core: avoid a double apr_time_now() call on the first succeeding read.
* Correctly escape user provided data.
PR: 56532
Submitted by: Maksymilian <max cert.cx>
Reviewed by: rpluem
Save a few bytes of memory. This can be done in temp_pool.
Fix layout
don't pass uninitialized rv passed to ap_log_rerror()
(rv wasn't interesting / follow an existing example)
stop throwing away a pointer on the heap
(clang scan-build)
add the URI to DEBUG message 00765 (and drop an exclamation point):
Cache provider's store_body failed!
Doxygen fix + reorg to match how other header files are built
Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@
1603141 13f79535-47bb-0310-9956-
ffa450edef68
-*- coding: utf-8 -*-
Changes with Apache 2.4.10
+ *) mod_proxy_balancer: Correctly encode user provided data in management
+ interface. PR 56532 [Maksymilian, <max cert.cx>]
*) mod_proxy_fcgi: Support iobuffersize parameter. [Jeff Trawick]
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * Easy patches - synch with trunk
- core: avoid a double apr_time_now() call on the first succeeding read.
- mod_proxy_balancer: Correctly escape user provided data.
- mod_usertrack: Save a few bytes of memory. This can be done in temp_pool
- mod_cache: Fix layout
- mod_cache_socache: Don't pass uninitialized rv passed to ap_log_rerror()
- Stop throwing away a pointer on the heap
- mod_cache: add the URI to DEBUG message 00765
- heartbeat: Doxygen fix + reorg to match how other header files are built
- trunk patch:
- http://svn.apache.org/r1572905
- http://svn.apache.org/r1595305
- http://svn.apache.org/r1597182
- http://svn.apache.org/r1586827
- http://svn.apache.org/r1534892
- http://svn.apache.org/r1563193
- http://svn.apache.org/r1597639
- 2.4.x patch: http://people.apache.org/~jailletc36/backport8.patch
- +1: jailletc36, ylavic, jim
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
* limitations under the License.
*/
-#ifndef HEARTBEAT_H
-#define HEARTBEAT_H
-
/**
* @file heartbeat.h
- * @brief commun structures for mod_heartmonitor.c and mod_lbmethod_heartbeat.c
+ * @brief commun structures for mod_heartmonitor.c and mod_lbmethod_heartbeat.c
*
- * @defgroup HEARTBEAT mem
+ * @defgroup HEARTBEAT heartbeat
* @ingroup APACHE_MODS
* @{
*/
+#ifndef HEARTBEAT_H
+#define HEARTBEAT_H
+
#include "apr.h"
#include "apr_time.h"
}
#endif
-#endif
+#endif /* HEARTBEAT_H */
/** @} */
rv = cache->provider->store_body(cache->handle, f->r, in, cache->out);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, f->r, APLOGNO(00765)
- "cache: Cache provider's store_body failed!");
+ "cache: Cache provider's store_body failed for URI %s", f->r->uri);
ap_remove_output_filter(f);
/* give someone else the chance to cache the file */
cache_server_conf *conf;
conf =
- (cache_server_conf *)ap_get_module_config(parms->server->module_config
-,
+ (cache_server_conf *)ap_get_module_config(parms->server->module_config,
&cache_module);
conf->quick = flag;
conf->quick_set = 1;
if (sobj->headers_in) {
if (APR_SUCCESS != store_table(sobj->headers_in, sobj->buffer,
sobj->buffer_len, &slider)) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(02376)
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02376)
"in-headers didn't fit in buffer %s",
sobj->key);
apr_pool_destroy(sobj->pool);
static void *merge_config(apr_pool_t *p, void *basev, void *overridesv)
{
- cache_socache_conf *ps = apr_pcalloc(p, sizeof(cache_socache_conf));
+ cache_socache_conf *ps;
cache_socache_conf *base = (cache_socache_conf *) basev;
cache_socache_conf *overrides = (cache_socache_conf *) overridesv;
+ /* socache server config only has one field */
ps = overrides ? overrides : base;
return ps;
* CookieExpires "[plus] {<num> <type>}*"
*/
- word = ap_getword_conf(parms->pool, &arg);
+ word = ap_getword_conf(parms->temp_pool, &arg);
if (!strncasecmp(word, "plus", 1)) {
- word = ap_getword_conf(parms->pool, &arg);
+ word = ap_getword_conf(parms->temp_pool, &arg);
};
/* {<num> <type>}* */
return "bad expires code, numeric value expected.";
/* <type> */
- word = ap_getword_conf(parms->pool, &arg);
+ word = ap_getword_conf(parms->temp_pool, &arg);
if (!word[0])
return "bad expires code, missing <type>";
modifier = modifier + factor * num;
/* next <num> */
- word = ap_getword_conf(parms->pool, &arg);
+ word = ap_getword_conf(parms->temp_pool, &arg);
}
cls->expires = modifier;
ap_rputs("<h3>Edit balancer settings for ", r);
ap_rvputs(r, bsel->s->name, "</h3>\n", NULL);
ap_rputs("<form method='POST' enctype='application/x-www-form-urlencoded' action='", r);
- ap_rvputs(r, action, "'>\n", NULL);
+ ap_rvputs(r, ap_escape_uri(r->pool, action), "'>\n", NULL);
ap_rputs("<dl>\n<table>\n", r);
provs = ap_list_provider_names(r->pool, PROXY_LBMETHOD, "0");
if (provs) {
{
char dummybuf[512];
apr_size_t nbytes;
- apr_time_t timeup = 0;
+ apr_time_t now, timeup = 0;
apr_socket_t *csd = ap_get_conn_socket(c);
if (ap_start_lingering_close(c)) {
if (apr_socket_recv(csd, dummybuf, &nbytes) || nbytes == 0)
break;
+ now = apr_time_now();
if (timeup == 0) {
/*
* First time through;
* DoS attacks.
*/
if (apr_table_get(c->notes, "short-lingering-close")) {
- timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+ timeup = now + apr_time_from_sec(SECONDS_TO_LINGER);
}
else {
- timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+ timeup = now + apr_time_from_sec(MAX_SECS_TO_LINGER);
}
continue;
}
- } while (apr_time_now() < timeup);
+ } while (now < timeup);
apr_socket_close(csd);
return;
projects / apache / commitdiff