From: Jeff Trawick Date: Thu, 17 May 2001 18:04:18 +0000 (+0000) Subject: Fix processing of the TRACE method. Previously we passed bogus X-Git-Tag: 2.0.18~8 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=551ecb9a9afb29a9bbed08fa979b88ff507d8fc5;p=apache Fix processing of the TRACE method. Previously we passed bogus parms to form_header_field() and it overlaid some vhost structures, resulting in a segfault in check_hostalias(). [Greg Ames, Jeff Trawick] Note: Not being familiar with the TRACE method I compared the 2.0 output with 1.3.9 output. The only difference is that with 2.0 we get a Content-Length header field. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89138 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 4c8069292e..605455cdff 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,10 @@ Changes with Apache 2.0.18-dev + + *) Fix processing of the TRACE method. Previously we passed bogus + parms to form_header_field() and it overlaid some vhost structures, + resulting in a segfault in check_hostalias(). + [Greg Ames, Jeff Trawick] + *) Win32: Add support for reliable piped logs. If the logging process goes down, Apache will automatically restart it. This function has been part of Apache on Unix/Linux/BSD since the early v1.3 releases. diff --git a/STATUS b/STATUS index c112a9a4d8..dad61faa70 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2001/05/17 15:22:09 $] +Last modified at [$Date: 2001/05/17 18:04:15 $] Release: @@ -22,43 +22,6 @@ DAEDALUS 2.0 PROBLEMS: * mod_cgid and suexec have a problem co-existing. suexec sees a null command string sometimes. - * core dump from 20010422 - - /usr/local/apache2b/corefiles/httpd.core.3 - #0 0x806724c in check_hostalias (r=0x81fd03c) at vhost.c:891 - #1 0x8067489 in ap_update_vhost_from_headers (r=0x81fd03c) at vhost.c:978 - #2 0x806fa92 in ap_read_request (conn=0x81450fc) at protocol.c:946 - #3 0x805a168 in ap_process_http_connection (c=0x81450fc) at http_core.c:274 - #4 0x806bc60 in ap_run_process_connection (c=0x81450fc) at connection.c:82 - #5 0x806be84 in ap_process_connection (c=0x81450fc) at connection.c:216 - #6 0x805fbba in child_main (child_num_arg=65) at prefork.c:807 - #7 0x805fd20 in make_child (s=0x80c64fc, slot=65) at prefork.c:880 - #8 0x805ffec in perform_idle_server_maintenance () at prefork.c:1021 - #9 0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191 - #10 0x80660cd in main (argc=1, argv=0xbfbffdac) at main.c:425 - #11 0x8059bf9 in _start () - - The input data (received in one read from TCP layer): - - GET /images/apache_sub.gif HTTP/1.1 - Accept: */* - Referer: http://search.apache.org/index.cgi - Accept-Language: en-us - Accept-Encoding: gzip, deflate - If-Modified-Since: Sat, 02 Dec 1995 21:26:28 GMT - If-None-Match: "29e60e-17c3-66972900" - User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90) - Host: www.apache.org - Connection: Keep-Alive - - But Greg added a trap to look for such problems right after they occur and - we now have a corefile showing the bad request: - - TRACE / HTTP/1.0 - Max-Forwards: 0 - - The list getting trashed is default_list->names. - * core dump from 20010418 /usr/local/apache2b/corefiles/httpd.core.2 diff --git a/modules/http/http_protocol.c b/modules/http/http_protocol.c index 4ca8467639..595c7c2557 100644 --- a/modules/http/http_protocol.c +++ b/modules/http/http_protocol.c @@ -940,6 +940,8 @@ static char *make_allow(request_rec *r) AP_DECLARE(int) ap_send_http_trace(request_rec *r) { int rv; + apr_bucket_brigade *b; + header_struct h; /* Get the original request */ while (r->prev) @@ -952,11 +954,14 @@ AP_DECLARE(int) ap_send_http_trace(request_rec *r) /* Now we recreate the request, and echo it back */ - ap_rvputs(r, r->the_request, CRLF, NULL); - + b = apr_brigade_create(r->pool); + apr_brigade_putstrs(b, NULL, NULL, r->the_request, CRLF, NULL); + h.pool = r->pool; + h.bb = b; apr_table_do((int (*) (void *, const char *, const char *)) - form_header_field, (void *) r, r->headers_in, NULL); - ap_rputs(CRLF, r); + form_header_field, (void *) &h, r->headers_in, NULL); + apr_brigade_puts(b, NULL, NULL, CRLF); + ap_pass_brigade(r->output_filters, b); return OK; }