From: Ruediger Pluem Date: Fri, 6 Mar 2015 19:31:42 +0000 (+0000) Subject: * Do not reset the retry timeout if the worker is in error at this stage even X-Git-Tag: 2.5.0-alpha~3401 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6864b2c7812e49d27c8428dde5c751f12fcc6551;p=apache * Do not reset the retry timeout if the worker is in error at this stage even if the connection to the backend was successful. It was likely set into error by a different thread / process in parallel e.g. for a timeout or bad status. We should respect this and should not continue with a connection via this worker even if we got one. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1664709 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 15c469ebfa..224c4f4d83 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) mod_proxy: Fix a race condition that caused a failed worker to be retried + before the retry period is over. [Ruediger Pluem] + *) SECURITY: CVE-2015-0253 (cve.mitre.org) core: Fix a crash introduced in with ErrorDocument 400 pointing to a local URL-path with the INCLUDES filter active, introduced diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index f6ec24dc56..5f97f1e2b1 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -2887,33 +2887,48 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, connected = 1; } - /* - * Put the entire worker to error state if - * the PROXY_WORKER_IGNORE_ERRORS flag is not set. - * Altrough some connections may be alive - * no further connections to the worker could be made - */ - if (!connected && PROXY_WORKER_IS_USABLE(worker) && - !(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) { - worker->s->error_time = apr_time_now(); - worker->s->status |= PROXY_WORKER_IN_ERROR; - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) - "ap_proxy_connect_backend disabling worker for (%s) for %" - APR_TIME_T_FMT "s", - worker->s->hostname, apr_time_sec(worker->s->retry)); + if (PROXY_WORKER_IS_USABLE(worker)) { + /* + * Put the entire worker to error state if + * the PROXY_WORKER_IGNORE_ERRORS flag is not set. + * Although some connections may be alive + * no further connections to the worker could be made + */ + if (!connected) { + if (!(worker->s->status & PROXY_WORKER_IGNORE_ERRORS)) { + worker->s->error_time = apr_time_now(); + worker->s->status |= PROXY_WORKER_IN_ERROR; + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) + "ap_proxy_connect_backend disabling worker for (%s) for %" + APR_TIME_T_FMT "s", + worker->s->hostname, apr_time_sec(worker->s->retry)); + } + } + else { + if (worker->s->retries) { + /* + * A worker came back. So here is where we need to + * either reset all params to initial conditions or + * apply some sort of aging + */ + } + worker->s->error_time = 0; + worker->s->retries = 0; + } + return connected ? OK : DECLINED; } else { - if (worker->s->retries) { - /* - * A worker came back. So here is where we need to - * either reset all params to initial conditions or - * apply some sort of aging - */ + /* + * The worker is in error likely done by a different thread / process + * e.g. for a timeout or bad status. We should respect this and should + * not continue with a connection via this worker even if we got one. + */ + if (connected) { + apr_socket_close(conn->sock ); + conn->sock = NULL; } - worker->s->error_time = 0; - worker->s->retries = 0; + return DECLINED; } - return connected ? OK : DECLINED; } static apr_status_t connection_shutdown(void *theconn)