From 26b9e53635a23ea02011d4b8a7880b703472cdcf Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Tue, 17 Jun 2014 12:06:05 +0000
Subject: [PATCH] Merge r1572905, r1595305, r1597182, r1586827, r1534892,
 r1563193, r1597639 from trunk:

core: avoid a double apr_time_now() call on the first succeeding read.

* Correctly escape user provided data.

PR: 56532
Submitted by: Maksymilian <max cert.cx>
Reviewed by: rpluem


Save a few bytes of memory. This can be done in temp_pool.

Fix layout

don't pass uninitialized rv passed to ap_log_rerror()
  (rv wasn't interesting / follow an existing example)

stop throwing away a pointer on the heap

(clang scan-build)


add the URI to DEBUG message 00765 (and drop an exclamation point):

  Cache provider's store_body failed!



Doxygen fix + reorg to match how other header files are built
Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                            |  2 ++
 STATUS                             | 20 --------------------
 include/heartbeat.h                | 12 ++++++------
 modules/cache/mod_cache.c          |  5 ++---
 modules/cache/mod_cache_socache.c  |  5 +++--
 modules/metadata/mod_usertrack.c   |  8 ++++----
 modules/proxy/mod_proxy_balancer.c |  2 +-
 server/connection.c                |  9 +++++----
 8 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/CHANGES b/CHANGES
index 39f7a342dc..864bc3ac6c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
                                                          -*- coding: utf-8 -*-
 
 Changes with Apache 2.4.10
+  *) mod_proxy_balancer: Correctly encode user provided data in management
+     interface. PR 56532 [Maksymilian, <max cert.cx>]
 
   *) mod_proxy_fcgi: Support iobuffersize parameter.  [Jeff Trawick]
 
diff --git a/STATUS b/STATUS
index 4406086b44..183aaf583a 100644
--- a/STATUS
+++ b/STATUS
@@ -100,26 +100,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * Easy patches - synch with trunk
-        core: avoid a double apr_time_now() call on the first succeeding read.
-        mod_proxy_balancer: Correctly escape user provided data.
-        mod_usertrack: Save a few bytes of memory. This can be done in temp_pool
-        mod_cache: Fix layout
-        mod_cache_socache: Don't pass uninitialized rv passed to ap_log_rerror()
-                           Stop throwing away a pointer on the heap
-        mod_cache: add the URI to DEBUG message 00765
-        heartbeat: Doxygen fix + reorg to match how other header files are built
-     trunk patch:
-        http://svn.apache.org/r1572905
-        http://svn.apache.org/r1595305
-        http://svn.apache.org/r1597182
-        http://svn.apache.org/r1586827
-        http://svn.apache.org/r1534892
-        http://svn.apache.org/r1563193
-        http://svn.apache.org/r1597639
-     2.4.x patch:  http://people.apache.org/~jailletc36/backport8.patch
-     +1: jailletc36, ylavic, jim
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/include/heartbeat.h b/include/heartbeat.h
index 394aed8cc7..40f98c3a34 100644
--- a/include/heartbeat.h
+++ b/include/heartbeat.h
@@ -14,18 +14,18 @@
  * limitations under the License.
  */
 
-#ifndef HEARTBEAT_H
-#define HEARTBEAT_H
-
 /**
  * @file  heartbeat.h
- * @brief commun structures for mod_heartmonitor.c  and mod_lbmethod_heartbeat.c
+ * @brief commun structures for mod_heartmonitor.c and mod_lbmethod_heartbeat.c
  *
- * @defgroup HEARTBEAT mem
+ * @defgroup HEARTBEAT heartbeat
  * @ingroup  APACHE_MODS
  * @{
  */
 
+#ifndef HEARTBEAT_H
+#define HEARTBEAT_H
+
 #include "apr.h"
 #include "apr_time.h"
 
@@ -56,5 +56,5 @@ typedef struct hm_slot_server_t
 }
 #endif
 
-#endif
+#endif /* HEARTBEAT_H */
 /** @} */
diff --git a/modules/cache/mod_cache.c b/modules/cache/mod_cache.c
index 245590f807..cd839ed7c5 100644
--- a/modules/cache/mod_cache.c
+++ b/modules/cache/mod_cache.c
@@ -713,7 +713,7 @@ static int cache_save_store(ap_filter_t *f, apr_bucket_brigade *in,
         rv = cache->provider->store_body(cache->handle, f->r, in, cache->out);
         if (rv != APR_SUCCESS) {
             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, rv, f->r, APLOGNO(00765)
-                    "cache: Cache provider's store_body failed!");
+                    "cache: Cache provider's store_body failed for URI %s", f->r->uri);
             ap_remove_output_filter(f);
 
             /* give someone else the chance to cache the file */
@@ -2083,8 +2083,7 @@ static const char *set_cache_quick_handler(cmd_parms *parms, void *dummy,
     cache_server_conf *conf;
 
     conf =
-        (cache_server_conf *)ap_get_module_config(parms->server->module_config
-,
+        (cache_server_conf *)ap_get_module_config(parms->server->module_config,
                                                   &cache_module);
     conf->quick = flag;
     conf->quick_set = 1;
diff --git a/modules/cache/mod_cache_socache.c b/modules/cache/mod_cache_socache.c
index 220f9c8bd0..a138e6b8bf 100644
--- a/modules/cache/mod_cache_socache.c
+++ b/modules/cache/mod_cache_socache.c
@@ -919,7 +919,7 @@ static apr_status_t store_headers(cache_handle_t *h, request_rec *r,
     if (sobj->headers_in) {
         if (APR_SUCCESS != store_table(sobj->headers_in, sobj->buffer,
                 sobj->buffer_len, &slider)) {
-            ap_log_rerror(APLOG_MARK, APLOG_WARNING, rv, r, APLOGNO(02376)
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02376)
                     "in-headers didn't fit in buffer %s",
                     sobj->key);
             apr_pool_destroy(sobj->pool);
@@ -1239,10 +1239,11 @@ static void *create_config(apr_pool_t *p, server_rec *s)
 
 static void *merge_config(apr_pool_t *p, void *basev, void *overridesv)
 {
-    cache_socache_conf *ps = apr_pcalloc(p, sizeof(cache_socache_conf));
+    cache_socache_conf *ps;
     cache_socache_conf *base = (cache_socache_conf *) basev;
     cache_socache_conf *overrides = (cache_socache_conf *) overridesv;
 
+    /* socache server config only has one field */
     ps = overrides ? overrides : base;
 
     return ps;
diff --git a/modules/metadata/mod_usertrack.c b/modules/metadata/mod_usertrack.c
index 61752b7d5b..377c77bc45 100644
--- a/modules/metadata/mod_usertrack.c
+++ b/modules/metadata/mod_usertrack.c
@@ -308,9 +308,9 @@ static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
      * CookieExpires "[plus] {<num> <type>}*"
      */
 
-    word = ap_getword_conf(parms->pool, &arg);
+    word = ap_getword_conf(parms->temp_pool, &arg);
     if (!strncasecmp(word, "plus", 1)) {
-        word = ap_getword_conf(parms->pool, &arg);
+        word = ap_getword_conf(parms->temp_pool, &arg);
     };
 
     /* {<num> <type>}* */
@@ -322,7 +322,7 @@ static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
             return "bad expires code, numeric value expected.";
 
         /* <type> */
-        word = ap_getword_conf(parms->pool, &arg);
+        word = ap_getword_conf(parms->temp_pool, &arg);
         if (!word[0])
             return "bad expires code, missing <type>";
 
@@ -346,7 +346,7 @@ static const char *set_cookie_exp(cmd_parms *parms, void *dummy,
         modifier = modifier + factor * num;
 
         /* next <num> */
-        word = ap_getword_conf(parms->pool, &arg);
+        word = ap_getword_conf(parms->temp_pool, &arg);
     }
 
     cls->expires = modifier;
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index c927d3bf6e..acfd3861de 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -1602,7 +1602,7 @@ static int balancer_handler(request_rec *r)
             ap_rputs("<h3>Edit balancer settings for ", r);
             ap_rvputs(r, bsel->s->name, "</h3>\n", NULL);
             ap_rputs("<form method='POST' enctype='application/x-www-form-urlencoded' action='", r);
-            ap_rvputs(r, action, "'>\n", NULL);
+            ap_rvputs(r, ap_escape_uri(r->pool, action), "'>\n", NULL);
             ap_rputs("<dl>\n<table>\n", r);
             provs = ap_list_provider_names(r->pool, PROXY_LBMETHOD, "0");
             if (provs) {
diff --git a/server/connection.c b/server/connection.c
index 437ae10bac..fadf08d35b 100644
--- a/server/connection.c
+++ b/server/connection.c
@@ -141,7 +141,7 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
 {
     char dummybuf[512];
     apr_size_t nbytes;
-    apr_time_t timeup = 0;
+    apr_time_t now, timeup = 0;
     apr_socket_t *csd = ap_get_conn_socket(c);
 
     if (ap_start_lingering_close(c)) {
@@ -165,6 +165,7 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
         if (apr_socket_recv(csd, dummybuf, &nbytes) || nbytes == 0)
             break;
 
+        now = apr_time_now();
         if (timeup == 0) {
             /*
              * First time through;
@@ -175,14 +176,14 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c)
              * DoS attacks.
              */
             if (apr_table_get(c->notes, "short-lingering-close")) {
-                timeup = apr_time_now() + apr_time_from_sec(SECONDS_TO_LINGER);
+                timeup = now + apr_time_from_sec(SECONDS_TO_LINGER);
             }
             else {
-                timeup = apr_time_now() + apr_time_from_sec(MAX_SECS_TO_LINGER);
+                timeup = now + apr_time_from_sec(MAX_SECS_TO_LINGER);
             }
             continue;
         }
-    } while (apr_time_now() < timeup);
+    } while (now < timeup);
 
     apr_socket_close(csd);
     return;
-- 
2.50.1