Dropped the never-released ap_has_cntrls() as it had very limited
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.
Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.
Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.
Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.
Evgeny Kotkov [Mon, 10 Oct 2016 09:40:06 +0000 (09:40 +0000)]
mod_dav: Fix a potential cause of unbounded memory usage or incorrect
behavior in a routine that sends <DAV:response>'s to the output filters.
The dav_send_one_response() function accepts the current head of the output
filter list as an argument, but the actual head can change between calls to
ap_pass_brigade(). This can happen with self-removing filters, e.g., with
the filter from mod_headers or mod_deflate. Consequently, executing an
already removed filter can either cause unwanted memory usage or incorrect
behavior.
This patch changes the signature of the existing mod_dav's public API,
dav_send_one_response(), because this API is not yet a part of any 2.4.x
release.
* modules/dav/main/mod_dav.c
(dav_send_one_response): Accept a request_rec instead of an ap_filter_t.
Write the response to r->output_filters.
(dav_send_multistatus, dav_stream_response): Update these calling sites
of dav_send_one_response().
event: avoid unnecessary listener/polling wake ups (context switches) by using
apr_pollset_wakeup(), when implemented, to signal the listener according to the
next timers or timeout queues expiry (updated at insert and maintenance time).
Jacob Champion [Tue, 27 Sep 2016 16:59:21 +0000 (16:59 +0000)]
mod_proxy: log diagnostics during ProxyPass[Match]
To help out users when debugging ProxyPass and ProxyPassMatch, log all
match attempts (at trace2), as well as matches that are either
successful or explicitly disabled (at trace1).
mod_brotli: Unbreak building other filter modules without libbrotlienc.
Don't add -lbrotlienc to the MOD_LDFLAGS unconditionally. And, when
adding it, use MOD_BROTLI_LDADD to avoid linking all filter modules
against this library.
This new module supports dynamic Brotli (RFC 7932) compression. Existing
mod_deflate installations can benefit from better compression ratio by
sending Brotli-compressed data to the clients that support it:
SetOutputFilter BROTLI_COMPRESS;DEFLATE
The module features zero-copy processing, which is only possible with the
new API from the upcoming 1.0.x series of brotli [1]. The Linux makefile
works against libbrotli [2], as currently the core brotli repository doesn't
offer a way to build a library [3]. Apart from that, only the CMake build
is now supported.
Review of IE 11, Firefox 48 and Chrome 53 all indicate that ';' URI characters
are transmitted unencoded, per RFC3986 section 3.3 grammer. Correct httpd's
behavior to not encode ';' in proxied URI's or Location: response headers.
The ap_scan_script_header_* functions were documented to be pass/fail,
but they also have a third "state" that is returned when HTTP conditions
(If-Modified-Since, etc.) aren't met. This has led to some recent bugs,
so document it.
This is a follow up of http://svn.apache.org/r1752347;
ap_meet_conditions could return a 412 status that if not
handled causes subsequent bogus reads and wrong messages
logged (like AH01070). After a chat on dev@ the feedback
was to couple HTTP_NOT_MODIFIED with HTTP_PRECONDITION_FAILED,
but any other feedback is welcome.
Jacob Champion [Mon, 29 Aug 2016 23:56:21 +0000 (23:56 +0000)]
mpm_winnt: clear OVERLAPPED structs before reuse
MSDN documentation states that
Any unused members of [an OVERLAPPED] structure should always be
initialized to zero before the structure is used in a function call.
Otherwise, the function may fail and return ERROR_INVALID_PARAMETER.
Prior to this patch, the internal state left over from previous
overlapped I/O was passed into the next call. It's unclear what effect
this might have, if any. (I have not personally witnessed an
ERROR_INVALID_PARAMETER myself.)
Jacob Champion [Mon, 29 Aug 2016 23:56:20 +0000 (23:56 +0000)]
mpm_winnt: remove duplication of ap_process_connection
Further follow-up to the previous commit: now that we no longer patch a
network bucket into the brigade, we can revert to calling
ap_process_connection() directly instead of duplicating its logic.
Jacob Champion [Mon, 29 Aug 2016 23:56:18 +0000 (23:56 +0000)]
mpm_winnt: remove the AcceptEx data network bucket
Follow-up to the prior commit: without an incoming data buffer, the
custom network bucket code is now orphaned and we can remove it
entirely. This has the added benefit that we are no longer using the
internal OVERLAPPED.Pointer field, which is discouraged by the MSDN
docs.
Jacob Champion [Mon, 29 Aug 2016 23:56:16 +0000 (23:56 +0000)]
mpm_winnt: remove 'data' AcceptFilter in favor of 'connect'
The 'data' AcceptFilter optimization instructs Windows to wait until
data is received on a connection before completing the AcceptEx
operation. Unfortunately, it seems this isn't performed atomically --
AcceptEx "partially" accepts the incoming connection during the wait for
data, leaving all other incoming connections in the accept queue. This
opens the server to a denial of service.
Since the fix for this requires a substantial rearchitecture (likely
involving multiple outstanding calls to AcceptEx), disable the 'data'
filter for now and replace it with 'connect', which uses the AcceptEx
interface but does not wait for data.
Users running prior releases of httpd on Windows should explicitly move
to a 'connect' AcceptFilter in their configurations if they are
currently using the default 'data' filter.
Many thanks to mludha, Arthur Ramsey, Paul Spangler, and many others for
their assistance in tracking down and diagnosing this issue.
New optional flag to enforce <CR><LF> line delimiters in ap_[r]getline,
created by overloading 'int fold' (1 or 0) as 'int flags', with the same
value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value
2 for AP_GETLINE_CRLF
Enforce CRLF when HttpProtocolOptions Strict is in force.
Correct the parser construction for several optimizations,
based on the fact that bad whitespace shall not be permitted
or corrected in any operating mode, while preserving the
ability to extract bad method/uri/proto for later reporting
and diagnostics.
This change causes badwhitespace in the request line or any
request field line to always fail, and not honor the setting
of the HttpProtocolOptions Unsafe option. Mult SP characters
or trailing SP characters in the request line are still
permitted in Unsafe mode.
Adjusted several error message emits to match these changes.
Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll.
This choice is unanimous, although StrictURI (a different RFC) still hasn't
found absolute concensus.
An ap_mmn bump will follow (major, this removes a struct elt)