* generalize from error buckets to metadata buckets
* also applicable to the deflate input filter
* pass along metadata buckets rather than giving up mid-stream
Eric Covener [Thu, 12 Jul 2007 02:42:44 +0000 (02:42 +0000)]
This data is passed in an unsafe way to the LDAP SDK if the compiler
chooses to use shorts for the enum values.
http://www.redbooks.ibm.com/redbooks/SG245992/nn4/SG245992_88.html
Paul Querna [Thu, 12 Jul 2007 02:06:01 +0000 (02:06 +0000)]
Fix VPATH builds of httpd with the apr_memcache backend for ssl sessions, when APR and APR-Util are also in a VPATH. This is caused by APR_INCLUDEDIR actually having multiple paths in a VPATH builds, so we need to use _INCLUDES instead.
with LimitRequestBody xxx and the deflate output filter configured, mod_deflate
eats the 413 error bucket, a 500 error is logged, and a blank screen appears
at the browser.
Use correct Doxygen keywords for functions and variables. TODO: figure out whether those keywords are actually necessary. HTML-ify some documentation comments for benefit of Doxygen.
Jim Jagielski [Tue, 3 Jul 2007 18:13:27 +0000 (18:13 +0000)]
Rename relatively useless struct element for something more
defining. Also, if we were unable to ap_queue_push(), then
push2worker should report failure.
Joe Orton [Fri, 29 Jun 2007 20:54:01 +0000 (20:54 +0000)]
* server/mpm/prefork/prefork.c (child_main): Stop processing new
connections if shutdown_pending is set, i.e. when SIGTERM is received
in single-proecss mode.
Joe Orton [Fri, 29 Jun 2007 10:33:14 +0000 (10:33 +0000)]
Add alternative fixes for CVE-2007-3304:
* configure.in: Check for getpgid.
* include/mpm_common.h (ap_mpm_safe_kill): New prototype.
* server/mpm_common.c (reclaim_one_pid): Ensure pid validity before
calling apr_proc_wait().
(ap_mpm_safe_kill): New function.
* server/mpm/prefork/prefork.c, server/mpm/worker/worker.c,
server/mpm/experimental/event/event.c: Use ap_mpm_safe_kill() on pids
from the scoreboard, throughout.
Joe Orton [Fri, 29 Jun 2007 08:43:29 +0000 (08:43 +0000)]
* server/mpm/prefork/prefork.c (reap_children),
* server/mpm_common.c (ap_wait_or_timeout): Remove dead code; NEED_WAITPID
has never been defined by the 2.x build system.
Sander Temme [Mon, 25 Jun 2007 23:22:30 +0000 (23:22 +0000)]
Complete cleanup of global variable use by mod_example. This should take away
any existing reservation about thread-safety of this code. Add warning that
this code is now too top heavy and implements too many obscure callbacks to
serve a s point of departure for one's own development effort.
Fix the timeout logic. The order is now:
1 - worker->timeout
2 - proxy_conf->timeout
3 - server->timeout.
ap_get_module_config() is not perfect by that is easy to port back to 2.2.x.
Joe Orton [Wed, 20 Jun 2007 17:29:24 +0000 (17:29 +0000)]
Fix CVE-2006-5752:
* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack. Use logitem-escaping on the request string to
make it charset-neutral.
Reported by: Stefan Esser <sesser hardened-php.net>
Paul Querna [Tue, 12 Jun 2007 00:32:24 +0000 (00:32 +0000)]
Add a clogging_input_filters variable to the conn_rec, enabling the Event MPM to know when its running with an input filter that buffers its own data, like mod_ssl.
Paul Querna [Tue, 12 Jun 2007 00:29:17 +0000 (00:29 +0000)]
Fix a bug in the use of i2d_SSL_SESSION, since it increments the pointer of the buffer passed, we need to use ucaData rather than ucp to put it into memcache.
Paul Querna [Fri, 8 Jun 2007 20:18:17 +0000 (20:18 +0000)]
For the DBM SSL Session Cache, propogate down pools to use for allocations. In most cases, we can use the conn_rec::pool, but for ssl_callback_DelSessionCacheEntry, we still use the long lived configuration pool, but this change at least makes it easier to fix in the future.
Paul Querna [Fri, 8 Jun 2007 02:48:04 +0000 (02:48 +0000)]
Add support for distributed caching of SSL Sessions inside memcached, using apr_memcache, which is present in APR-Util 1.3/trunk.
This was originally written at ApacheCon US 2005 (San Diego), and was sent to the list:
http://mail-archives.apache.org/mod_mbox/httpd-dev/200512.mbox/%3C439C6C07.9030904@force-elite.com%3E
This version is slightly cleaned up, and of course, uses the now bundled apr_memcache, rather than an external dependency.
Ruediger Pluem [Wed, 6 Jun 2007 20:02:56 +0000 (20:02 +0000)]
* Preset the form fields for route and redirect with the values of the active
configuration in the scoreboard and not with the ones loaded from the
configuration files.
Eric Covener [Fri, 1 Jun 2007 15:50:12 +0000 (15:50 +0000)]
SECURITY: CVE-2007-1862 (cve.mitre.org)
mod_mem_cache: Copy headers into longer lived storage; header names and
values could previously point to cleaned up storage
Ruediger Pluem [Sun, 27 May 2007 13:57:46 +0000 (13:57 +0000)]
* Prevent running through the error stack by returning OK and setting r->status
accordingly if ret is HTTP_NOT_MODIFIED as this breaks mod_cache validating a
stale entity.
Ruediger Pluem [Sun, 27 May 2007 11:26:04 +0000 (11:26 +0000)]
* Also add a possible ETag header to r->headers_out. We need to have it there
for our later call to ap_meets_conditions a few lines above. Having it put
in the merge table will fail as merge and r->err_headers_out get merged
AFTER our call to ap_meets_conditions. Besides of this having multiple
ETag headers (or a merged version of them) does not seem to make sense.
Nick Kew [Sat, 26 May 2007 18:50:18 +0000 (18:50 +0000)]
PR#39710 - badly broken errordocuments for CGI
We've just had another duplicate report of this on bugzilla.
We've got a simple patch, and people asking WTF is going on
with inaction. Noone seems clear on why the patch shouldn't
be applied (http://marc.info/?l=apache-httpd-dev&m=117760311129386&w=2).
Chris Darroch [Sat, 19 May 2007 05:01:44 +0000 (05:01 +0000)]
apr_dbd_check_conn() just returns APR_SUCCESS or APR_EGENERAL, so we
don't actually have a driver-specific value to pass to apr_dbd_error(),
but that's OK because most/all drivers just ignore this value anyway
mod_disk_cache: If the Vary'd content is stale, we can handle it via our
freshness tests which will attempt to revalidate the content.
* modules/cache/mod_disk_cache.c
(open_entity): If the root Vary index is stale, we don't need to throw away
potentially stale content - we can try to refresh it.
mod_disk_cache: When renegotiating an already cached Vary'd response, do not
let us later throw away the renegotiated content due to a name mismatch.
We do not need to update the ->name field just before writing the headers as
the computed ->name on open and create is sufficient. Updating ->name here is
essentially a no-op - except in the case of Vary where the key has internally
changed (to account for the Vary prefix), but the original name has not.
However, writing the Vary'd-accounted key means that when we read the cache
next that we will error out and disregard the just renegotiated response and
fetch the content all over again - oops!
(This is largely a case where I think we may have overthought ourselves; hence
the explanation is here in the commit rather than in the file itself.)
* modules/cache/mod_disk_cache.c
(store_headers): The originally opened ->name is sufficient.
* CHANGES: Combined with r538992, note that renegotiation for Vary's seem to
work far better.
mod_disk_cache: When renegotiating an already cached Vary'd response, create
the refreshed .vary structure in the right directory. Otherwise, we'll create
a new .vary layout underneath the already existing one - oops!
* modules/cache/mod_disk_cache.c
(store_headers): Temporarily clear dobj->prefix if it is set to ensure that
we create the .vary structure underneath the cache root.
RFC 2616 13.2.1 calls out max-age as being a valid 'explicit expiration time',
so per Sec. 13.9 permit queries with just max-age instead of only Expires.
* modules/cache/mod_cache.c
(cache_save_filter): Be closer to RFC 2616's intent for query arguments.
* CHANGES: Update.
Ruediger Pluem [Mon, 7 May 2007 14:20:09 +0000 (14:20 +0000)]
- In AP_MODE_SPECULATIVE ap_core_input_filter returns APR_SUCCESS and an empty
brigade in the case that a non blocking read from the socket returned
APR_EAGAIN. So getting an empty brigade also shows that no data is present
in the input filter.
While this reduces the number of false positives for "real data" in the input
filter the behaviour is not as good as before 533820 because if there are
only CRLF's in the input filter we do not flush, but we should. To fix this
it seems that a simulation of AP_MODE_EATCRLF is needed inside of
check_pipeline.
- Destroy brigade bb at the end of the function.
projects / apache / log