From 625b89a7e2fad9d448902e332b274f638ca9ce43 Mon Sep 17 00:00:00 2001 From: Jim Jagielski Date: Mon, 12 Sep 2011 14:15:53 +0000 Subject: [PATCH] Add in MaxRangeOverlaps and MaxRangeReversals to accomodate more control over acceptable Range headers: See: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1169756 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 157 ++++++++++++++++---------------- docs/manual/mod/core.xml | 111 ++++++++++++++++++---- include/ap_mmn.h | 9 +- include/http_core.h | 4 + modules/http/byterange_filter.c | 21 ++++- server/core.c | 97 ++++++++++++++++---- 6 files changed, 279 insertions(+), 120 deletions(-) diff --git a/CHANGES b/CHANGES index 646304d80f..735f597a73 100644 --- a/CHANGES +++ b/CHANGES @@ -12,6 +12,11 @@ Changes with Apache 2.3.15 PR 51714. [Stefan Fritsch, Jim Jagielski, Ruediger Pluem, Eric Covener, ] + *) core: Add MaxRangeOverlaps and MaxRangeReversals directives to control + the number of overlapping and reversing ranges (respectively) permitted + before returning the entire resource, with a default limit of 20. + [Jim Jagielski] + *) mod_ldap: Optional function uldap_ssl_supported(r) always returned false if called from a virtual host with mod_ldap directives in it. Did not affect mod_authnz_ldap's usage of mod_ldap. [Eric Covener] @@ -30,7 +35,7 @@ Changes with Apache 2.3.15 directive for controlling the revocation checking mode. [Kaspar Brand] *) core: Add MaxRanges directive to control the number of ranges permitted - before returning the entire resource, with a default limit of 200. + before returning the entire resource, with a default limit of 200. [Eric Covener] *) mod_cache: Ensure that CacheDisable can correctly appear within @@ -54,10 +59,10 @@ Changes with Apache 2.3.15 LDAP_OPT_CONNECT_TIMEOUT instead of LDAP_OPT_NETWORK_TIMEOUT, such as Tivoli Directory Server 6.3 and later. [Eric Covener] - *) mod_ldap: Change default number of retries from 10 to 3, and add + *) mod_ldap: Change default number of retries from 10 to 3, and add an LDAPRetries and LDAPRetryDelay directives. [Eric Covener] - *) mod_authnz_ldap: Don't retry during authentication, because this just + *) mod_authnz_ldap: Don't retry during authentication, because this just multiplies the ample retries already being done by mod_ldap. [Eric Covener] *) configure: Allow to explicitly disable modules even with module selection @@ -67,7 +72,7 @@ Changes with Apache 2.3.15 RewriteEngine is disabled in server context, avoiding a crash while referencing the invalid int: map at runtime. PR 50994. [Ben Noordhuis ] - + *) mod_ssl, configure: require OpenSSL 0.9.7 or later. [Kaspar Brand] *) mod_ssl: remove ssl_toolkit_compat layer. [Kaspar Brand] @@ -75,7 +80,7 @@ Changes with Apache 2.3.15 *) mod_ssl, configure, ab: drop support for RSA BSAFE SSL-C toolkit. [Kaspar Brand] - *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the + *) mod_usertrack: Run mod_usertrack earlier in the fixups hook to ensure the cookie is set when modules such as mod_rewrite trigger a redirect. Also use r->err_headers_out for the cookie, for the same reason. PR29755. [Sami J. Mäkinen , Eric Covener] @@ -123,7 +128,7 @@ Changes with Apache 2.3.14 *) mod_ldap: Revert the integration of apr-ldap as ap_ldap which was done in 2.3.13. [Stefan Fritsch] - *) core: For '*' or '_default_' vhosts, use a wildcard address of any + *) core: For '*' or '_default_' vhosts, use a wildcard address of any address family, rather than IPv4 only. [Joe Orton] *) core, mod_rewrite, mod_ssl, mod_nw_ssl: Make the SERVER_NAME variable @@ -198,7 +203,7 @@ Changes with Apache 2.3.13 describes more accurately what it does. [Stefan Fritsch] *) rotatelogs: Add -p argument to specify custom program to invoke - after a log rotation. PR 51285. [Sven Ulland , + after a log rotation. PR 51285. [Sven Ulland , Joe Orton] *) mod_ssl: Don't do OCSP checks for valid self-issued certs. [Kaspar Brand] @@ -324,7 +329,7 @@ Changes with Apache 2.3.12 *) WinNT MPM: Improve robustness under heavy load. [Jeff Trawick] - *) MinGW build improvements. PR 49535. [John Vandenberg + *) MinGW build improvements. PR 49535. [John Vandenberg , Jeff Trawick] *) core: Support module names with colons in loglevel configuration. @@ -348,7 +353,7 @@ Changes with Apache 2.3.12 *) mod_info: Dump config to stdout during startup if -DDUMP_CONFIG is specified. PR 31956. [Stefan Fritsch] - *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM + *) Restore visibility of DEFAULT_PIDLOG to core and modules. MPM helper function ap_remove_pid() added. [Jeff Trawick] *) Enable DEFAULT_REL_RUNTIMEDIR on Windows and NetWare. [various] @@ -369,7 +374,7 @@ Changes with Apache 2.3.12 *) mod_ldap: Add LDAPConnectionPoolTTL to give control over lifetime of bound backend LDAP connections. PR47634 [Eric Covener] - + *) mod_cache: Make CacheEnable and CacheDisable configurable per directory in addition to per server, making them work from within a LocationMatch. [Graham Leggett] @@ -449,12 +454,12 @@ Changes with Apache 2.3.11 [Rainer Jung] *) mod_ssl: Add config options for OCSP: SSLOCSPResponderTimeout, - SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew. + SSLOCSPResponseMaxAge, SSLOCSPResponseTimeSkew. [Kaspar Brand ] *) mod_ssl: Revamp output buffering to reduce network overhead for output fragmented into many buckets, such as chunked HTTP responses. - [Joe Orton] + [Joe Orton] *) core: Apply sections to all requests, not only to file base requests. Allow to use inside , , and sections. @@ -491,7 +496,7 @@ Changes with Apache 2.3.11 to make other threads spin. [Graham Leggett] *) mod_ssl: Change the format of the SSL_{CLIENT,SERVER}_{I,S}_DN variables - to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and + to be RFC 2253 compatible, convert non-ASCII characters to UTF8, and escape other special characters with backslashes. The old format can still be used with the LegacyDNStringFormat argument to SSLOptions. @@ -504,7 +509,7 @@ Changes with Apache 2.3.11 *) mod_rewrite: Allow to unset environment variables using E=!VAR. PR 49512. [Mark Drayton , Stefan Fritsch] - *) mod_headers: Restore the 2.3.8 and earlier default for the first + *) mod_headers: Restore the 2.3.8 and earlier default for the first argument of the Header directive ("onsuccess"). [Eric Covener] *) core: Disallow the mixing of relative and absolute Options PR 33708. @@ -518,9 +523,9 @@ Changes with Apache 2.3.11 the port over a wildcard (or omitted) port instead of favoring the one that came first in the configuration file. [Eric Covener] - *) core: Overlapping virtual host address/port combinations now implicitly + *) core: Overlapping virtual host address/port combinations now implicitly enable name-based virtual hosting for that address. The NameVirtualHost - directive has no effect, and _default_ is interpreted the same as "*". + directive has no effect, and _default_ is interpreted the same as "*". [Eric Covener] *) core: In the absence of any Options directives, the default is now @@ -545,7 +550,7 @@ Changes with Apache 2.3.10 such as per-directory mod_rewrite substitutions. PR 50349. [Eric Covener] - *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base + *) mod_rewrite: Add 'RewriteOptions InheritBefore' to put the base rules/conditions before the overridden rules/conditions. PR 39313. [Jérôme Grandjanny ] @@ -557,17 +562,17 @@ Changes with Apache 2.3.10 [Eric Covener] *) core: Fail startup when the argument to ServerName looks like a glob - or a regular expression instead of a hostname (*?[]). PR 39863 + or a regular expression instead of a hostname (*?[]). PR 39863 [Rahul Nair ] - *) mod_userdir: Add merging of enable, disable, and filename arguments - to UserDir directive, leaving enable/disable of userlists unmerged. + *) mod_userdir: Add merging of enable, disable, and filename arguments + to UserDir directive, leaving enable/disable of userlists unmerged. PR 44076 [Eric Covener] *) httpd: When no -k option is provided on the httpd command line, the server - was starting without checking for an existing pidfile. PR 50350 - [Eric Covener] - + was starting without checking for an existing pidfile. PR 50350 + [Eric Covener] + *) mod_proxy: Put the worker in error state if the SSL handshake with the backend fails. PR 50332. [Daniel Ruggeri , Ruediger Pluem] @@ -599,7 +604,7 @@ Changes with Apache 2.3.9 *) suEXEC: Add Suexec directive to disable suEXEC without renaming the binary (Suexec Off), or force startup failure if suEXEC is required - but not supported (Suexec On). Change SuexecUserGroup to fail + but not supported (Suexec On). Change SuexecUserGroup to fail startup instead of just printing a warning if suEXEC is disabled. [Jeff Trawick] @@ -617,7 +622,7 @@ Changes with Apache 2.3.9 and functions. [Stefan Fritsch] *) core: Do the hook sorting earlier so that the hooks are properly sorted - for the pre_config hook and during parsing the config. [Stefan Fritsch] + for the pre_config hook and during parsing the config. [Stefan Fritsch] *) core: In the absence of any AllowOverride directives, the default is now "None" instead of "All". PR49823 [Eric Covener] @@ -626,13 +631,13 @@ Changes with Apache 2.3.9 or . PR47765 [Eric Covener] *) prefork/worker/event MPMS: default value (when no directive is present) - of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000 + of MaxConnectionsPerChild/MaxRequestsPerChild is changed to 0 from 10000 to match default configuration and manual. PR47782 [Eric Covener] *) proxy_connect: Don't give up in the middle of a CONNECT tunnel when the child process is starting to exit. PR50220. [Eric Covener] - *) mod_autoindex: Fix inheritance of mod_autoindex directives into + *) mod_autoindex: Fix inheritance of mod_autoindex directives into contexts that don't have any mod_autoindex directives. PR47766. [Eric Covener] @@ -747,7 +752,7 @@ Changes with Apache 2.3.9 *) core: For process invocation (cgi, fcgid, piped loggers and so forth) pass the system library path (LD_LIBRARY_PATH or platform-specific - variables) along with the system PATH, by default. Both should be + variables) along with the system PATH, by default. Both should be overridden together as desired using PassEnv etc; see mod_env. [William Rowe] @@ -858,7 +863,7 @@ Changes with Apache 2.3.8 Changes with Apache 2.3.7 *) SECURITY: CVE-2010-1452 (cve.mitre.org) - mod_dav, mod_cache, mod_session: Fix Handling of requests without a path + mod_dav, mod_cache, mod_session: Fix Handling of requests without a path segment. PR: 49246 [Mark Drayton, Jeff Trawick] *) mod_ldap: Properly check the result returned by apr_ldap_init. PR 46076. @@ -874,7 +879,7 @@ Changes with Apache 2.3.7 *) core/mod_authz_core: Introduce new access_checker_ex hook that enables mod_authz_core to bypass authentication if access should be allowed by IP address/env var/... [Stefan Fritsch] - + *) core: Introduce note_auth_failure hook to allow modules to add support for additional auth types. This makes ap_note_auth_failure() work with mod_auth_digest again. PR 48807. [Stefan Fritsch] @@ -987,8 +992,8 @@ Changes with Apache 2.3.6 mod_dumpio: Replace DumpIOLogLevel with trace log levels. [Stefan Fritsch] - *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns - title page only) when any mod_ldap directives were used in VirtualHost + *) mod_ldap: LDAP caching was suppressed (and ldap-status handler returns + title page only) when any mod_ldap directives were used in VirtualHost context. [Eric Covener] *) mod_disk_cache: Decline the opportunity to cache if the response is @@ -999,7 +1004,7 @@ Changes with Apache 2.3.6 *) mod_deflate: avoid the risk of forwarding data before headers are set. PR 49369 [Matthew Steele ] - *) mod_authnz_ldap: Ensure nested groups are checked when the + *) mod_authnz_ldap: Ensure nested groups are checked when the top-level group doesn't have any direct non-group members of attributes in AuthLDAPGroupAttribute. [Eric Covener] @@ -1010,7 +1015,7 @@ Changes with Apache 2.3.6 *) mod_authnz_ldap: Allow the initial DN search during authentication to use the HTTP username/pass instead of an anonymous or hard-coded - LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern). + LDAP id (AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern). [Eric Covener] *) mod_authnz_ldap: Publish requested LDAP data with an AUTHORIZE_ prefix @@ -1027,8 +1032,8 @@ Changes with Apache 2.3.6 [Bryn Dole ] *) Log an error for failures to read a chunk-size, and return 408 instead of - 413 when this is due to a read timeout. This change also fixes some cases - of two error documents being sent in the response for the same scenario. + 413 when this is due to a read timeout. This change also fixes some cases + of two error documents being sent in the response for the same scenario. [Eric Covener] PR49167 *) mod_proxy_balancer: Add new directive BalancerNonce to allow admin @@ -1058,7 +1063,7 @@ Changes with Apache 2.3.6 [Dr Stephen Henson , William Rowe] *) mod_proxy_http: Log the port of the remote server in various messages. - PR 48812. [Igor Galić ] + PR 48812. [Igor Galić ] *) mod_reqtimeout: Do not wrongly enforce timeouts for mod_proxy's backend connections and other protocol handlers (like mod_ftp). [Stefan Fritsch] @@ -1081,10 +1086,10 @@ Changes with Apache 2.3.6 log file. PR 48761 [, Dan Poirier] *) mod_ldap: Update LDAPTrustedClientCert to consistently be a per-directory - setting only, matching most of the documentation and examples. - PR 46541 [Paul Reder, Eric Covener] + setting only, matching most of the documentation and examples. + PR 46541 [Paul Reder, Eric Covener] - *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument + *) mod_ldap: LDAPTrustedClientCert now accepts CA_DER/CA_BASE64 argument types previously allowed only in LDAPTrustedGlobalCert. [Eric Covener] *) mod_negotiation: Preserve query string over multiviews negotiation. @@ -1095,7 +1100,7 @@ Changes with Apache 2.3.6 *) mod_ldap: Eliminate a potential crash with multiple LDAPTrustedClientCert when some are not password-protected. [Eric Covener] - *) Fix startup segfault when the Mutex directive is used but no loaded + *) Fix startup segfault when the Mutex directive is used but no loaded modules use httpd mutexes. PR 48787. [Jeff Trawick] *) Proxy: get the headers right in a HEAD request with @@ -1129,7 +1134,7 @@ Changes with Apache 2.3.6 the path specified by the Include directive. [Graham Leggett] *) mod_proxy, mod_proxy_http: Support remote https proxies - by using HTTP CONNECT. PR 19188. + by using HTTP CONNECT. PR 19188. [Philippe Dutrueux , Rainer Jung] *) apxs: Fix -A and -a options to ignore whitespace in httpd.conf @@ -1167,7 +1172,7 @@ Changes with Apache 2.3.6 [Stefan Fritsch] *) mod_authnz_ldap: Failures to map a username to a DN, or to check a user - password now result in an informational level log entry instead of + password now result in an informational level log entry instead of warning level. [Eric Covener] Changes with Apache 2.3.5 @@ -1175,7 +1180,7 @@ Changes with Apache 2.3.5 *) SECURITY: CVE-2010-0434 (cve.mitre.org) Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Eliminates a problematic - optimization in the case of no request body. PR 48359 + optimization in the case of no request body. PR 48359 [Jake Scott, William Rowe, Ruediger Pluem] *) Turn static function get_server_name_for_url() into public @@ -1233,7 +1238,7 @@ Changes with Apache 2.3.4 *) Replace AcceptMutex, LockFile, RewriteLock, SSLMutex, SSLStaplingMutex, and WatchdogMutexPath with a single Mutex directive. Add APIs to - simplify setup and user customization of APR proc and global mutexes. + simplify setup and user customization of APR proc and global mutexes. (See util_mutex.h.) Build-time setting DEFAULT_LOCKFILE is no longer respected; set DEFAULT_REL_RUNTIMEDIR instead. [Jeff Trawick] @@ -1299,7 +1304,7 @@ Changes with Apache 2.3.3 *) mod_charset_lite: Honor 'CharsetOptions NoImplicitAdd'. [Eric Covener] - *) mod_ssl: Add support for OCSP Stapling. PR 43822. + *) mod_ssl: Add support for OCSP Stapling. PR 43822. [Dr Stephen Henson ] *) mod_socache_shmcb: Allow parens in file name if cache size is given. @@ -1319,7 +1324,7 @@ Changes with Apache 2.3.3 *) Allow ProxyPreserveHost to work in sections. PR 34901. [Stefan Fritsch] - *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again + *) configure: Fix THREADED_MPMS so that mod_cgid is enabled again for worker MPM. [Takashi Sato] *) mod_dav: Provide a mechanism to obtain the request_rec and pathname @@ -1373,7 +1378,7 @@ Changes with Apache 2.3.3 *) core: Treat timeout reading request as 408 error, not 400. Log 408 errors in access log as was done in Apache 1.3.x. - PR 39785 [Nobutaka Mantani , + PR 39785 [Nobutaka Mantani , Stefan Fritsch , Dan Poirier] *) mod_ssl: Reintroduce SSL_CLIENT_S_DN, SSL_CLIENT_I_DN, SSL_SERVER_S_DN, @@ -1456,7 +1461,7 @@ Changes with Apache 2.3.3 *) ab: Fix broken error messages after resolver or connect() failures. [Jeff Trawick] - *) SECURITY: CVE-2009-1890 (cve.mitre.org) + *) SECURITY: CVE-2009-1890 (cve.mitre.org) Fix a potential Denial-of-Service attack against mod_proxy in a reverse proxy configuration, where a remote attacker can force a proxy process to consume CPU time indefinitely. [Nick Kew, Joe Orton] @@ -1521,7 +1526,7 @@ Changes with Apache 2.3.3 be run when a connection is opened. PR 46827 [Marko Kevac ] - *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock). + *) mod_cgid: Improve handling of long AF_UNIX socket names (ScriptSock). PR 47037. [Jeff Trawick] *) mod_proxy_ajp: Check more strictly that the backend follows the AJP @@ -1532,7 +1537,7 @@ Changes with Apache 2.3.3 *) Allow MPMs to be loaded dynamically, as with most other modules. Use --enable-mpms-shared={list|"all"} to enable. This required changes to - the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed + the MPM interfaces. Removed: mpm.h, mpm_default.h (as an installed header), APACHE_MPM_DIR, MPM_NAME, ap_threads_per_child, ap_max_daemons_limit, ap_my_generation, etc. ap_mpm_query() can't be called until after the register-hooks phase. [Jeff Trawick] @@ -1549,7 +1554,7 @@ Changes with Apache 2.3.3 as A/UX, Next, and Tandem. [Jeff Trawick] *) mod_proxy_ftp: Add ProxyFtpListOnWildcard directive to allow files with - globbing characters to be retrieved instead of converted into a + globbing characters to be retrieved instead of converted into a directory listing. PR 46789 [Dan Poirier ] *) Provide ap_retained_data_create()/ap_retained_data_get() for preservation @@ -1569,7 +1574,7 @@ Changes with Apache 2.3.2 *) mod_ssl: add support for type-safe STACK constructs in OpenSSL development HEAD. PR 45521. [Kaspar Brand, Sander Temme] - *) ab: Fix maintenance of the pollset to resolve EALREADY errors + *) ab: Fix maintenance of the pollset to resolve EALREADY errors with kqueue (BSD/OS X) and excessive CPU with event ports (Solaris). PR 44584. Use APR_POLLSET_NOCOPY for better performance with some pollset implementations. [Jeff Trawick] @@ -1660,7 +1665,7 @@ Changes with Apache 2.3.1 *) mod_rewrite: Introduce DiscardPathInfo|DPI flag to stop the troublesome way that per-directory rewrites append the previous notion of PATH_INFO - to each substitution before evaluating subsequent rules. + to each substitution before evaluating subsequent rules. PR 38642 [Eric Covener] *) mod_cgid: Do not add an empty argument when calling the CGI script. @@ -1688,7 +1693,7 @@ Changes with Apache 2.3.0 *) mod_ratelimit: New module to do bandwidth rate limiting. [Paul Querna] - *) Remove X-Pad header which was added as a work around to a bug in + *) Remove X-Pad header which was added as a work around to a bug in Netscape 2.x to 4.0b2. [Takashi Sato ] *) Add DTrace Statically Defined Tracing (SDT) probes. @@ -1716,7 +1721,7 @@ Changes with Apache 2.3.0 *) mod_heartmonitor: New module to collect heartbeats, and write out a file so that other modules can load balance traffic as needed. [Paul Querna] - *) mod_heartbeat: New module to generate multicast heartbeats to know if a + *) mod_heartbeat: New module to generate multicast heartbeats to know if a server is online. [Paul Querna] *) mod_buffer: Honour the flush bucket and flush the buffer in the @@ -1759,7 +1764,7 @@ Changes with Apache 2.3.0 *) unixd: turn existing code into a module, and turn the set user/group and chroot into a child_init function. [Nick Kew] - *) mod_dir: Support "DirectoryIndex disabled" + *) mod_dir: Support "DirectoryIndex disabled" Suggested By André Warnier [Eric Covener] *) mod_ssl: Send Content-Type application/ocsp-request for POST requests to @@ -1900,7 +1905,7 @@ Changes with Apache 2.3.0 [Chris Darroch] *) mod_ldap: Correctly return all requested attribute values - when some attributes have a null value. + when some attributes have a null value. PR 44560 [Anders Kaseorg ] *) core: check symlink ownership if both FollowSymlinks and @@ -1910,7 +1915,7 @@ Changes with Apache 2.3.0 PR 36783 [Robert L Mathews ] *) Activate mod_cache, mod_file_cache and mod_disk_cache as part of the - 'most' set for '--enable-modules' and '--enable-shared-mods'. Include + 'most' set for '--enable-modules' and '--enable-shared-mods'. Include mod_mem_cache in 'all' as well. [Dirk-Willem van Gulik] *) Also install mod_so.h, mod_rewrite.h and mod_cache.h; as these @@ -1920,7 +1925,7 @@ Changes with Apache 2.3.0 *) mod_dir, mod_negotiation: pass the output filter information to newly created sub requests; as these are later on used as true requests with an internal redirect. This allows for - mod_cache et.al. to trap the results of the redirect. + mod_cache et.al. to trap the results of the redirect. [Dirk-Willem van Gulik, Ruediger Pluem] *) mod_ldap: Add support (taking advantage of the new APR capability) @@ -1969,7 +1974,7 @@ Changes with Apache 2.3.0 *) mod_ssl: Add support for caching SSL Sessions in memcached. [Paul Querna] *) apxs: Enhance -q flag to print all known variables and their values - when invoked without variable name(s). + when invoked without variable name(s). [William Rowe, Sander Temme] *) apxs: Eliminate run-time check for mod_so. PR 40653. @@ -2002,14 +2007,14 @@ Changes with Apache 2.3.0 *) mod_proxy_fcgi: Added win32 build. [Mladen Turk] - *) sendfile_nonblocking() takes the _brigade_ as an argument, gets + *) sendfile_nonblocking() takes the _brigade_ as an argument, gets the first bucket from the brigade, finds it not to be a FILE bucket and barfs. The fix is to pass a bucket rather than a brigade. [Niklas Edmundsson ] *) mod_rewrite: support rewritemap by SQL query [Nick Kew] - *) ap_get_server_version() has been removed. Third-party modules must + *) ap_get_server_version() has been removed. Third-party modules must now use ap_get_server_banner() or ap_get_server_description(). [Jeff Trawick] @@ -2026,7 +2031,7 @@ Changes with Apache 2.3.0 *) New SSLLogLevelDebugDump [ None (default) | IO (not bytes) | Bytes ] configures the I/O Dump of SSL traffic, when LogLevel is set to Debug. - The default is none as this is far greater debugging resolution than + The default is none as this is far greater debugging resolution than the typical administrator is prepared to untangle. [William Rowe] *) mod_disk_cache: If possible, check if the size of an object to cache is @@ -2053,37 +2058,37 @@ Changes with Apache 2.3.0 *) Event MPM: Fill in the scoreboard's tid field. PR 38736. [Chris Darroch ] - *) mod_charset_lite: Remove Content-Length when output filter can + *) mod_charset_lite: Remove Content-Length when output filter can invalidate it. Warn when input filter can invalidate it. [Jeff Trawick] *) Authz: Add the new module mod_authn_core that will provide common authn directives such as 'AuthType', 'AuthName'. Move the directives - 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias + 'AuthType' and 'AuthName' out of the core module and merge mod_authz_alias into mod_authn_core. [Brad Nicholes] - *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy' - into the new module mod_access_compat which can be loaded to provide + *) Authz: Move the directives 'Order', 'Allow', 'Deny' and 'Satisfy' + into the new module mod_access_compat which can be loaded to provide support for these directives. [Brad Nicholes] - *) Authz: Move the 'Require' directive from the core module as well as - add the directives '', '', '' - and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR' + *) Authz: Move the 'Require' directive from the core module as well as + add the directives '', '', '' + and 'Reject' to mod_authz_core. The new directives introduce 'AND/OR' logic into the authorization processing. [Brad Nicholes] - *) Authz: Add the new module mod_authz_core which acts as the - authorization provider vector and contains common authz + *) Authz: Add the new module mod_authz_core which acts as the + authorization provider vector and contains common authz directives. [Brad Nicholes] - *) Authz: Renamed mod_authz_dbm authz providers from 'group' and + *) Authz: Renamed mod_authz_dbm authz providers from 'group' and 'file-group' to 'dbm-group' and 'dbm-file-group'. [Brad Nicholes] *) Authz: Added the new authz providers 'env', 'ip', 'host', 'all' to handle - host-based access control provided by mod_authz_host and invoked + host-based access control provided by mod_authz_host and invoked through the 'Require' directive. [Brad Nicholes] - *) Authz: Convert all of the authz modules from hook based to + *) Authz: Convert all of the authz modules from hook based to provider based. [Brad Nicholes] *) mod_cache: Add CacheMinExpire directive to set the minimum time in diff --git a/docs/manual/mod/core.xml b/docs/manual/mod/core.xml index 4c7bda7ce4..81be2179ec 100644 --- a/docs/manual/mod/core.xml +++ b/docs/manual/mod/core.xml @@ -424,8 +424,8 @@ NoDecode option available in 2.3.12 and later. module="core">Options command. Implicit disabling of Options -

Even though the list of options that may be used in .htaccess files - can be limited with this directive, as long as any Even though the list of options that may be used in .htaccess files + can be limited with this directive, as long as any Options directive is allowed any other inherited option can be disabled by using the non-relative syntax. In other words, this mechanism cannot force a specific option @@ -2389,7 +2389,7 @@ client Warning

When name-based virtual hosting is used, the value for this - directive is taken from the default (first-listed) virtual host best + directive is taken from the default (first-listed) virtual host best matching the current IP address and port combination.

 @@ -2432,7 +2432,7 @@ from the client Warning

When name-based virtual hosting is used, the value for this - directive is taken from the default (first-listed) virtual host best + directive is taken from the default (first-listed) virtual host best matching the current IP address and port combination.

 @@ -2865,6 +2865,7 @@ connection + MaxRanges Number of ranges allowed before returning the complete @@ -2878,17 +2879,17 @@ resource

The MaxRanges directive - limits the number of HTTP ranges the server is willing to - return to the client. If more ranges then permitted are requested, + limits the number of HTTP ranges the server is willing to + return to the client. If more ranges then permitted are requested, the complete resource is returned instead.

-
+
default
Limits the number of ranges to a compile-time default of 200.
- +
none
Range headers are ignored.
- +
unlimited
The server does not limit the number of ranges it is willing to satisfy.
@@ -2900,6 +2901,76 @@ resource + + MaxRangeOverlaps + Number of overlapping ranges (eg: 100-200,150-300) allowed before returning the complete + resource + MaxRangeOverlaps default | unlimited | none | number-of-ranges + MaxRangeOverlaps 20 + server configvirtual host + directory + + Available in Apache HTTP Server 2.3.15 and later + + +

The MaxRangeOverlaps directive + limits the number of overlapping HTTP ranges the server is willing to + return to the client. If more overlapping ranges then permitted are requested, + the complete resource is returned instead.

+ +
+
default
+
Limits the number of overlapping ranges to a compile-time default of 20.
+ +
none
+
No overlapping Range headers are allowed.
+ +
unlimited
+
The server does not limit the number of overlapping ranges it is + willing to satisfy.
+ +
number-of-ranges
+
A positive number representing the maximum number of overlapping ranges the + server is willing to satisfy.
+
+ + + + + MaxRangeReversals + Number of range reversals (eg: 100-200,50-70) allowed before returning the complete + resource + MaxRangeReversals default | unlimited | none | number-of-ranges + MaxRangeReversals 20 + server configvirtual host + directory + + Available in Apache HTTP Server 2.3.15 and later + + +

The MaxRangeReversals directive + limits the number of HTTP Range reversals the server is willing to + return to the client. If more ranges reversals then permitted are requested, + the complete resource is returned instead.

+ +
+
default
+
Limits the number of range reversals to a compile-time default of 20.
+ +
none
+
No Range reversals headers are allowed.
+ +
unlimited
+
The server does not limit the number of range reversals it is + willing to satisfy.
+ +
number-of-ranges
+
A positive number representing the maximum number of range reversals the + server is willing to satisfy.
+
+ + + Mutex Configures mutex mechanism and lock file directory for all @@ -4179,9 +4250,9 @@ hostname or IP address
  • A fully qualified domain name for the IP address of the virtual host (not recommended);
    • -
  • The character *, which acts as a wildcard and matches +
  • The character *, which acts as a wildcard and matches any IP address.
    • - +
  • The string _default_, which is an alias for *
    • @@ -4236,18 +4307,18 @@ hostname or IP address ServerName from the "main" server configuration will be inherited.

    -

    When a request is received, the server first maps it to the best matching - VirtualHost based on the local - IP address and port combination only. Non-wildcards have a higher - precedence. If no match based on IP and port occurs at all, the +

    When a request is received, the server first maps it to the best matching + VirtualHost based on the local + IP address and port combination only. Non-wildcards have a higher + precedence. If no match based on IP and port occurs at all, the "main" server configuration is used.

    - +

    If multiple virtual hosts contain the best matching IP address and port, - the server selects from these virtual hosts the best match based on the - requested hostname. If no matching name-based virtual host is found, - then the first listed virtual host that matched the IP address will be + the server selects from these virtual hosts the best match based on the + requested hostname. If no matching name-based virtual host is found, + then the first listed virtual host that matched the IP address will be used. As a consequence, the first listed virtual host for a given IP address - and port combination is default virtual host for that IP and port + and port combination is default virtual host for that IP and port combination.

    Security diff --git a/include/ap_mmn.h b/include/ap_mmn.h index 95c0704389..2e9b3e45fd 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -302,12 +302,12 @@ * 20110203.1 (2.3.11-dev) Add ap_state_query() * 20110203.2 (2.3.11-dev) Add ap_run_pre_read_request() hook and * ap_parse_form_data() util - * 20110312.0 (2.3.12-dev) remove uldap_connection_cleanup and add + * 20110312.0 (2.3.12-dev) remove uldap_connection_cleanup and add util_ldap_state_t.connectionPoolTTL, util_ldap_connection_t.freed, and - util_ldap_connection_t.rebind_pool. + util_ldap_connection_t.rebind_pool. * 20110312.1 (2.3.12-dev) Add core_dir_config.decode_encoded_slashes. - * 20110328.0 (2.3.12-dev) change type and name of connectionPoolTTL in util_ldap_state_t + * 20110328.0 (2.3.12-dev) change type and name of connectionPoolTTL in util_ldap_state_t connectionPoolTTL (connection_pool_ttl, int->apr_interval_t) * 20110329.0 (2.3.12-dev) Change single-bit signed fields to unsigned in * proxy and cache interfaces. @@ -350,6 +350,7 @@ * 20110724.3 (2.3.15-dev) add util_varbuf.h / ap_varbuf API * 20110724.4 (2.3.15-dev) add max_ranges to core_dir_config * 20110724.5 (2.3.15-dev) add ap_set_accept_ranges() + * 20110724.6 (2.3.15-dev) add max_overlaps and max_reversals to core_dir_config */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -357,7 +358,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20110724 #endif -#define MODULE_MAGIC_NUMBER_MINOR 5 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 6 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/http_core.h b/include/http_core.h index 4c1da18cfe..5881d0b120 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -611,6 +611,10 @@ typedef struct { #define AP_MAXRANGES_NORANGES 0 /** Number of Ranges before returning HTTP_OK. **/ int max_ranges; + /** Max number of Range overlaps (merges) allowed **/ + int max_overlaps; + /** Max number of Range reversals (eg: 200-300, 100-125) allowed **/ + int max_reversals; } core_dir_config; diff --git a/modules/http/byterange_filter.c b/modules/http/byterange_filter.c index ed383c5860..93371ae87e 100644 --- a/modules/http/byterange_filter.c +++ b/modules/http/byterange_filter.c @@ -58,6 +58,12 @@ #ifndef AP_DEFAULT_MAX_RANGES #define AP_DEFAULT_MAX_RANGES 200 #endif +#ifndef AP_DEFAULT_MAX_OVERLAPS +#define AP_DEFAULT_MAX_OVERLAPS 20 +#endif +#ifndef AP_DEFAULT_MAX_REVERSALS +#define AP_DEFAULT_MAX_REVERSALS 20 +#endif #define MAX_PREALLOC_RANGES 100 @@ -442,13 +448,19 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f, indexes_t *idx; int i; int original_status; - int max_ranges; + int max_ranges, max_overlaps, max_reversals; int overlaps = 0, reversals = 0; core_dir_config *core_conf = ap_get_core_module_config(r->per_dir_config); max_ranges = ( (core_conf->max_ranges >= 0 || core_conf->max_ranges == AP_MAXRANGES_UNLIMITED) ? core_conf->max_ranges : AP_DEFAULT_MAX_RANGES ); + max_overlaps = ( (core_conf->max_overlaps >= 0 || core_conf->max_overlaps == AP_MAXRANGES_UNLIMITED) + ? core_conf->max_overlaps + : AP_DEFAULT_MAX_OVERLAPS ); + max_reversals = ( (core_conf->max_reversals >= 0 || core_conf->max_reversals == AP_MAXRANGES_UNLIMITED) + ? core_conf->max_reversals + : AP_DEFAULT_MAX_REVERSALS ); /* * Iterate through the brigade until reaching EOS or a bucket with * unknown length. @@ -474,8 +486,11 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f, original_status = r->status; num_ranges = ap_set_byterange(r, clength, &indexes, &overlaps, &reversals); - /* We have nothing to do, get out of the way. */ - if (num_ranges == 0 || (max_ranges >= 0 && num_ranges > max_ranges)) { + /* No Ranges or we hit a limit? We have nothing to do, get out of the way. */ + if (num_ranges == 0 || + (max_ranges >= 0 && num_ranges > max_ranges) || + (max_overlaps >= 0 && overlaps > max_overlaps) || + (max_reversals >= 0 && reversals > max_reversals)) { r->status = original_status; ap_remove_output_filter(f); return ap_pass_brigade(f->next, bb); diff --git a/server/core.c b/server/core.c index 02c69db6fc..ef4cdd051a 100644 --- a/server/core.c +++ b/server/core.c @@ -73,11 +73,11 @@ #endif /* valid in core-conf, but not in runtime r->used_path_info */ -#define AP_ACCEPT_PATHINFO_UNSET 3 +#define AP_ACCEPT_PATHINFO_UNSET 3 -#define AP_CONTENT_MD5_OFF 0 -#define AP_CONTENT_MD5_ON 1 -#define AP_CONTENT_MD5_UNSET 2 +#define AP_CONTENT_MD5_OFF 0 +#define AP_CONTENT_MD5_ON 1 +#define AP_CONTENT_MD5_UNSET 2 APR_HOOK_STRUCT( APR_HOOK_LINK(get_mgmt_items) @@ -178,8 +178,10 @@ static void *create_core_dir_config(apr_pool_t *a, char *dir) conf->enable_sendfile = ENABLE_SENDFILE_UNSET; conf->allow_encoded_slashes = 0; conf->decode_encoded_slashes = 0; - + conf->max_ranges = AP_MAXRANGES_UNSET; + conf->max_overlaps = AP_MAXRANGES_UNSET; + conf->max_reversals = AP_MAXRANGES_UNSET; return (void *)conf; } @@ -400,6 +402,8 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) } conf->max_ranges = new->max_ranges != AP_MAXRANGES_UNSET ? new->max_ranges : base->max_ranges; + conf->max_overlaps = new->max_overlaps != AP_MAXRANGES_UNSET ? new->max_overlaps : base->max_overlaps; + conf->max_reversals = new->max_reversals != AP_MAXRANGES_UNSET ? new->max_reversals : base->max_reversals; return (void*)conf; } @@ -2921,8 +2925,8 @@ static const char *include_config (cmd_parms *cmd, void *dummy, name, NULL); } - error = ap_process_fnmatch_configs(cmd->server, conffile, &conftree, - cmd->pool, cmd->temp_pool, + error = ap_process_fnmatch_configs(cmd->server, conffile, &conftree, + cmd->pool, cmd->temp_pool, optional); if (error) { *recursion = 0; @@ -3269,26 +3273,79 @@ static const char *set_max_ranges(cmd_parms *cmd, void *conf_, const char *arg) core_dir_config *conf = conf_; int val = 0; - if (!strcasecmp(arg, "none")) { + if (!strcasecmp(arg, "none")) { val = AP_MAXRANGES_NORANGES; } - else if (!strcasecmp(arg, "default")) { + else if (!strcasecmp(arg, "default")) { val = AP_MAXRANGES_DEFAULT; } - else if (!strcasecmp(arg, "unlimited")) { + else if (!strcasecmp(arg, "unlimited")) { val = AP_MAXRANGES_UNLIMITED; } - else { + else { val = atoi(arg); if (val <= 0) - return "MaxRanges requires 'none', 'default', 'unlimited' or " + return "MaxRanges requires 'none', 'default', 'unlimited' or " "a positive integer"; } conf->max_ranges = val; - + + return NULL; +} + +static const char *set_max_overlaps(cmd_parms *cmd, void *conf_, const char *arg) +{ + core_dir_config *conf = conf_; + int val = 0; + + if (!strcasecmp(arg, "none")) { + val = AP_MAXRANGES_NORANGES; + } + else if (!strcasecmp(arg, "default")) { + val = AP_MAXRANGES_DEFAULT; + } + else if (!strcasecmp(arg, "unlimited")) { + val = AP_MAXRANGES_UNLIMITED; + } + else { + val = atoi(arg); + if (val <= 0) + return "MaxRangeOverlaps requires 'none', 'default', 'unlimited' or " + "a positive integer"; + } + + conf->max_overlaps = val; + return NULL; } + +static const char *set_max_reversals(cmd_parms *cmd, void *conf_, const char *arg) +{ + core_dir_config *conf = conf_; + int val = 0; + + if (!strcasecmp(arg, "none")) { + val = AP_MAXRANGES_NORANGES; + } + else if (!strcasecmp(arg, "default")) { + val = AP_MAXRANGES_DEFAULT; + } + else if (!strcasecmp(arg, "unlimited")) { + val = AP_MAXRANGES_UNLIMITED; + } + else { + val = atoi(arg); + if (val <= 0) + return "MaxRangeReversals requires 'none', 'default', 'unlimited' or " + "a positive integer"; + } + + conf->max_reversals = val; + + return NULL; +} + AP_DECLARE(size_t) ap_get_limit_xml_body(const request_rec *r) { core_dir_config *conf; @@ -3908,6 +3965,12 @@ AP_INIT_RAW_ARGS("Mutex", ap_set_mutex, NULL, RSRC_CONF, AP_INIT_TAKE1("MaxRanges", set_max_ranges, NULL, RSRC_CONF|ACCESS_CONF, "Maximum number of Ranges in a request before returning the entire " "resource, or 0 for unlimited"), +AP_INIT_TAKE1("MaxRangeOverlaps", set_max_overlaps, NULL, RSRC_CONF|ACCESS_CONF, + "Maximum number of overlaps in Ranges in a request before returning the entire " + "resource, or 0 for unlimited"), +AP_INIT_TAKE1("MaxRangeReversals", set_max_reversals, NULL, RSRC_CONF|ACCESS_CONF, + "Maximum number of reversals in Ranges in a request before returning the entire " + "resource, or 0 for unlimited"), /* System Resource Controls */ #ifdef RLIMIT_CPU AP_INIT_TAKE12("RLimitCPU", set_limit_cpu, @@ -4103,9 +4166,9 @@ static int core_override_type(request_rec *r) * beginning of the fixup phase (here!), so modules should override the user's * discretion in their own module fixup phase. It is tristate, if * the user doesn't specify, the result is AP_REQ_DEFAULT_PATH_INFO. - * (which the module may interpret to its own customary behavior.) + * (which the module may interpret to its own customary behavior.) * It won't be touched if the value is no longer AP_ACCEPT_PATHINFO_UNSET, - * so any module changing the value prior to the fixup phase + * so any module changing the value prior to the fixup phase * OVERRIDES the user's choice. */ if ((r->used_path_info == AP_REQ_DEFAULT_PATH_INFO) @@ -4258,7 +4321,7 @@ static int default_handler(request_rec *r) * always allocated at least MIN_LINE_ALLOC (80) bytes. */ if (r->the_request - && r->the_request[0] == 0x16 + && r->the_request[0] == 0x16 && (r->the_request[1] == 0x2 || r->the_request[1] == 0x3)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request); @@ -4539,7 +4602,7 @@ static void register_hooks(apr_pool_t *p) /* create_connection and pre_connection should always be hooked * APR_HOOK_REALLY_LAST by core to give other modules the opportunity - * to install alternate network transports and stop other functions + * to install alternate network transports and stop other functions * from being run. */ ap_hook_create_connection(core_create_conn, NULL, NULL, -- 2.40.0