Jacob Champion [Tue, 6 Dec 2016 17:07:19 +0000 (17:07 +0000)]
mod_auth_digest: fix segfaults during shared memory exhaustion
The apr_rmm_addr_get/apr_rmm_malloc() combination did not correctly
check for a malloc failure, leading to crashes when we ran out of the
limited space provided by AuthDigestShmemSize. This patch replaces all
these calls with a helper function that performs this check.
Additionally, fix a NULL-check bug during entry garbage collection.
The default value of 'inherit' should be AP_LUA_INHERIT_UNSET.
With this value, the behavior is the same as 'parent-first' in the 'LuaInherit' directive
If not explicitelly initialized, its value is 0 because of the 'apr_calloc 'in 'create_dir_config'. 0 means 'AP_LUA_INHERIT_NONE'
Luca Toscano [Fri, 2 Dec 2016 14:56:50 +0000 (14:56 +0000)]
Add a section to mpm-event's documentation to advertise new changes
I tried to add a summary of Stefan's last patches just backported to
2.4.x today. I've read all of them and tried to report Stefan's comment
from PR 53555 as much as possible. Please review and let me know if I wrong
something incorrect or not precise enough.
Evgeny Kotkov [Tue, 29 Nov 2016 00:00:28 +0000 (00:00 +0000)]
mod_brotli: Update makefiles to use the library layout of the official
Brotli repository.
With the recent update (https://github.com/google/brotli/pull/464), the
official repository now produces pkg-config metadata files (brotli.pc),
and has a fixed library layout (libbrotlicommon/libbrotlienc/libbrotlidec)
on both Windows and Linux. Expect this layout in the makefiles, and take
advantage of the pkg-config metadata, if it's available.
Evgeny Kotkov [Mon, 28 Nov 2016 18:28:56 +0000 (18:28 +0000)]
mod_brotli: Rewrite the autoconf script in a, hopefully, less convoluted way.
Explicitly handle different cases when we do a pkg-config lookup
(<nothing>, --with-brotli or --with-brotli=yes) or examine the path
provided by the user (--with-brotli=PATH).
This lays the groundwork to simplify the switch to the official Brotli
library (https://github.com/google/brotli), instead of expecting the
install layout of a third-party wrapper (https://github.com/bagder/libbrotli).
List discussion resulted in rejecting all but SP characters in the request
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.
Eric Covener [Tue, 22 Nov 2016 01:53:40 +0000 (01:53 +0000)]
remove Location: header checks for absolute URL
https://tools.ietf.org/html/rfc7231#section-7.1.2
The "Location" header field is used in some responses to refer to a
specific resource in relation to the response. The type of
relationship is defined by the combination of request method and
status code semantics.
Location = URI-reference
The field value consists of a single URI-reference. When it has the
form of a relative reference ([RFC3986], Section 4.2), the final
value is computed by resolving it against the effective request URI
([RFC3986], Section 5).
Stefan Fritsch [Mon, 21 Nov 2016 20:46:51 +0000 (20:46 +0000)]
Use all available scoreboard slots
Allow to use all slots up to ServerLimit. This makes 'scoreboard full'
errors much less likely.
And if ther is a situation where the scoreboard is full, don't make any
more processes finish gracefully due to reduced load until some old
processes have terminated. Otherwise, the situation would get worse once
the load increases again.
ap_daemon_limit is renamed to the more descriptive active_server_limit,
to make sure that all its uses are taken care of.
Actually cause the Host header to be overridden, as noted by rpluem,
and simplify now that there isn't a log-only mode.
I believe this logic to be busted. Given this request;
GET http://distant-host.com/ HTTP/1.1
Host: proxy-host
we would now fail to evaluate the proxy-host virtual host rules.
This seems like a breaking change to our config. mod_proxy already
follows this rule of RFC7230 section 5.4;
When a proxy receives a request with an absolute-form of
request-target, the proxy MUST ignore the received Host header field
(if any) and instead replace it with the host information of the
request-target. A proxy that forwards such a request MUST generate a
new Host field-value based on the received request-target rather than
forward the received Host field-value.
Section 5.5 of RFC7230 has this to say;
Once the effective request URI has been constructed, an origin server
needs to decide whether or not to provide service for that URI via
the connection in which the request was received. For example, the
request might have been misdirected, deliberately or accidentally,
such that the information within a received request-target or Host
header field differs from the host or port upon which the connection
has been made. If the connection is from a trusted gateway, that
inconsistency might be expected; otherwise, it might indicate an
attempt to bypass security filters, trick the server into delivering
non-public content, or poison a cache. See Section 9 for security
considerations regarding message routing.
Section 5.3.1 states;
To allow for transition to the absolute-form for all requests in some
future version of HTTP, a server MUST accept the absolute-form in
requests, even though HTTP/1.1 clients will only send them in
requests to proxies.
It seems to me we should simply trust the Host: header and dump this whole
mess. If we want to reject requests in absolute form after the proxy modules
have had a chance to accept them, that wouldn't be a bad solution.
After a chat in #httpd-dev it seems that the issue boils down to how %{CONTENT_TYPE}
is evaluated in util_expr_eval.c (r->content_type) vs how setifempty is (only a check
of the response headers). This particular behavior might be a bug or feature,
but it is worth to alert our users.
Luca Toscano [Tue, 15 Nov 2016 20:42:35 +0000 (20:42 +0000)]
Updated the perf-tuning documentation
Removed some out of date references and re-wrote
some sections. Added also a banner at the top of
the page to warn the users about stale content.
The next step is to improve the accept() related
documentation introducing the latest changes made
for event (and how awesome event is).
Couls also be <br> or <br/> but some (very) old clients don't like it.
httpd is not really consistent on it. (personnlaly <br> would be just fine for me but <br /> is the most commonly used form)
Eric Covener [Tue, 15 Nov 2016 03:50:42 +0000 (03:50 +0000)]
add an <IfFile> config section like <IfDefine>
It allows a non httpd config file to be used as a marker directly in
httpd.conf without hiding logic in a script in front of apachectl
to do test -f and pass extra -D's.
This is something we've had in IBM's httpd distro for a little bit and
hadn't remembered to share. I've seen some questions/config files come
up in a few places lately that would benefit from this as an option.
Joe Orton [Mon, 14 Nov 2016 10:57:46 +0000 (10:57 +0000)]
* modules/ssl/ssl_engine_vars.c (ssl_var_lookup_ssl_cert): Use const
ASN1_OBJECT for X509_ALGOR_get0() for OpenSSL >= 1.1.0 per
https://github.com/openssl/openssl/commit/ac4e257747075958d37665f327bdf685dd2478ab
Jacob Champion [Fri, 11 Nov 2016 19:38:28 +0000 (19:38 +0000)]
ssl: clear the error queue before SSL_read/write/accept()
If other modules or libraries do not clear the OpenSSL error queue after
a failed operation, other code that relies on SSL_get_error() -- in
particular, code that deals with SSL_ERROR_WANT_READ/WRITE logic -- will
malfunction later on. To prevent this, explicitly clear the error queue
before calls like SSL_read/write/accept().
PR: 60223
Submitted by: Paul Spangler <paul.spangler ni.com>
Jacob Champion [Thu, 10 Nov 2016 20:53:21 +0000 (20:53 +0000)]
Remove unnecessary apr_table_do() function casts
Function casts can cause hard-to-debug corruption issues if a
declaration is accidentally changed to be incompatible. Luckily, most of
the function casts for apr_table_do() calls are unnecessary. Remove
them, and adjust the signatures for helpers that weren't taking void* as
the first argument.
The remaining helper that requires a cast is http_filter.c's
form_header_field(), which is probably where many of these casts were
copy-pasted from. I have left it as-is: it has other direct callers
besides apr_table_do(), and it's already documented with warnings not to
change the function signature.