Nick Kew [Fri, 28 Dec 2007 12:03:20 +0000 (12:03 +0000)]
PR 39727: Fixup ETag handling in mod deflate (updated following extensive
discussion on-list).
This is not a full-and-final fix, because we don't ourselves do anything
useful with these ETags. But at least we're no longer screwing up clients.
Ruediger Pluem [Tue, 25 Dec 2007 09:35:05 +0000 (09:35 +0000)]
* Revert to old behaviour: Even if we detect a bad character: Formally decode
string correctly and do not mess up the string. Let the caller decide what
it wants to do with the result according to our return code.
Ruediger Pluem [Mon, 24 Dec 2007 11:45:22 +0000 (11:45 +0000)]
* Set character set for HTML outputs generated by mod_ldap,
mod_proxy_balancer, mod_proxy_ftp, mod_info, mod_dav without a character
set to ISO-8859-1.
Solve service status handle leak on multi-service ApacheMonitor
instances, and disconnect computer function on multi-system
applications of ApacheMonitor.
Solve two ssl issues; always install both ab.exe and abs.exe
because it's easier to move around ab.exe when that's all
someone needs (and this is precisely how the binary installer
works, too), and also kindly ignore missing openssl tree files
because TIMTOWTDI (although this one is preferred :)
Modifications for 1) httpd.conf.in generic conf file, and
2) source tree build (in addition to the msi installer)
carefully dodging the installer's desire to delete sources.
Start preparing to use the general-case httpd.conf.in,
on Win32.
Note the quoted log *filenames*, which lets us figure
out the difference between fixing "access_log" to be
a windows friendly "access.log", and leaving the custom
log format name pretty_log alone.
Also, prefer the user specified port for example ServerName.
Ruediger Pluem [Thu, 20 Dec 2007 08:57:23 +0000 (08:57 +0000)]
* Using the reslist pool for the proxy_conn_rec structure introduces a memory
leak when connections get created and destroyed frequently by the reslist
(e.g. destroying idle elements of the reslist). So use the subpool
dedicated for the proxy_conn_rec structure to allocate the memory for the
structure itself.
Ruediger Pluem [Tue, 18 Dec 2007 20:03:01 +0000 (20:03 +0000)]
* Only sent a flush bucket down the chain if buckets where sent down the chain
before that could still be buffered in the network filter. This is the case
if we have sent an EOS bucket or if we actually sent buckets with
data down the chain. In all other cases we either have not sent any
buckets at all down the chain or we only sent meta buckets that are
not EOS buckets down the chain. The only meta bucket that remains in
this case is the flush bucket which would have removed all possibly
buffered buckets in the network filter.
If we sent a flush bucket in the case where not ANY buckets were
sent down the chain, we break error handling which happens AFTER us.
Ruediger Pluem [Sat, 15 Dec 2007 16:15:04 +0000 (16:15 +0000)]
* Fix a SEGFAULT by ensuring that buckets that may have been buffered in the
network filters get flushed to the network. This is needed since
these buckets have been created with the bucket allocator of the
backend connection. This allocator either gets destroyed if
conn->close is set or the worker address is not reusable which
causes the connection to the backend to be closed or it will be used
again by another frontend connection that wants to recycle the
backend connection.
In this case we could run into nasty race conditions (e.g. if the
next user of the backend connection destroys the allocator before we
sent the buckets to the network).
Remark 1: Doing a setaside does not help here as the buckets remain
created by the wrong allocator in this case.
Remark 2: Yes, this creates a possible performance penalty in the case
of pipelined requests as we may send only a small amount of data over
the wire.
Ruediger Pluem [Wed, 12 Dec 2007 10:38:19 +0000 (10:38 +0000)]
* Do not register connection_cleanup as cleanup for the conn->pool. In the past
it was needed to register connection_cleanup as a cleanup for the frontend
connection memory pool (c->pool) to ensure that connection returns into the
connection pool if the memory pool of the frontend connection memory pool
gets destroyed / cleared. Now we ensure explicitly the connection returns
to the connection pool once we finished handling the request.
Ruediger Pluem [Wed, 12 Dec 2007 07:44:02 +0000 (07:44 +0000)]
* Fix another memory leak related to PR 44026. Now that we keep the connection
data structure alive in the reslist, the live time of c->pool is too long.
r->pool has the correct live time since rp dies before r.
Jeff Trawick [Tue, 11 Dec 2007 20:08:12 +0000 (20:08 +0000)]
http_protocol: Escape request method in 405 error reporting.
This has no security impact since the browser cannot be tricked
into sending arbitrary method strings.
Joe Orton [Tue, 11 Dec 2007 16:02:23 +0000 (16:02 +0000)]
Fix CVE-2007-5000:
* modules/mappers/mod_imagemap.c (menu_header): Fix
cross-site-scripting issue by escaping the URI, and ensure that a
charset parameter is sent in the content-type to prevent
autodetection by broken browsers.
Introduce --kill argument to ApacheMonitor for use by the
installer. This will permit the installation tool to remove
all running instances before attempting to remove the .exe.
Note that since the introduction of CriticalSections, our
compatibility with NT 4 was destroyed, and at this point that
is no loss (there are no more security updates to NT 4 ergo
it's not an OS we want connected to the internet, anyways).
The WTS api calls require 2000 or later, but I'm not wrapping
them since nobody notices the same issue with CriticalSections.
Ruediger Pluem [Tue, 11 Dec 2007 13:27:21 +0000 (13:27 +0000)]
* Use a separate subpool to manage the data for the socket and the connection
member of the proxy_conn_rec struct as we destroy this data more frequently
than other data in the proxy_conn_rec struct like hostname and addr (at least
in the case where we have keepalive connections that timed out and were
closed by the backend).
This fixes a memory leak with short lived and broken connections.
Ruediger Pluem [Sat, 8 Dec 2007 20:10:29 +0000 (20:10 +0000)]
* Enable the proxy to keep connections persistent in the HTTPS case.
Basicly the persistence is created by keeping the conn_rec structure
created for our backend connection (whether http or https) in the connection
pool. This required to adjust scoreboard.c in a way that its functions can
properly deal with a NULL scoreboard handle by ignoring the call or returning
an error code.
Jim Jagielski [Sat, 8 Dec 2007 16:10:40 +0000 (16:10 +0000)]
Alternate fix... profiling indicates that the string
termination is completely unneeded and superflous. In
which case, the original allocation size is sufficient
since nothing external worries about a NULL nor
looks for it.
Ruediger Pluem [Sat, 8 Dec 2007 14:03:43 +0000 (14:03 +0000)]
* Optimize memory behaviour of mod_substitute by
* Precreate all needed brigades, save them in the filter context and reuse
them in order to avoid frequent recreations using the request pool.
* Use a temporary pool for all the needed copy stuff and clean it up every
time we passed the passbb brigade down the chain. We can pass the
brigade down the chain directly after we processed one bucket from the
original brigade as buffering is done by the network filters.
* Use transient instead of pool buckets.
* There are cases that lead to the exceptional situation of a very large
passbb bucket brigade (about 1,000,000 buckets) as a result of processing
4 MB of a file. So I add a flush bucket once I have more than
MAX_BUCKET (1000) buckets in the brigade and pass it down the chain to get
it send and the passbb bucket brigade cleaned up and its memory reusable
again.
Ruediger Pluem [Sat, 8 Dec 2007 09:23:26 +0000 (09:23 +0000)]
* If no data is available at this point of time we need to switch into the
BODY_CHUNK_PART state like we do several lines later in the code in the
same situation.
Joe Orton [Mon, 3 Dec 2007 11:15:31 +0000 (11:15 +0000)]
* modules/ssl/ssl_util_ocsp.c (read_response): Bail out if the maximum
response-header count is exceeded. Also bump to APLOG_ERR the log
message given after a header read error.
Joe Orton [Mon, 3 Dec 2007 11:06:35 +0000 (11:06 +0000)]
* modules/ssl/ssl_engine_kernel.c (ssl_hook_ReadReq): For performing
TLS upgrade, require only the presence of a "TLS/1.0" token
somewhere in the Upgrade request-header, rather than as the exact
header value.
Joe Orton [Mon, 3 Dec 2007 11:01:51 +0000 (11:01 +0000)]
* modules/ssl/ssl_engine_io.c (ssl_io_input_add_filter,
ssl_io_filter_init): Don't clear f->r here after adding connection
filters since ap_add_*_filter now guarantee to do it internally.
Vincent Bray [Sun, 2 Dec 2007 05:33:12 +0000 (05:33 +0000)]
PR#44001 AuthDigestEnableQueryStringHack unnecessary for MSIE7.
Reported by: Takashi Sato <serai lans-tv.com>
Confirmed by: Vincent Jong <megaspaz tron.megaspaz.net> & noodl
Ruediger Pluem [Sat, 1 Dec 2007 16:14:21 +0000 (16:14 +0000)]
- when using "-l" reduce two consecutive calls to apr_time_now() to one.
This will not change the logic if no "-l" gets used, and it will spare
one call to apr_time_now() in case "-l" gets used and more important
it gives the code better atomicity, because in fact between the two calls
there is a slight change of jumping oder the DST boundary
- for historic reasons the same code block is used two times with a
slightly different way of transforming apr_time_t to int
(once division by APR_USEC_PER_SEC, once call to apr_time_sec()),
so let's unify it.
- finally move the block into a function, because it gets used already
two times.
projects / apache / log