Joe Orton [Wed, 20 Jun 2007 17:29:24 +0000 (17:29 +0000)]
Fix CVE-2006-5752:
* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack. Use logitem-escaping on the request string to
make it charset-neutral.
Reported by: Stefan Esser <sesser hardened-php.net>
Paul Querna [Tue, 12 Jun 2007 00:32:24 +0000 (00:32 +0000)]
Add a clogging_input_filters variable to the conn_rec, enabling the Event MPM to know when its running with an input filter that buffers its own data, like mod_ssl.
Paul Querna [Tue, 12 Jun 2007 00:29:17 +0000 (00:29 +0000)]
Fix a bug in the use of i2d_SSL_SESSION, since it increments the pointer of the buffer passed, we need to use ucaData rather than ucp to put it into memcache.
Paul Querna [Fri, 8 Jun 2007 20:18:17 +0000 (20:18 +0000)]
For the DBM SSL Session Cache, propogate down pools to use for allocations. In most cases, we can use the conn_rec::pool, but for ssl_callback_DelSessionCacheEntry, we still use the long lived configuration pool, but this change at least makes it easier to fix in the future.
Paul Querna [Fri, 8 Jun 2007 02:48:04 +0000 (02:48 +0000)]
Add support for distributed caching of SSL Sessions inside memcached, using apr_memcache, which is present in APR-Util 1.3/trunk.
This was originally written at ApacheCon US 2005 (San Diego), and was sent to the list:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200512.mbox/%3C439C6C07.9030904@force-elite.com%3E
This version is slightly cleaned up, and of course, uses the now bundled apr_memcache, rather than an external dependency.
Ruediger Pluem [Wed, 6 Jun 2007 20:02:56 +0000 (20:02 +0000)]
* Preset the form fields for route and redirect with the values of the active
configuration in the scoreboard and not with the ones loaded from the
configuration files.
Eric Covener [Fri, 1 Jun 2007 15:50:12 +0000 (15:50 +0000)]
SECURITY: CVE-2007-1862 (cve.mitre.org)
mod_mem_cache: Copy headers into longer lived storage; header names and
values could previously point to cleaned up storage
Ruediger Pluem [Sun, 27 May 2007 13:57:46 +0000 (13:57 +0000)]
* Prevent running through the error stack by returning OK and setting r->status
accordingly if ret is HTTP_NOT_MODIFIED as this breaks mod_cache validating a
stale entity.
Ruediger Pluem [Sun, 27 May 2007 11:26:04 +0000 (11:26 +0000)]
* Also add a possible ETag header to r->headers_out. We need to have it there
for our later call to ap_meets_conditions a few lines above. Having it put
in the merge table will fail as merge and r->err_headers_out get merged
AFTER our call to ap_meets_conditions. Besides of this having multiple
ETag headers (or a merged version of them) does not seem to make sense.
Nick Kew [Sat, 26 May 2007 18:50:18 +0000 (18:50 +0000)]
PR#39710 - badly broken errordocuments for CGI
We've just had another duplicate report of this on bugzilla.
We've got a simple patch, and people asking WTF is going on
with inaction. Noone seems clear on why the patch shouldn't
be applied (http://marc.info/?l=apache-httpd-dev&m=117760311129386&w=2).
Chris Darroch [Sat, 19 May 2007 05:01:44 +0000 (05:01 +0000)]
apr_dbd_check_conn() just returns APR_SUCCESS or APR_EGENERAL, so we
don't actually have a driver-specific value to pass to apr_dbd_error(),
but that's OK because most/all drivers just ignore this value anyway
mod_disk_cache: If the Vary'd content is stale, we can handle it via our
freshness tests which will attempt to revalidate the content.
* modules/cache/mod_disk_cache.c
(open_entity): If the root Vary index is stale, we don't need to throw away
potentially stale content - we can try to refresh it.
mod_disk_cache: When renegotiating an already cached Vary'd response, do not
let us later throw away the renegotiated content due to a name mismatch.
We do not need to update the ->name field just before writing the headers as
the computed ->name on open and create is sufficient. Updating ->name here is
essentially a no-op - except in the case of Vary where the key has internally
changed (to account for the Vary prefix), but the original name has not.
However, writing the Vary'd-accounted key means that when we read the cache
next that we will error out and disregard the just renegotiated response and
fetch the content all over again - oops!
(This is largely a case where I think we may have overthought ourselves; hence
the explanation is here in the commit rather than in the file itself.)
* modules/cache/mod_disk_cache.c
(store_headers): The originally opened ->name is sufficient.
* CHANGES: Combined with r538992, note that renegotiation for Vary's seem to
work far better.
mod_disk_cache: When renegotiating an already cached Vary'd response, create
the refreshed .vary structure in the right directory. Otherwise, we'll create
a new .vary layout underneath the already existing one - oops!
* modules/cache/mod_disk_cache.c
(store_headers): Temporarily clear dobj->prefix if it is set to ensure that
we create the .vary structure underneath the cache root.
RFC 2616 13.2.1 calls out max-age as being a valid 'explicit expiration time',
so per Sec. 13.9 permit queries with just max-age instead of only Expires.
* modules/cache/mod_cache.c
(cache_save_filter): Be closer to RFC 2616's intent for query arguments.
* CHANGES: Update.
Ruediger Pluem [Mon, 7 May 2007 14:20:09 +0000 (14:20 +0000)]
- In AP_MODE_SPECULATIVE ap_core_input_filter returns APR_SUCCESS and an empty
brigade in the case that a non blocking read from the socket returned
APR_EAGAIN. So getting an empty brigade also shows that no data is present
in the input filter.
While this reduces the number of false positives for "real data" in the input
filter the behaviour is not as good as before 533820 because if there are
only CRLF's in the input filter we do not flush, but we should. To fix this
it seems that a simulation of AP_MODE_EATCRLF is needed inside of
check_pipeline.
- Destroy brigade bb at the end of the function.
Ruediger Pluem [Sun, 6 May 2007 14:35:02 +0000 (14:35 +0000)]
* Prevent a segmentation fault if one of the Cache-Control headers
s-maxage, max-age, min-fresh, max-stale has no value assigned.
In this case ignore s-maxage, max-age, min-fresh. For max-stale
it is valid to set no value. In this case set max-stale to 1 year
to signal that the client is accepting a stale response of any age.
Jim Jagielski [Fri, 4 May 2007 19:12:38 +0000 (19:12 +0000)]
Abstract out (kinda) MSG_PEEK. This way when we
actually update APR and apr_socket_recvfrom()
to know about APR_MSG_OOB, APR_MSG_PEEK, etc...
this code won't need to be adjusted. Also,
make nicer for 2.2 backport.
Joshua Slive [Fri, 4 May 2007 14:13:42 +0000 (14:13 +0000)]
As discussed on docs@httpd, remove the FAQ and replace it with the contents
of the old support.xml and a pointer to the wiki.
Of possible interest: I've also removed the link to the professional support
database, since it was returning error 500 for some time and nobody
seemed to care.
re-introduce ap_satisfies API back into core and modify how the access_checker, check_user_id and auth_checker hooks are called so that they respect the precedence that is set through the satisfy ALL/ANY directive. This also restores the directives order, allow, deny, satisfyas supported directives rather than being deprecated. These directives still remain in mod_access_compat however.
check_pipeline: use AP_MODE_SPECULATIVE to check for data in the input filters
to accomodate mod_ssl's input filter. AP_MODE_EATCRLF is essentially a no-op
in that filter.
this fixes missing imbedded graphics etc when using the Event MPM with mod_ssl
with HTTP pipelining enabled in the browser. the pipelined requests after the
first were never read from mod_ssl's input filter. it might reduce unneeded
flushes with other MPMs.
Jeff Trawick [Thu, 12 Apr 2007 15:07:11 +0000 (15:07 +0000)]
HTTP proxy ProxyErrorOverride: Leave 1xx and 3xx responses alone. Only
processing of error responses (4xx, 5xx) will be altered.
PR: 39245
This is based on a patch submitted by Bart van der Schans <schans hippo.nl>
and tweaked slightly by me based on discussions on dev@ since April 2006.
I think rpleum was the first to mention the 1xx issue.
Encourage people to look at ./configure --help
Several people this week have seemed to think that this document should
list all the options. Perhaps that's not entirely unreasonable, but it
isn't going to happen any time soon.
Correct behavior of HTTP request headers sent by ab in presence of -H command-
line overrides. Previously, ab would concatenate a supplied -H User-Agent:
header to the existing one, and send duplicate headers if either -H Host: or
-H Accept: were specified on the command line.
Now, the default headers are not sent if they are overridden using the -H
command-line flag.
The apr_port_t type is unsigned, but ab was using a signed format code in
its reports. PR 42070. Submitted by Takashi Sato serai lans-tv.com,
reviewed by sctemme.
Move the thread locking upcall initialization before the hardware library init,
so the hardware library can pick up the locking callbacks. Fixes PR 20951.
Tested on Linux with trunk and an nCipher nShield card, and on Solaris 10/Sparc
on 2.0.55 with an nCipher NetHSM.
projects / apache / log