From: Graham Leggett Date: Tue, 13 Feb 2018 21:22:05 +0000 (+0000) Subject: mod_proxy: Provide an RFC1035 compliant version of the hostname in the X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fac7f995b092f9b8b72d0c22f2de4c918bcf2e33;p=apache mod_proxy: Provide an RFC1035 compliant version of the hostname in the proxy_worker_shared structure. PR62085 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1824176 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 95aa5fd97e..e256b8b0c3 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.1 + *) mod_proxy: Provide an RFC1035 compliant version of the hostname in the + proxy_worker_shared structure. PR62085 [Graham Leggett] + *) mod_proxy: Worker schemes and hostnames which are too large are no longer fatal errors; it is logged and the truncated values are stored. diff --git a/modules/proxy/balancers/mod_lbmethod_heartbeat.c b/modules/proxy/balancers/mod_lbmethod_heartbeat.c index 640bddb7f7..d7462608a4 100644 --- a/modules/proxy/balancers/mod_lbmethod_heartbeat.c +++ b/modules/proxy/balancers/mod_lbmethod_heartbeat.c @@ -300,7 +300,7 @@ static proxy_worker *find_best_hb(proxy_balancer *balancer, for (i = 0; i < balancer->workers->nelts; i++) { worker = &APR_ARRAY_IDX(balancer->workers, i, proxy_worker *); - server = apr_hash_get(servers, (*worker)->s->hostname, APR_HASH_KEY_STRING); + server = apr_hash_get(servers, (*worker)->s->hostname_ex, APR_HASH_KEY_STRING); if (!server) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, r, APLOGNO(01214) diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 2aa491e372..c585455205 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -2879,7 +2879,7 @@ static int proxy_status_hook(request_rec *r, int flags) char fbuf[50]; if (!(flags & AP_STATUS_SHORT)) { ap_rvputs(r, "\n", (*worker)->s->scheme, "", NULL); - ap_rvputs(r, "", (*worker)->s->hostname, "", NULL); + ap_rvputs(r, "", (*worker)->s->hostname_ex, "", NULL); ap_rvputs(r, ap_proxy_parse_wstatus(r->pool, *worker), NULL); ap_rvputs(r, "", (*worker)->s->route, NULL); ap_rvputs(r, "", (*worker)->s->redirect, NULL); @@ -2971,7 +2971,8 @@ static void child_init(apr_pool_t *p, server_rec *s) ap_proxy_define_worker(p, &forward, NULL, NULL, "http://www.apache.org", 0); conf->forward = forward; PROXY_STRNCPY(conf->forward->s->name, "proxy:forward"); - PROXY_STRNCPY(conf->forward->s->hostname, "*"); + PROXY_STRNCPY(conf->forward->s->hostname, "*"); /* for compatibility */ + PROXY_STRNCPY(conf->forward->s->hostname_ex, "*"); PROXY_STRNCPY(conf->forward->s->scheme, "*"); conf->forward->hash.def = conf->forward->s->hash.def = ap_proxy_hashfunc(conf->forward->s->name, PROXY_HASHFUNC_DEFAULT); @@ -2988,7 +2989,8 @@ static void child_init(apr_pool_t *p, server_rec *s) if (!reverse) { ap_proxy_define_worker(p, &reverse, NULL, NULL, "http://www.apache.org", 0); PROXY_STRNCPY(reverse->s->name, "proxy:reverse"); - PROXY_STRNCPY(reverse->s->hostname, "*"); + PROXY_STRNCPY(reverse->s->hostname, "*"); /* for compatibility */ + PROXY_STRNCPY(reverse->s->hostname_ex, "*"); PROXY_STRNCPY(reverse->s->scheme, "*"); reverse->hash.def = reverse->s->hash.def = ap_proxy_hashfunc(reverse->s->name, PROXY_HASHFUNC_DEFAULT); diff --git a/modules/proxy/mod_proxy.h b/modules/proxy/mod_proxy.h index d14799eeca..0c08cab291 100644 --- a/modules/proxy/mod_proxy.h +++ b/modules/proxy/mod_proxy.h @@ -355,6 +355,8 @@ PROXY_WORKER_HC_FAIL ) #define PROXY_BALANCER_MAX_STICKY_SIZE 64 #define PROXY_WORKER_MAX_SECRET_SIZE 64 +#define PROXY_RFC1035_HOSTNAME_SIZE 256 + /* RFC-1035 mentions limits of 255 for host-names and 253 for domain-names, * dotted together(?) this would fit the below size (+ trailing NUL). */ @@ -390,7 +392,7 @@ typedef struct { typedef struct { char name[PROXY_WORKER_MAX_NAME_SIZE]; char scheme[PROXY_WORKER_MAX_SCHEME_SIZE]; /* scheme to use ajp|http|https */ - char hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; /* remote backend address */ + char hostname[PROXY_WORKER_MAX_HOSTNAME_SIZE]; /* remote backend address (deprecated, use hostname_ex below) */ char route[PROXY_WORKER_MAX_ROUTE_SIZE]; /* balancing route */ char redirect[PROXY_WORKER_MAX_ROUTE_SIZE]; /* temporary balancing redirection route */ char flusher[PROXY_WORKER_MAX_SCHEME_SIZE]; /* flush provider used by mod_proxy_fdpass */ @@ -452,6 +454,7 @@ typedef struct { unsigned int is_name_matchable:1; char secret[PROXY_WORKER_MAX_SECRET_SIZE]; /* authentication secret (e.g. AJP13) */ char upgrade[PROXY_WORKER_MAX_SCHEME_SIZE];/* upgrade protocol used by mod_proxy_wstunnel */ + char hostname_ex[PROXY_RFC1035_HOSTNAME_SIZE]; /* RFC1035 compliant version of the remote backend address */ } proxy_worker_shared; #define ALIGNED_PROXY_WORKER_SHARED_SIZE (APR_ALIGN_DEFAULT(sizeof(proxy_worker_shared))) diff --git a/modules/proxy/mod_proxy_ajp.c b/modules/proxy/mod_proxy_ajp.c index 4b3fd13b8d..843f3995ed 100644 --- a/modules/proxy/mod_proxy_ajp.c +++ b/modules/proxy/mod_proxy_ajp.c @@ -217,7 +217,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00868) "request failed to %pI (%s)", conn->worker->cp->addr, - conn->worker->s->hostname); + conn->worker->s->hostname_ex); if (status == AJP_EOVERFLOW) return HTTP_BAD_REQUEST; else { @@ -299,7 +299,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00876) "send failed to %pI (%s)", conn->worker->cp->addr, - conn->worker->s->hostname); + conn->worker->s->hostname_ex); /* * It is fatal when we failed to send a (part) of the request * body. @@ -339,7 +339,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00878) "read response failed from %pI (%s)", conn->worker->cp->addr, - conn->worker->s->hostname); + conn->worker->s->hostname_ex); /* If we had a successful cping/cpong and then a timeout * we assume it is a request that cause a back-end timeout, @@ -639,7 +639,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00892) "got response from %pI (%s)", conn->worker->cp->addr, - conn->worker->s->hostname); + conn->worker->s->hostname_ex); if (conf->error_override && ap_is_HTTP_ERROR(r->status)) { /* clear r->status for override error, otherwise ErrorDocument @@ -663,7 +663,7 @@ static int ap_proxy_ajp_request(apr_pool_t *p, request_rec *r, ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00893) "dialog to %pI (%s) failed", conn->worker->cp->addr, - conn->worker->s->hostname); + conn->worker->s->hostname_ex); /* * If we already send data, signal a broken backend connection * upwards in the chain. @@ -809,7 +809,7 @@ static int proxy_ajp_handler(request_rec *r, proxy_worker *worker, backend->close = 1; ap_log_rerror(APLOG_MARK, APLOG_ERR, status, r, APLOGNO(00897) "cping/cpong failed to %pI (%s)", - worker->cp->addr, worker->s->hostname); + worker->cp->addr, worker->s->hostname_ex); status = HTTP_SERVICE_UNAVAILABLE; retry++; continue; diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c index ab26e6f318..7d3df9ca85 100644 --- a/modules/proxy/mod_proxy_balancer.c +++ b/modules/proxy/mod_proxy_balancer.c @@ -452,7 +452,7 @@ static void force_recovery(proxy_balancer *balancer, server_rec *s) (*worker)->s->status &= ~PROXY_WORKER_IN_ERROR; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(01165) "%s: Forcing recovery for worker (%s)", - balancer->s->name, (*worker)->s->hostname); + balancer->s->name, (*worker)->s->hostname_ex); } } } @@ -1469,7 +1469,7 @@ static int balancer_handler(request_rec *r) "\n", NULL); ap_rvputs(r, " ", worker->s->scheme, "\n", NULL); - ap_rvputs(r, " ", worker->s->hostname, + ap_rvputs(r, " ", worker->s->hostname_ex, "\n", NULL); ap_rprintf(r, " %.2f\n", (float)(worker->s->lbfactor)/100.0); diff --git a/modules/proxy/mod_proxy_hcheck.c b/modules/proxy/mod_proxy_hcheck.c index 1b2833bf10..485fa74141 100644 --- a/modules/proxy/mod_proxy_hcheck.c +++ b/modules/proxy/mod_proxy_hcheck.c @@ -416,7 +416,7 @@ static void create_hcheck_req(wctx_t *wctx, proxy_worker *hc, "OPTIONS * HTTP/1.0\r\n" "Host: %s:%d\r\n" "\r\n", - hc->s->hostname, (int)hc->s->port); + hc->s->hostname_ex, (int)hc->s->port); break; case HEAD: @@ -434,7 +434,7 @@ static void create_hcheck_req(wctx_t *wctx, proxy_worker *hc, (wctx->path ? wctx->path : ""), (wctx->path && *hc->s->hcuri ? "/" : "" ), (*hc->s->hcuri ? hc->s->hcuri : ""), - hc->s->hostname, (int)hc->s->port); + hc->s->hostname_ex, (int)hc->s->port); break; default: @@ -461,12 +461,13 @@ static proxy_worker *hc_get_hcworker(sctx_t *ctx, proxy_worker *worker, : ap_proxy_port_of_scheme(worker->s->scheme)); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03248) "Creating hc worker %pp for %s://%s:%d", - worker, worker->s->scheme, worker->s->hostname, + worker, worker->s->scheme, worker->s->hostname_ex, (int)port); ap_proxy_define_worker(ctx->p, &hc, NULL, NULL, worker->s->name, 0); apr_snprintf(hc->s->name, sizeof hc->s->name, "%pp", worker); - PROXY_STRNCPY(hc->s->hostname, worker->s->hostname); + PROXY_STRNCPY(hc->s->hostname, worker->s->hostname); /* for compatibility */ + PROXY_STRNCPY(hc->s->hostname_ex, worker->s->hostname_ex); PROXY_STRNCPY(hc->s->scheme, worker->s->scheme); PROXY_STRNCPY(hc->s->hcuri, worker->s->hcuri); PROXY_STRNCPY(hc->s->hcexpr, worker->s->hcexpr); @@ -498,7 +499,7 @@ static proxy_worker *hc_get_hcworker(sctx_t *ctx, proxy_worker *worker, : ap_proxy_port_of_scheme(worker->s->scheme)); ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03311) "Updating hc worker %pp for %s://%s:%d", - worker, worker->s->scheme, worker->s->hostname, + worker, worker->s->scheme, worker->s->hostname_ex, (int)port); hc->s->method = worker->s->method; create_hcheck_req(wctx, hc, ctx->p); @@ -519,12 +520,12 @@ static int hc_determine_connection(sctx_t *ctx, proxy_worker *worker, *addr = worker->cp->addr; } else { - rv = apr_sockaddr_info_get(addr, worker->s->hostname, + rv = apr_sockaddr_info_get(addr, worker->s->hostname_ex, APR_UNSPEC, worker->s->port, 0, p); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, ctx->s, APLOGNO(03249) "DNS lookup failure for: %s:%d", - worker->s->hostname, (int)worker->s->port); + worker->s->hostname_ex, (int)worker->s->port); } } return (rv == APR_SUCCESS ? OK : !OK); @@ -579,7 +580,7 @@ static int hc_get_backend(const char *proxy_function, proxy_conn_rec **backend, status = ap_proxy_acquire_connection(proxy_function, backend, hc, ctx->s); if (status == OK) { (*backend)->addr = hc->cp->addr; - (*backend)->hostname = hc->s->hostname; + (*backend)->hostname = hc->s->hostname_ex; if (strcmp(hc->s->scheme, "https") == 0) { if (!ap_proxy_ssl_enable(NULL)) { ap_log_error(APLOG_MARK, APLOG_WARNING, 0, ctx->s, APLOGNO(03252) diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index ab230049a1..fb95f4380c 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -2108,7 +2108,7 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, backend->close = 1; ap_log_rerror(APLOG_MARK, APLOG_INFO, status, r, APLOGNO(01115) "HTTP: 100-Continue failed to %pI (%s)", - worker->cp->addr, worker->s->hostname); + worker->cp->addr, worker->s->hostname_ex); retry++; continue; } else { diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index c006fc7ec1..f83c5577c8 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -1731,6 +1731,9 @@ PROXY_DECLARE(char *) ap_proxy_define_worker(apr_pool_t *p, ap_log_error(APLOG_MARK, APLOG_ERR, 0, ap_server_conf, APLOGNO(010118) "Alert! worker hostname (%s) too long; truncated to: %s", uri.hostname, wshared->hostname); } + if (PROXY_STRNCPY(wshared->hostname_ex, uri.hostname) != APR_SUCCESS) { + return apr_psprintf(p, "worker hostname (%s) too long", uri.hostname); + } wshared->flush_packets = flush_off; wshared->flush_wait = PROXY_FLUSH_WAIT; wshared->is_address_reusable = 1; @@ -1921,7 +1924,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker, ser ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00930) "initialized pool in child %" APR_PID_T_FMT " for (%s) min=%d max=%d smax=%d", - getpid(), worker->s->hostname, worker->s->min, + getpid(), worker->s->hostname_ex, worker->s->min, worker->s->hmax, worker->s->smax); /* Set the acquire timeout */ @@ -1938,7 +1941,7 @@ PROXY_DECLARE(apr_status_t) ap_proxy_initialize_worker(proxy_worker *worker, ser ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00931) "initialized single connection worker in child %" APR_PID_T_FMT " for (%s)", - getpid(), worker->s->hostname); + getpid(), worker->s->hostname_ex); } apr_global_mutex_unlock(proxy_mutex); @@ -1957,7 +1960,7 @@ static int ap_proxy_retry_worker(const char *proxy_function, proxy_worker *worke if (PROXY_WORKER_IS(worker, PROXY_WORKER_STOPPED)) { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(3305) "%s: Won't retry worker (%s): stopped", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); return DECLINED; } if ((worker->s->status & PROXY_WORKER_IGNORE_ERRORS) @@ -1966,13 +1969,13 @@ static int ap_proxy_retry_worker(const char *proxy_function, proxy_worker *worke worker->s->status &= ~PROXY_WORKER_IN_ERROR; ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00932) "%s: worker for (%s) has been marked for retry", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); return OK; } else { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00933) "%s: too soon to retry worker for (%s)", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); return DECLINED; } } @@ -2194,7 +2197,7 @@ PROXY_DECLARE(int) ap_proxy_acquire_connection(const char *proxy_function, if (!PROXY_WORKER_IS_USABLE(worker)) { ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00940) "%s: disabled connection for (%s)", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); return HTTP_SERVICE_UNAVAILABLE; } } @@ -2217,12 +2220,12 @@ PROXY_DECLARE(int) ap_proxy_acquire_connection(const char *proxy_function, if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rv, s, APLOGNO(00941) "%s: failed to acquire connection for (%s)", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); return HTTP_SERVICE_UNAVAILABLE; } ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00942) "%s: has acquired connection for (%s)", - proxy_function, worker->s->hostname); + proxy_function, worker->s->hostname_ex); (*conn)->worker = worker; (*conn)->close = 0; @@ -2237,7 +2240,7 @@ PROXY_DECLARE(int) ap_proxy_release_connection(const char *proxy_function, { ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, s, APLOGNO(00943) "%s: has released connection for (%s)", - proxy_function, conn->worker->s->hostname); + proxy_function, conn->worker->s->hostname_ex); connection_cleanup(conn); return OK; @@ -2833,7 +2836,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "%s: error creating Unix domain socket for " "target %s", proxy_function, - worker->s->hostname); + worker->s->hostname_ex); break; } conn->connection = NULL; @@ -2846,7 +2849,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "%s (%s) failed", proxy_function, conn->uds_path, - worker->s->hostname); + worker->s->hostname_ex); break; } @@ -2855,7 +2858,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "%s (%s)", proxy_function, conn->uds_path, - worker->s->hostname); + worker->s->hostname_ex); } else #endif @@ -2869,7 +2872,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "target %s", proxy_function, backend_addr->family, - worker->s->hostname); + worker->s->hostname_ex); /* * this could be an IPv6 address from the DNS but the * local machine won't give us an IPv6 socket; hopefully the @@ -2919,7 +2922,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, } ap_log_error(APLOG_MARK, APLOG_TRACE2, 0, s, "%s: fam %d socket created to connect to %s", - proxy_function, backend_addr->family, worker->s->hostname); + proxy_function, backend_addr->family, worker->s->hostname_ex); if (conf->source_address_set) { local_addr = apr_pmemdup(conn->scpool, conf->source_address, @@ -2944,7 +2947,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "%s: attempt to connect to %pI (%s) failed", proxy_function, backend_addr, - worker->s->hostname); + worker->s->hostname_ex); backend_addr = backend_addr->next; continue; } @@ -2953,7 +2956,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "%s: connection established with %pI (%s)", proxy_function, backend_addr, - worker->s->hostname); + worker->s->hostname_ex); } /* Set a timeout on the socket */ @@ -2987,7 +2990,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, "via http CONNECT through %pI (%s) failed", proxy_function, forward->target_host, forward->target_port, - backend_addr, worker->s->hostname); + backend_addr, worker->s->hostname_ex); backend_addr = backend_addr->next; continue; } @@ -3009,7 +3012,7 @@ PROXY_DECLARE(int) ap_proxy_connect_backend(const char *proxy_function, ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(00959) "ap_proxy_connect_backend disabling worker for (%s) for %" APR_TIME_T_FMT "s", - worker->s->hostname, apr_time_sec(worker->s->retry)); + worker->s->hostname_ex, apr_time_sec(worker->s->retry)); } } else {