->status = HTTP_REQUEST_TIME_OUT;
+ }
+ else if (APR_STATUS_IS_EINVAL(rv)) {
+ r->status = HTTP_BAD_REQUEST;
+ }
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
+ if (APLOGrtrace5(r)) {
+ ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r,
+ "Request received from client: %s",
+ ap_escape_logitem(r->pool, r->the_request));
+ }
+
/* we've probably got something to do, ignore graceful restart requests */
r->request_time = apr_time_now();
ap_parse_uri(r, uri);
- /* ap_getline returns (size of max buffer - 1) if it fills up the
- * buffer before finding the end-of-line. This is only going to
- * happen if it exceeds the configured limit for a request-line.
- * The cast is safe, limit_req_line cannot be negative
- */
- if (len > (apr_size_t)r->server->limit_req_line) {
- r->status = HTTP_REQUEST_URI_TOO_LARGE;
- r->proto_num = HTTP_VERSION(1,0);
- r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
- return 0;
- }
-
if (ll[0]) {
r->assbackwards = 0;
pro = ll;
char *value;
apr_size_t len;
int fields_read = 0;
- apr_table_t *tmp_headers;
-
- /* We'll use apr_table_overlap later to merge these into r->headers_in. */
- tmp_headers = apr_table_make(r->pool, 50);
+ char *tmp_field;
/*
* Read header lines until we get the empty separator line, a read error,
&len, r, 0, bb);
if (rv != APR_SUCCESS) {
- r->status = HTTP_BAD_REQUEST;
+ if (APR_STATUS_IS_TIMEUP(rv)) {
+ r->status = HTTP_REQUEST_TIME_OUT;
+ }
+ else {
+ r->status = HTTP_BAD_REQUEST;
+ }
/* ap_rgetline returns APR_ENOSPC if it fills up the buffer before
* finding the end-of-line. This is only going to happen if it
* continuations that span many many lines.
*/
apr_size_t fold_len = last_len + len + 1; /* trailing null */
+
+ if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) {
+ r->status = HTTP_BAD_REQUEST;
+ /* report what we have accumulated so far before the
+ * overflow (last_field) as the field with the problem
+ */
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool,
+ "Size of a request header field "
+ "after folding "
+ "exceeds server limit.<br />\n"
+ "<pre>\n",
+ ap_escape_html(r->pool, last_field),
+ "</pre>\n", NULL));
+ return;
+ }
+
if (fold_len > alloc_len) {
char *fold_buf;
alloc_len += alloc_len;
last_len += len;
folded = 1;
}
- else {
+ else /* not a continuation line */ {
if (r->server->limit_req_fields
&& (++fields_read > r->server->limit_req_fields)) {
return;
}
- *value = '\0';
- ++value;
+ tmp_field = value - 1; /* last character of field-name */
+
+ *value++ = '\0'; /* NUL-terminate at colon */
+
while (*value == ' ' || *value == '\t') {
++value; /* Skip to start of value */
}
- apr_table_addn(tmp_headers, last_field, value);
+ /* Strip LWS after field-name: */
+ while (tmp_field > last_field
+ && (*tmp_field == ' ' || *tmp_field == '\t')) {
+ *tmp_field-- = '\0';
+ }
+
+ /* Strip LWS after field-value: */
+ tmp_field = last_field + last_len - 1;
+ while (tmp_field > value
+ && (*tmp_field == ' ' || *tmp_field == '\t')) {
+ *tmp_field-- = '\0';
+ }
+
+ apr_table_addn(r->headers_in, last_field, value);
/* reset the alloc_len so that we'll allocate a new
* buffer if we have to do any more folding: we can't
* use the previous buffer because its contents are
- * now part of tmp_headers
+ * now part of r->headers_in
*/
alloc_len = 0;
}
}
- apr_table_overlap(r->headers_in, tmp_headers, APR_OVERLAP_TABLES_MERGE);
+ /* Combine multiple message-header fields with the same
+ * field-name, following RFC 2616, 4.2.
+ */
+ apr_table_compress(r->headers_in, APR_OVERLAP_TABLES_MERGE);
}
AP_DECLARE(void) ap_get_mime_headers(request_rec *r)
const char *expect;
int access_status;
apr_bucket_brigade *tmp_bb;
+ apr_socket_t *csd;
+ apr_interval_time_t cur_timeout;
+
apr_pool_create(&p, conn->pool);
+ apr_pool_tag(p, "request");
r = apr_pcalloc(p, sizeof(request_rec));
+ AP_READ_REQUEST_ENTRY((intptr_t)r, (uintptr_t)conn);
r->pool = p;
r->connection = conn;
r->server = conn->base_server;
r->read_length = 0;
r->read_body = REQUEST_NO_BODY;
- r->status = HTTP_REQUEST_TIME_OUT; /* Until we get a request */
+ r->status = HTTP_OK; /* Until further notice */
r->the_request = NULL;
+ /* Begin by presuming any module can make its own path_info assumptions,
+ * until some module interjects and changes the value.
+ */
+ r->used_path_info = AP_REQ_DEFAULT_PATH_INFO;
+
tmp_bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+ ap_run_pre_read_request(r, conn);
+
/* Get the request... */
if (!read_request_line(r, tmp_bb)) {
- if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request failed: URI too long");
+ if (r->status == HTTP_REQUEST_URI_TOO_LARGE
+ || r->status == HTTP_BAD_REQUEST) {
+ if (r->status == HTTP_BAD_REQUEST) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "request failed: invalid characters in URI");
+ }
+ else {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "request failed: URI too long (longer than %d)", r->server->limit_req_line);
+ }
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
apr_brigade_destroy(tmp_bb);
- return r;
+ goto traceout;
+ }
+ else if (r->status == HTTP_REQUEST_TIME_OUT) {
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+ if (!r->connection->keepalives) {
+ ap_run_log_transaction(r);
+ }
+ apr_brigade_destroy(tmp_bb);
+ goto traceout;
}
apr_brigade_destroy(tmp_bb);
- return NULL;
+ r = NULL;
+ goto traceout;
+ }
+
+ /* We may have been in keep_alive_timeout mode, so toggle back
+ * to the normal timeout mode as we fetch the header lines,
+ * as necessary.
+ */
+ csd = ap_get_core_module_config(conn->conn_config);
+ apr_socket_timeout_get(csd, &cur_timeout);
+ if (cur_timeout != conn->base_server->timeout) {
+ apr_socket_timeout_set(csd, conn->base_server->timeout);
+ cur_timeout = conn->base_server->timeout;
}
if (!r->assbackwards) {
ap_get_mime_headers_core(r, tmp_bb);
- if (r->status != HTTP_REQUEST_TIME_OUT) {
+ if (r->status != HTTP_OK) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"request failed: error reading the headers");
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
apr_brigade_destroy(tmp_bb);
- return r;
+ goto traceout;
+ }
+
+ if (apr_table_get(r->headers_in, "Transfer-Encoding")
+ && apr_table_get(r->headers_in, "Content-Length")) {
+ /* 2616 section 4.4, point 3: "if both Transfer-Encoding
+ * and Content-Length are received, the latter MUST be
+ * ignored"; so unset it here to prevent any confusion
+ * later. */
+ apr_table_unset(r->headers_in, "Content-Length");
}
}
else {
r->header_only = 0;
r->status = HTTP_BAD_REQUEST;
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
apr_brigade_destroy(tmp_bb);
- return r;
+ goto traceout;
}
}
apr_brigade_destroy(tmp_bb);
- r->status = HTTP_OK; /* Until further notice. */
-
/* update what we think the virtual host is based on the headers we've
* now read. may update status.
*/
ap_update_vhost_from_headers(r);
+ /* Toggle to the Host:-based vhost's timeout mode to fetch the
+ * request body and send the response body, if needed.
+ */
+ if (cur_timeout != r->server->timeout) {
+ apr_socket_timeout_set(csd, r->server->timeout);
+ cur_timeout = r->server->timeout;
+ }
+
/* we may have switched to another server */
r->per_dir_config = r->server->lookup_defaults;
"(see RFC2616 section 14.23): %s", r->uri);
}
+ /*
+ * Add the HTTP_IN filter here to ensure that ap_discard_request_body
+ * called by ap_die and by ap_send_error_response works correctly on
+ * status codes that do not cause the connection to be dropped and
+ * in situations where the connection should be kept alive.
+ */
+
+ ap_add_input_filter_handle(ap_http_input_filter_handle,
+ NULL, r, r->connection);
+
if (r->status != HTTP_OK) {
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
- return r;
+ goto traceout;
}
if ((access_status = ap_run_post_read_request(r))) {
ap_die(access_status, r);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
- return NULL;
+ r = NULL;
+ goto traceout;
}
if (((expect = apr_table_get(r->headers_in, "Expect")) != NULL)
"client sent an unrecognized expectation value of "
"Expect: %s", expect);
ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
- return r;
+ goto traceout;
}
}
- ap_add_input_filter_handle(ap_http_input_filter_handle,
- NULL, r, r->connection);
-
+ AP_READ_REQUEST_SUCCESS((uintptr_t)r, (char *)r->method, (char *)r->uri, (char *)r->server->defn_name, r->status);
return r;
+ traceout:
+ AP_READ_REQUEST_FAILURE((uintptr_t)r);
+ return r;
+}
+
+/* if a request with a body creates a subrequest, remove original request's
+ * input headers which pertain to the body which has already been read.
+ * out-of-line helper function for ap_set_sub_req_protocol.
+ */
+
+static void strip_headers_request_body(request_rec *rnew)
+{
+ apr_table_unset(rnew->headers_in, "Content-Encoding");
+ apr_table_unset(rnew->headers_in, "Content-Language");
+ apr_table_unset(rnew->headers_in, "Content-Length");
+ apr_table_unset(rnew->headers_in, "Content-Location");
+ apr_table_unset(rnew->headers_in, "Content-MD5");
+ apr_table_unset(rnew->headers_in, "Content-Range");
+ apr_table_unset(rnew->headers_in, "Content-Type");
+ apr_table_unset(rnew->headers_in, "Expires");
+ apr_table_unset(rnew->headers_in, "Last-Modified");
+ apr_table_unset(rnew->headers_in, "Transfer-Encoding");
}
/*
* *someone* has to set the protocol-specific fields...
*/
-void ap_set_sub_req_protocol(request_rec *rnew, const request_rec *r)
+AP_DECLARE(void) ap_set_sub_req_protocol(request_rec *rnew,
+ const request_rec *r)
{
rnew->the_request = r->the_request; /* Keep original request-line */
rnew->status = HTTP_OK;
- rnew->headers_in = r->headers_in;
+ rnew->headers_in = apr_table_copy(rnew->pool, r->headers_in);
+
+ /* did the original request have a body? (e.g. POST w/SSI tags)
+ * if so, make sure the subrequest doesn't inherit body headers
+ */
+ if (!r->kept_body && (apr_table_get(r->headers_in, "Content-Length")
+ || apr_table_get(r->headers_in, "Transfer-Encoding"))) {
+ strip_headers_request_body(rnew);
+ }
rnew->subprocess_env = apr_table_copy(rnew->pool, r->subprocess_env);
rnew->headers_out = apr_table_make(rnew->pool, 5);
rnew->err_headers_out = apr_table_make(rnew->pool, 5);
ap_pass_brigade(r->output_filters, bb);
}
-void ap_finalize_sub_req_protocol(request_rec *sub)
+AP_DECLARE(void) ap_finalize_sub_req_protocol(request_rec *sub)
{
/* tell the filter chain there is no more content coming */
if (!sub->eos_sent) {
{
const char *type = ap_auth_type(r);
if (type) {
- if (!strcasecmp(type, "Basic"))
- ap_note_basic_auth_failure(r);
- else if (!strcasecmp(type, "Digest"))
- ap_note_digest_auth_failure(r);
+ ap_run_note_auth_failure(r, type);
}
else {
ap_log_rerror(APLOG_MARK, APLOG_ERR,
AP_DECLARE(void) ap_note_basic_auth_failure(request_rec *r)
{
- const char *type = ap_auth_type(r);
-
- /* if there is no AuthType configure or it is something other than
- * Basic, let ap_note_auth_failure() deal with it
- */
- if (!type || strcasecmp(type, "Basic"))
- ap_note_auth_failure(r);
- else
- apr_table_setn(r->err_headers_out,
- (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
- : "WWW-Authenticate",
- apr_pstrcat(r->pool, "Basic realm=\"", ap_auth_name(r),
- "\"", NULL));
+ ap_note_auth_failure(r);
}
AP_DECLARE(void) ap_note_digest_auth_failure(request_rec *r)
{
- apr_table_setn(r->err_headers_out,
- (PROXYREQ_PROXY == r->proxyreq) ? "Proxy-Authenticate"
- : "WWW-Authenticate",
- /* need APR_TIME_T_FMT_HEX */
- apr_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%llx\"",
- ap_auth_name(r), r->request_time));
+ ap_note_auth_failure(r);
}
AP_DECLARE(int) ap_get_basic_auth_pw(request_rec *r, const char **pw)
}
if (!auth_line) {
- ap_note_basic_auth_failure(r);
+ ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
/* Client tried to authenticate using wrong auth scheme */
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"client used wrong authentication scheme: %s", r->uri);
- ap_note_basic_auth_failure(r);
+ ap_note_auth_failure(r);
return HTTP_UNAUTHORIZED;
}
}
t = ap_pbase64decode(r->pool, auth_line);
- /* Note that this allocation has to be made from r->connection->pool
- * because it has the lifetime of the connection. The other allocations
- * are temporary and can be tossed away any time.
- */
r->user = ap_getword_nulls (r->pool, &t, ':');
r->ap_auth_type = "Basic";
* least one bucket on to the next output filter
* for this request
*/
+ apr_bucket_brigade *tmpbb;
};
/* This filter computes the content length, but it also computes the number
if (!ctx) {
f->ctx = ctx = apr_palloc(r->pool, sizeof(*ctx));
ctx->data_sent = 0;
+ ctx->tmpbb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
}
/* Loop through this set of buckets to compute their length
* do a blocking read on the next batch.
*/
if (e != APR_BRIGADE_FIRST(b)) {
- apr_bucket_brigade *split = apr_brigade_split(b, e);
- apr_bucket *flush = apr_bucket_flush_create(r->connection->bucket_alloc);
+ apr_bucket *flush;
+ apr_brigade_split_ex(b, e, ctx->tmpbb);
+ flush = apr_bucket_flush_create(r->connection->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(b, flush);
rv = ap_pass_brigade(f->next, b);
if (rv != APR_SUCCESS || f->c->aborted) {
- apr_brigade_destroy(split);
return rv;
}
- b = split;
+ apr_brigade_cleanup(b);
+ APR_BRIGADE_CONCAT(b, ctx->tmpbb);
e = APR_BRIGADE_FIRST(b);
ctx->data_sent = 1;
* We can only set a C-L in the response header if we haven't already
* sent any buckets on to the next output filter for this request.
*/
- if (ctx->data_sent == 0 && eos) {
+ if (ctx->data_sent == 0 && eos &&
+ /* don't whack the C-L if it has already been set for a HEAD
+ * by something like proxy. the brigade only has an EOS bucket
+ * in this case, making r->bytes_sent zero.
+ *
+ * if r->bytes_sent > 0 we have a (temporary) body whose length may
+ * have been changed by a filter. the C-L header might not have been
+ * updated so we do it here. long term it would be cleaner to have
+ * such filters update or remove the C-L header, and just use it
+ * if present.
+ */
+ !(r->header_only && r->bytes_sent == 0 &&
+ apr_table_get(r->headers_out, "Content-Length"))) {
ap_set_content_length(r, r->bytes_sent);
}
{
conn_rec *c = r->connection;
apr_bucket_brigade *bb = NULL;
- apr_bucket *b;
apr_status_t rv;
bb = apr_brigade_create(r->pool, c->bucket_alloc);
- b = apr_bucket_file_create(fd, offset, len, r->pool, c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, b);
+
+ apr_brigade_insert_file(bb, fd, 0, len, r->pool);
rv = ap_pass_brigade(r->output_filters, bb);
if (rv != APR_SUCCESS) {
typedef struct {
apr_bucket_brigade *bb;
+ apr_bucket_brigade *tmpbb;
} old_write_filter_ctx;
AP_CORE_DECLARE_NONSTD(apr_status_t) ap_old_write_filter(
AP_DEBUG_ASSERT(ctx);
- if (ctx->bb != 0) {
+ if (ctx->bb != NULL) {
/* whatever is coming down the pipe (we don't care), we
* can simply insert our buffered data at the front and
* pass the whole bundle down the chain.
*/
- APR_BRIGADE_CONCAT(ctx->bb, bb);
- bb = ctx->bb;
- ctx->bb = NULL;
+ APR_BRIGADE_PREPEND(bb, ctx->bb);
}
return ap_pass_brigade(f->next, bb);
}
-static apr_status_t buffer_output(request_rec *r,
- const char *str, apr_size_t len)
+static ap_filter_t *insert_old_write_filter(request_rec *r)
{
- conn_rec *c = r->connection;
ap_filter_t *f;
old_write_filter_ctx *ctx;
- if (len == 0)
- return APR_SUCCESS;
-
/* future optimization: record some flags in the request_rec to
* say whether we've added our filter, and whether it is first.
*/
if (f == NULL) {
/* our filter hasn't been added yet */
ctx = apr_pcalloc(r->pool, sizeof(*ctx));
+ ctx->tmpbb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+
ap_add_output_filter("OLD_WRITE", ctx, r, r->connection);
f = r->output_filters;
}
+ return f;
+}
+
+static apr_status_t buffer_output(request_rec *r,
+ const char *str, apr_size_t len)
+{
+ conn_rec *c = r->connection;
+ ap_filter_t *f;
+ old_write_filter_ctx *ctx;
+
+ if (len == 0)
+ return APR_SUCCESS;
+
+ f = insert_old_write_filter(r);
+ ctx = f->ctx;
+
/* if the first filter is not our buffering filter, then we have to
* deliver the content through the normal filter chain
*/
if (f != r->output_filters) {
- apr_bucket_brigade *bb = apr_brigade_create(r->pool, c->bucket_alloc);
+ apr_status_t rv;
apr_bucket *b = apr_bucket_transient_create(str, len, c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, b);
+ APR_BRIGADE_INSERT_TAIL(ctx->tmpbb, b);
- return ap_pass_brigade(r->output_filters, bb);
+ rv = ap_pass_brigade(r->output_filters, ctx->tmpbb);
+ apr_brigade_cleanup(ctx->tmpbb);
+ return rv;
}
- /* grab the context from our filter */
- ctx = r->output_filters->ctx;
-
if (ctx->bb == NULL) {
ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc);
}
return c;
}
-AP_DECLARE(int) ap_rputs(const char *str, request_rec *r)
-{
- apr_size_t len;
-
- if (r->connection->aborted)
- return -1;
-
- if (buffer_output(r, str, len = strlen(str)) != APR_SUCCESS)
- return -1;
-
- return len;
-}
-
AP_DECLARE(int) ap_rwrite(const void *buf, int nbyte, request_rec *r)
{
if (r->connection->aborted)
written = apr_vformatter(r_flush, &vd.vbuff, fmt, va);
- /* tack on null terminator on remaining string */
- *(vd.vbuff.curpos) = '\0';
-
if (written != -1) {
int n = vd.vbuff.curpos - vrprintf_buf;
AP_DECLARE(int) ap_rflush(request_rec *r)
{
conn_rec *c = r->connection;
- apr_bucket_brigade *bb;
apr_bucket *b;
+ ap_filter_t *f;
+ old_write_filter_ctx *ctx;
+ apr_status_t rv;
+
+ f = insert_old_write_filter(r);
+ ctx = f->ctx;
- bb = apr_brigade_create(r->pool, c->bucket_alloc);
b = apr_bucket_flush_create(c->bucket_alloc);
- APR_BRIGADE_INSERT_TAIL(bb, b);
- if (ap_pass_brigade(r->output_filters, bb) != APR_SUCCESS)
+ APR_BRIGADE_INSERT_TAIL(ctx->tmpbb, b);
+
+ rv = ap_pass_brigade(r->output_filters, ctx->tmpbb);
+ apr_brigade_cleanup(ctx->tmpbb);
+ if (rv != APR_SUCCESS)
return -1;
return 0;
}
}
+typedef struct hdr_ptr {
+ ap_filter_t *f;
+ apr_bucket_brigade *bb;
+} hdr_ptr;
+static int send_header(void *data, const char *key, const char *val)
+{
+ ap_fputstrs(((hdr_ptr*)data)->f, ((hdr_ptr*)data)->bb,
+ key, ": ", val, CRLF, NULL);
+ return 1;
+}
+AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers)
+{
+ hdr_ptr x;
+ char *status_line = NULL;
+ request_rec *rr;
+
+ if (r->proto_num < 1001) {
+ /* don't send interim response to HTTP/1.0 Client */
+ return;
+ }
+ if (!ap_is_HTTP_INFO(r->status)) {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "Status is %d - not sending interim response", r->status);
+ return;
+ }
+ if ((r->status == HTTP_CONTINUE) && !r->expecting_100) {
+ /*
+ * Don't send 100-Continue when there was no Expect: 100-continue
+ * in the request headers. For origin servers this is a SHOULD NOT
+ * for proxies it is a MUST NOT according to RFC 2616 8.2.3
+ */
+ return;
+ }
+
+ /* if we send an interim response, we're no longer in a state of
+ * expecting one. Also, this could feasibly be in a subrequest,
+ * so we need to propagate the fact that we responded.
+ */
+ for (rr = r; rr != NULL; rr = rr->main) {
+ rr->expecting_100 = 0;
+ }
+
+ status_line = apr_pstrcat(r->pool, AP_SERVER_PROTOCOL, " ", r->status_line, CRLF, NULL);
+ ap_xlate_proto_to_ascii(status_line, strlen(status_line));
+
+ x.f = r->connection->output_filters;
+ x.bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
+
+ ap_fputs(x.f, x.bb, status_line);
+ if (send_headers) {
+ apr_table_do(send_header, &x, r->headers_out, NULL);
+ apr_table_clear(r->headers_out);
+ }
+ ap_fputs(x.f, x.bb, CRLF_ASCII);
+ ap_fflush(x.f, x.bb);
+ apr_brigade_destroy(x.bb);
+}
+
+
+AP_IMPLEMENT_HOOK_VOID(pre_read_request,
+ (request_rec *r, conn_rec *c),
+ (r, c))
AP_IMPLEMENT_HOOK_RUN_ALL(int,post_read_request,
(request_rec *r), (r), OK, DECLINED)
AP_IMPLEMENT_HOOK_RUN_ALL(int,log_transaction,
(request_rec *r), (r), OK, DECLINED)
-AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,http_method,
+AP_IMPLEMENT_HOOK_RUN_FIRST(const char *,http_scheme,
(const request_rec *r), (r), NULL)
AP_IMPLEMENT_HOOK_RUN_FIRST(unsigned short,default_port,
(const request_rec *r), (r), 0)
+AP_IMPLEMENT_HOOK_RUN_FIRST(int, note_auth_failure,
+ (request_rec *r, const char *auth_type),
+ (r, auth_type), DECLINED)