Improve layout, add trailing '.' in function description, capitalize first letter of description, fix typo, turn \0 into \\0.
Move the detailed description after @defgroup so that it is taken into account.
As noted by Yann, this resulted in a dead var assignment. Preinit won't
work due to the fact that we overload rv as both the DWORD windows result
and the apr_status_t result code.
Eric Covener [Tue, 15 Jul 2014 19:11:02 +0000 (19:11 +0000)]
*) SECURITY: CVE-2013-5704 (cve.mitre.org)
core: HTTP trailers could be used to replace HTTP headers
late during request processing, potentially undoing or
otherwise confusing modules that examined or modified
request headers earlier. Adds "MergeTrailers" directive to restore
legacy behavior.
Submitted By: Edward Lu, Yann Ylavic, Joe Orton, Eric Covener
Committed By: covener
Joe Orton [Tue, 15 Jul 2014 12:27:00 +0000 (12:27 +0000)]
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Jeff Trawick [Tue, 15 Jul 2014 11:15:26 +0000 (11:15 +0000)]
SECURITY (CVE-2014-3523): Fix a memory consumption denial of
service in the WinNT MPM used in all Windows installations.
Workaround: AcceptFilter <protocol> {none|connect}
Submitted by: trawick
Reviewed by: jorton, covener, jim
Eric Covener [Mon, 14 Jul 2014 20:08:25 +0000 (20:08 +0000)]
SECURITY: CVE-2014-0231 (cve.mitre.org): Part two of two, with r1535125:
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server.
[Rainer Jung, Eric Covener, Yann Ylavic]
Eric Covener [Mon, 14 Jul 2014 19:56:15 +0000 (19:56 +0000)]
*) SECURITY: CVE-2014-0118 (cve.mitre.org)
mod_deflate: The DEFLATE input filter (inflates request bodies) now
limits the length and compression ratio of inflated request bodies to avoid
denial of sevice via highly compressed bodies. See directives
DeflateInflateLimitRequestBody, DeflateInflateRatioLimit,
and DeflateInflateRatioBurst.
Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue.
Submitted By: ylavic, covener
Reviewed By: jorton, covener, jim
Joe Orton [Mon, 14 Jul 2014 19:26:00 +0000 (19:26 +0000)]
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling,
which could lead to a heap buffer overflow. Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.
Forward local IP address as a custom request attribute
like we already do for the remote port.
Both were forgotten in the original AJP 13 spec
but are needed by the Servlet spec. Until now,
Tomcat simply returns for getLocalAddr() the same as
for getLocalName().
The next round of Tomcat releases will look for the
optional new request attribute.
Jeff Trawick [Sat, 12 Jul 2014 14:48:04 +0000 (14:48 +0000)]
Set an error note for requests rejected due to SSLStrictSNIVHostCheck.
This allows custom error documents to include the specific reason
for denying access to the server.
Jeff Trawick [Sat, 12 Jul 2014 13:26:42 +0000 (13:26 +0000)]
Perform SNI checks only on the initial request. In particular,
if these checks detect a problem, the checks shouldn't return an
error again when processing an ErrorDocument redirect for the
original problem.
Jan Kaluža [Fri, 11 Jul 2014 10:36:15 +0000 (10:36 +0000)]
mod_proxy: add ap_proxy_define_match_worker() and use it for ProxyPassMatch
and ProxyMatch section to distinguish between normal workers and workers
with regex substitutions in the name. Implement handling of such workers
in ap_proxy_get_worker(). PR 43513
Jan Kaluža [Tue, 8 Jul 2014 09:42:24 +0000 (09:42 +0000)]
* server/listen.c: detect systemd socket activation using sd_listen_fds(),
drop the support for "Listen systemd" and use standard Listen syntax instead.
This allows using the same configuration file with or without socket activation
and allows setting protocol when using socket activation.
Eric Covener [Sun, 6 Jul 2014 14:06:50 +0000 (14:06 +0000)]
Consolidate common code that got duplicated by 2.3.x authz refactoring.
Arrange for backend LDAP connections to be returned
to the pool by a fixup hook rather than staying locked
until the end of (a potentially slow) request.
Add a little more trace4 to the authnz_ldap side of LDAP connection obtain/release.
Eric Covener [Sat, 5 Jul 2014 00:06:15 +0000 (00:06 +0000)]
make LDAPConnectionPoolTTL more conservative, use r->request_time rather than
end-of-request time, and only update it after a round-trip with the LDAP
server rather than every time we check back into the pool.
Ben Reser [Mon, 30 Jun 2014 16:54:27 +0000 (16:54 +0000)]
mod_lua: Remove dead code left over from the old code cache.
The code that used this was commented out in r721594, then removed entirely in
r728497, and finally a commit was made intending to remove the last traces of
the code cache in r1200513, but this initialization lived on anyway.
* modules/lua/mod_lua.c
(create_server_config): Remove unused empty hash and rwlock for hash.
* modules/lua/mod_lua.h
(ap_lua_server_cfg): Remove unneeded hash and rwlock entries.
Joe Orton [Thu, 26 Jun 2014 15:49:49 +0000 (15:49 +0000)]
* modules/ssl/ssl_engine_init.c: Make DH handling a bit more generic,
and adjust selection logic to prefer use of larger not smaller keys.
(init_dh_params, free_dh_params, modssl_get_dh_params): Use array of
structs to store and initialize DH parameters up to 8192-bit.
Takashi Sato [Wed, 25 Jun 2014 12:24:03 +0000 (12:24 +0000)]
Refactor asynchronous mod_proxy_wstunnel using pollfd returned by MPM.
r1601943 and r1605307 made Event MPM return woken pollfd, so async
wstunnel doesn't need its own apr_pollset_poll.
Eric Covener [Tue, 24 Jun 2014 12:34:52 +0000 (12:34 +0000)]
followup to r1604350, move the c->sbh assignment to immediately before the
socket is added to the timeout queue. Technically not needed because we hold
the lock on the timeout queue, but more consistent with other blocks that
leave the thread.
Submitted By: Edward Lu <Chaosed0 gmail com>
Committed By: covener
Eric Covener [Sat, 21 Jun 2014 13:03:19 +0000 (13:03 +0000)]
missed a case in r1538490:
PR56639
Always NULL c->sbh before putting a connection back in a pollset or queue.
We can't NULL c->sbh at the bottom of process_socket() after putting a socket back on
the event_pollset or having it go into lingering close, because the listener or a worker
thread could A) continue on the connection or B) free and allocate the same conn_rec
pointer before we get to the bottom of process_socket().
Jeff Trawick [Mon, 16 Jun 2014 23:56:06 +0000 (23:56 +0000)]
Fix bug introduced in r1591508 which resulted in the final empty
FCGI_STDIN not being sent. Interaction with latest uWSGI (and
probably other protocol implementations) breaks without this.
Yann Ylavic [Mon, 16 Jun 2014 20:26:24 +0000 (20:26 +0000)]
mod_proxy: Don't limit the size of the connectable Unix Domain Socket paths.
Since connect() to UDS path is used at several places, introduce
ap_proxy_connect_uds() in proxy_util.