Daniel Gruno [Wed, 12 Mar 2014 22:56:44 +0000 (22:56 +0000)]
mod_lua: Add a fixups hook that checks if the original request is intended for LuaMapHandler. This fixes a bug where FallbackResource invalidates the LuaMapHandler directive in certain cases by changing the URI before the map handler code executes.
Stephen Henson [Wed, 12 Mar 2014 13:52:26 +0000 (13:52 +0000)]
A bug in some older versions of OpenSSL will cause a crash
in SSL_get_certificate for servers where the certificate hasn't
been sent.
Workaround by setting the ssl structure to client mode which
bypasses the faulty code in OpenSSL. Normally setting a server
ssl structure to client mode would cause problems later on:
but we are freeing the structure immediately without attempting
to use it.
Jan Kaluža [Tue, 11 Mar 2014 08:52:54 +0000 (08:52 +0000)]
mod_authn_socache.c: fix creation of default socache_instance.
In pre_config, default socache_provider is created, but socache_instance
initialization is missing. This leads to crash on startup if default
socache_provider is used (AuthnCacheSOCache is not called) and
AuthnCacheEnable or AuthnCacheProvideFor is used.
Clean up the cookie logging parser to recognize only the cookie=value pairs,
not valueless cookies. This refactors multiple passes over the same string
buffer into a single pass parser.
Yann Ylavic [Fri, 28 Feb 2014 09:42:41 +0000 (09:42 +0000)]
mod_deflate:
Don't fail when asked to flush inflated data to the user-agent and that
coincides with the end of stream ("Zlib error flushing inflate buffer").
PR 56196.
Yann Ylavic [Thu, 27 Feb 2014 18:15:03 +0000 (18:15 +0000)]
Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters.
Yann Ylavic [Thu, 27 Feb 2014 18:08:34 +0000 (18:08 +0000)]
Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags().
Yann Ylavic [Thu, 27 Feb 2014 18:01:38 +0000 (18:01 +0000)]
Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Handle non blocking reads which would block in the inflate input filter (not an error).
Yann Ylavic [Thu, 27 Feb 2014 17:57:13 +0000 (17:57 +0000)]
Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter :
- use validation_buffer and validation_length as state,
- loop until all the bytes are received.
Yann Ylavic [Thu, 27 Feb 2014 17:35:58 +0000 (17:35 +0000)]
Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Handle Zlib header buffering in the inflate input filter :
- loop until all the header is received,
- handle non blocking reads returning empty brigade,
- fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header,
- in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail,
- don't remove the Content-Length and Content-MD5 headers until some data is read.
Still does not handle Zlib flags for now, next commits.
Yann Ylavic [Thu, 27 Feb 2014 16:56:07 +0000 (16:56 +0000)]
Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters.
PR 46146 (patches from duplicated PR 55666)
Handle Zlib header buffering in the inflate output filter :
- add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing,
- introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too),
- use it to handle incomplete header in the output filter (deflate).
This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches.
Yann Ylavic [Thu, 27 Feb 2014 15:40:01 +0000 (15:40 +0000)]
Redo what was reverted in r1572627.
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts.
Yann Ylavic [Thu, 27 Feb 2014 15:31:58 +0000 (15:31 +0000)]
Revert r1572606 for the time being since backport would conflict with 2.4.x's proxy_conn_rec.
The uds_path field is at the end of the struct in 2.4.x but not in trunk.
Fix that first, then recommit.
Yann Ylavic [Thu, 27 Feb 2014 14:52:12 +0000 (14:52 +0000)]
Don't reuse a SSL backend connection whose SNI differs. PR 55782.
This may happen when ProxyPreserveHost is on and the proxy-worker
handles connections to different Hosts.
Yann Ylavic [Thu, 27 Feb 2014 13:05:24 +0000 (13:05 +0000)]
Cleanup the client to backend brigade before returning an error (if any) to avoid buckets lifetime issues (backend connection's pool destroyed before request's one). PR 50335.
Suggested by rpluem.
Jan Kaluža [Wed, 26 Feb 2014 15:30:25 +0000 (15:30 +0000)]
mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.
Yann Ylavic [Fri, 21 Feb 2014 15:08:32 +0000 (15:08 +0000)]
Log an error in mod_proxy_http when reading the request body fails.
Follow-up to r1538776 where incomplete bodies are detected and an error returned through the input filters.
Eric Covener [Thu, 20 Feb 2014 18:08:31 +0000 (18:08 +0000)]
*) mod_rewrite: Add RewriteOptions InheritDown, InheritDownBefore,
and IgnoreInherit to allow RewriteRules to be pushed from parent scopes
to child scopes without explicitly configuring each child scope.
PR56153.
Yann Ylavic [Fri, 14 Feb 2014 17:55:19 +0000 (17:55 +0000)]
mod_proxy_http: don't recycle backend connections known to be closed (eg. EOS by close).
This saves a useless ap_is_socket_connected() call when reused.
Jeff Trawick [Fri, 7 Feb 2014 19:54:06 +0000 (19:54 +0000)]
Follow-up to r1512819:
Don't include "\" in the printable form of the data because
it will be escaped later in processing, and the extra escaping
throws off the alignment. Just filter it out like unprintable
characters.
projects / apache / log