Tony Finch [Sat, 23 Sep 2000 00:05:45 +0000 (00:05 +0000)]
Fix a security problem that affects certain configurations of mod_rewrite.
If the result of a RewriteRule is a filename that contains expansion
specifiers, especially regexp backreferences $0..$9 and %0..%9, then it
may be possible for an attacker to access any file on the web server.
The fix replaces a multi-pass string expander with a one-pass expander,
and includes the code quality improvements that were committed separately
to 1.3.
Bill Stoddard [Fri, 22 Sep 2000 20:36:20 +0000 (20:36 +0000)]
Make the core_filter use apr_sendv and apr_sendfile as appropriate. This is still a bit crufty
but it is an improvement over the previous implementation.
Note 1: Only needed for BSD/OS.
Note 2: Invent better heuristic (timestamp checks for build/*.mk).
Note 3: Conversion is currently one-way
Note 4: Don't package on BSD/OS.
Jeff Trawick [Fri, 22 Sep 2000 14:57:08 +0000 (14:57 +0000)]
mod_include now tweaks the subrequest output filter chain so that
only *subsequent* filters from the original request are inherited.
Previously, *all* filters from the original request were inherited.
Currently, any filter which runs a subrequest should do the same
thing (though a cleaner interface may be appropriate.)
With this change, subrequests are properly filtered much more often.
Jeff Trawick [Fri, 22 Sep 2000 11:37:05 +0000 (11:37 +0000)]
Provide a socklen_t to the user of APR as a portability aid. Some
systems have unsigned sockaddr len parameters; others have signed.
When passing the length by address (as to accept()) a warning is
generated if the sign is not correct.
This patch assumes that, if no native socklen_t is provided,
apr_socklen_t is always signed; that can be easily tweaked for
certain platforms later.
Inside APR, apr_socklen_t is only used currently in the Unix
implementation.
Submitted by: Victor J. Orlikowski <v.j.orlikowski@gte.net>
Reviewed by: Jeff Trawick
Jeff Trawick [Thu, 21 Sep 2000 16:32:48 +0000 (16:32 +0000)]
Get the call to find_string() out of a loop. find_string() loops
across the buckets internally. This gets rid of a compile warning
but doesn't change the behavior.
Inspired by: "Victor J. Orlikowski" <v.j.orlikowski@gte.net>
Jeff Trawick [Wed, 20 Sep 2000 21:50:50 +0000 (21:50 +0000)]
Fix the prior fix to the usage of ap_brigade_split()... The caller of
send_parsed_content() needs to see the new brigade representing the
rest of the content.
Overhaul of dbmmanage to allow a groups arg (as in Apache 1.2)
as well as a comment arg to the add, adduser and update cmds.
update allows the user to clear or preserve pw/groups/comment.
Fixed a bug in dbmmanage that prevented the check option from
parsing a password followed by :group... text. Corrected the
seed calcualation for Win32 systems, and added -lsdbm support.
PR: 3810, 5527
Jeff Trawick [Tue, 19 Sep 2000 23:50:36 +0000 (23:50 +0000)]
Get internal redirects working by initializing the output_filters
list. We start over with only core_filter just like a fresh request.
Processing of the new URI will determine what filters (if any) are
appropriate.
Jeff Trawick [Tue, 19 Sep 2000 23:28:55 +0000 (23:28 +0000)]
Fix filter registration so that the appropriate list of
registrations is actually modified. This allows Apache to server
pages again. (Before this, every ap_add_filter() silently failed
and so output content went to the bit bucket.)
Also, repair some comments and un-namespace-protect a now-static
function.
Fix a bug where errors that happen during early request parsing (like 400
HTTP_BAD_REQUEST) don't send any error message content to the browser.
The core_filter wasn't present this early in request parsing, so the output
went into the bit bucket via r[v]puts->ap_pass_brigade.
The chunking filter takes care of itself nicely, because it is added in
ap_send_http_header if it's needed.
Jeff Trawick [Tue, 19 Sep 2000 17:46:28 +0000 (17:46 +0000)]
Change the registered filter name to XLATEOUT (from XLATE).
Set up the context in the filter in case the filter was inserted via
AddOutputFilter.
Provide a temporary hack to avoid having the module and core both
insert the output translation filter. For now, code
"CharsetOptions NoImplicitAdd" in a container with "AddOutputFilter."
Make a few cosmetic changes (e.g., rename the mis-named
xlate_register_filter routine).
Ryan Bloom [Sun, 17 Sep 2000 18:52:48 +0000 (18:52 +0000)]
If a bucket is split at the first or last character, then we should get
a zero length bucket and a bucket containing the original text. Later
filters will either throw away the zero length bucket, or they will just
ignore it. The problem is that if we return an error in those conditions,
then all filters need special logic whenever they are going to split a
bucket. By always splitting, only a few selected buckets need the special
logic to deal with zero-length buckets. This also fixes mod_include to not
have the special logic around it's split call.
Jeff Trawick [Fri, 15 Sep 2000 16:50:39 +0000 (16:50 +0000)]
Fix a bug parsing configuration file containers. With a sequence
like this in the config file
<IfModule mod_kilroy.c>
any stuff
</IfModule>
<IfModule mod_lovejoy.c>
(blank line)
any stuff
</IfModule>
the second container would be terminated at the blank line due to
sediment in the buffer from reading the prior </IfModule> and an
error message would be generated for the real </IfModule> for the
second container. Also due to this problem, any two characters
could be used for "</" in the close of a container.
Jeff Trawick [Thu, 14 Sep 2000 18:42:58 +0000 (18:42 +0000)]
Fix the types of the variables passed as the len parm to bucket->read()
(in various places).
In ab, change the declaration of argv so that it can be passed into
apr_initopt() without warning.
Submitted by: Victor J. Orlikowski <v.j.orlikowski@gte.net>
Reviewed and modified slightly by: Jeff Trawick
Tony Finch [Thu, 14 Sep 2000 02:16:07 +0000 (02:16 +0000)]
Improve the way the chunking filter handles zero-length buckets,
and fix the comment explaining how to reduce the incidence of tiny chunks.
Submitted by: Jeff Trawick
Reviewed by: Tony Finch
Ryan Bloom [Thu, 14 Sep 2000 00:34:15 +0000 (00:34 +0000)]
Add a pointer to the filter_rec_t from the filter_t. This allows modules
to get to the filter name from the filter itself. This is useful for
modules like mod_perl, which have one filter function that does different
things based on the name used when the filter was inserted.
Ryan Bloom [Wed, 13 Sep 2000 23:13:20 +0000 (23:13 +0000)]
Add the AddFilter directive. This directive takes a list of filter names
that have been previously registered with the server. Currently the
directive is only valid inside the config file, but once the Options
directive is tweaked a bit, I would feel more comfortable exposing this
directive to htaccess files.
As a part of making adding this filter, I removed the ctx pointer from the
ap_add_filter prototype. The problem is that the core is the thing that
is actually inserting the filter into the filter stack, but the core doesn't
know how to allocate memory for each filter. The solution is to have the
filters themselves be responsible for allocating the ctx memory whenever
it is required.
Ryan Bloom [Wed, 13 Sep 2000 02:07:40 +0000 (02:07 +0000)]
First pass at mod_include as a filter. This is at an incredibly alpha
stage, but it should compile for everybody now. I have experienced a few
seg faults that I haven't been able to track down yet, but it should
compile on all platforms, which is better than before this patch.
Ken Coar [Wed, 13 Sep 2000 01:58:15 +0000 (01:58 +0000)]
Start introducing the extension-method elements so we're not
bound to hard-coded names and a bitmask. We still use the
bitmask for known methods, but we also have an array for
extension method named. Wherever we used the M_* constants
we need to use a routine that knows about the new structure instead.
This is far from complete, but AFAIK this interim work doesn't
break anything -- especially the compile. The rest of the
work will be added in segments; this is just a checkpoint.
Tony Finch [Tue, 12 Sep 2000 17:46:40 +0000 (17:46 +0000)]
This commit adds support for purely name-based virtual hosting that
does not require any IP addresses in httpd.conf and which disregards
the local IP address of any connections. This will be particularly
appreciated by people running little servers on machines with
dynamically configured IP addresses, and by people wishing to use
identical httpd.conf files on all the machines in a load-balanced
cluster.
The syntax is:
NameVirtualHost *
<VirtualHost *>
ServerName my.friend.has.a.silly.vanitydomain.org
DocumentRoot /usr/local/apache/docs1
</VirtualHost>
<VirtualHost *>
ServerName but.easier.to.spell.than.my.vanitydomain.org
DocumentRoot /usr/local/apache/docs2
</VirtualHost>
The implementation is a straightforward extension of what is there
already although the patch is made somewhat larger by the need to
avoid duplicate code for normal and wildcarded NameVirtualHosts.
Jeff Trawick [Tue, 12 Sep 2000 14:48:49 +0000 (14:48 +0000)]
Explictly close the AF_UNIX socket to the cgid child after nph cgis too.
(Yeah, it got closed during pool cleanup, but it is more understandable if
it is closed the same way for nph and !nph cgis.)
Ryan Bloom [Tue, 12 Sep 2000 03:40:15 +0000 (03:40 +0000)]
Ensure that only one EOS bucket is sent down the filter stack. This is
done by adding a flag to the request_rec. When ap_pass_bucket sees an
EOS bucket, the flag is set. If the flag is still unset when
ap_finalize_request is called, then ap_finalize_request sends an EOS. This
fixes the problem with chunking and CGI.
Jeff Trawick [Mon, 11 Sep 2000 21:37:27 +0000 (21:37 +0000)]
The apr_file_t representation of the Unix socket from which we read
the CGI output should live in the request pool, not in pcgi. pcgi (in
the httpd processes, at least) isn't cleaned up until we restart httpd.
Ryan Bloom [Mon, 11 Sep 2000 00:30:02 +0000 (00:30 +0000)]
Modify mod_cgid to use bucket brigades. This means that mod_cgid behaves
like mod_cgi, creating a single element bucket brigade that is passed to
the next filter. This is instead of making mod_cgid read from the socket,
and call ap_r* repeatedly.
The "get resource" functionality is no longer a hook. Instead, providers
register themselves by name with mod_dav. The user configures a particular
provider for a location/directory. mod_dav looks up that provider and uses
it explicitly. (the prior behavior simply asked "anybody" to satisfy the
get_resource, but it did not mesh well with user-specified providers)
*) add providers.c to deal with provider registration
*) rejigger mod_dav.c to toss the hook and use the provider
*) clean out dav/fs/ of the old scheme and have it register itself
pass_chunk() was tossing a brigade composed of just the EOS bucket. on
entry, it saw there were zero bytes and simply returned. the client
would never receive "end of response" and timeout (or the server would
timeout the client).
*) added comments about what is going on
*) place chunk start/end markers around just the content, if that content
is non-zero in length
*) insert all the right "end of response" stuff before the EOS bucket
update the WebDAV versioning support:
- recognize and dispatch the latest set of DeltaV methods
- refine the CHECKOUT provider hook
- add avail_reports provider hook
- fix the "target" resolution mechanism
Tony Finch [Sat, 9 Sep 2000 01:11:15 +0000 (01:11 +0000)]
Fix inserting elements at the head and tail of a ring when the ring is
empty. Avoiding referring to the element type in the macros resulted
in some double dereferences that did the wrong thing.
Reported by: Jeff Trawick
Add an index of modules "by type". The modules directory in 2.0
could use a good cleaning to get rid of stuff that doesn't need
to be carried over, but that can wait.
Ryan Bloom [Fri, 8 Sep 2000 20:34:33 +0000 (20:34 +0000)]
Fix a compile break in mod_mime_magic.c. In early 2.0 versions, we would
get a pipe back from create_child, and stuff that into a buff to read from
it. This made sense in 1.3, because we got a buff back from the
create_process call. In 2.0, we are getting a pipe, so this doesn't
make sense. This patch just uses the pipe that is returned to us to read
the information we want.
Submitted by: John K. Sterling <sterling@covalent.net>
Reviewed by: Ryan Bloom
Change prefork to use the same listen api as the rest of the unix mpms
(ap_setup_listeners). This eliminates the need to force a recompile of
listen.c when you switch to/from using prefork.
Tony Finch [Fri, 8 Sep 2000 10:16:14 +0000 (10:16 +0000)]
Reduce the manualarity of managing bucket brigade lists by using the
new AP_RING macros. Most of this commit is fairly pedestrian as you
would expect, but I had to redo the chunking filter because of the
amount of pointer juggling it did. I have done some minimal testing
of this patch and it seems to work.
Jeff Trawick [Thu, 7 Sep 2000 23:51:36 +0000 (23:51 +0000)]
Fix merging of AddDefaultCharset directive.
PR: 5872 (reported against 1.3)
Submitted by: Jun Kuriyama <kuriyama@imgsrc.co.jp>
Reviewed by: Jeff Trawick
Ryan Bloom [Wed, 6 Sep 2000 14:02:29 +0000 (14:02 +0000)]
Fix the ScanDoc output on IE. I don't have IE, so I can't test this, but
it looks correct, and this problem has been submitted to me multiple times
PR: 6501
Submitted by: Shuichi Kitaguchi <ki@hh.iij4u.or.jp>
Reviewed by: Ryan Bloom
Jeff Trawick [Wed, 30 Aug 2000 21:15:33 +0000 (21:15 +0000)]
fix a few bugs and improve error handling:
introduce extended error status as a start of more helpful error logging;
instead of aborting the process when we get a bucket-straddling char too
wide to handle, trace the problem and return an error;
when we get to the end of the brigade and we're still waiting for the rest
of a character, return an error instead of ignoring the problem;
if we get 0 bytes when reading from a pipe, don't fret (segfault); skip
over this empty bucket and read the next one;
don't set done if send_downstream() returns APR_SUCCESS; set it for the
opposite condition; that bug kept us from processing our entire input
brigade for brigades that caused lots of output;
Ryan Bloom [Tue, 29 Aug 2000 22:16:45 +0000 (22:16 +0000)]
Modify the way filters are added to the server. Instead of using a FIFO,
we use a modified LIFO. It is modified, because if we add a filter while
in the middle of another filter, the added filter gets put in after the
current filter. This requires that the server is smart about which filters
are added when. This should be handled by the HTTP protocol, but we will
want to keep and eye on things for a little while.
This change is necessary, because currently when we add a filter it goes
after the last filter of the same type. This is broken whenever we want
to add a filter that has a dependancy. Think about the core and chunking
filters. They are of the same type, and core is always added first. When
we go to insert chunking, it gets added, but it is never called.
Jeff Trawick [Mon, 28 Aug 2000 20:36:42 +0000 (20:36 +0000)]
Update chunk_filter to handle buckets with unknown length (e.g., pipes).
As soon as we hit such a bucket, we'll read from it then pass everything
we have so far on to the next filter. At that point we'll start over.
Also, increase the size of the chunk header buffer to handle larger
lengths.
Note: There is still an extra final chunk header (0) when mod_cgi is used
because EOS is coming down twice.
This is likely to have some bugs here and there. Even worse, it is butt
ugly and in need of simplification.
Jeff Trawick [Sat, 26 Aug 2000 19:45:15 +0000 (19:45 +0000)]
Call ap_pass_brigade() *before* soaking up stderr. The normal CGI
is going to write a bunch of stuff to stdout and nothing to stderr.
Reading stderr before processing the stdout pipe can cause deadlock if
the CGI fills the kernel buffer for stdout because the CGI will stall
writing to stdout while the httpd process will stall reading from the
CGI's stderr.
The NPH CGI behavior was unchanged. If this is still a problem for NPH
CGIs, it was a problem before filtering too.
Also, get rid of a couple of unused variables in cgi_handler.
projects / apache / log