httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From br...@hyperreal.org
Subject cvs commit: apache-1.3/src/main http_protocol.c
Date Thu, 21 May 1998 04:11:28 GMT
brian       98/05/20 21:11:28

  Modified:    .        STATUS
               src      CHANGES
               src/main http_protocol.c
  Log:
  Ed Korthof's fixes for 408 and 414 protocol issues.
   <Pine.GSO.3.95.980204191834.4314K-200000@aether.organic.com>
  
  Revision  Changes    Path
  1.404     +17 -4     apache-1.3/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.403
  retrieving revision 1.404
  diff -u -r1.403 -r1.404
  --- STATUS	1998/05/20 01:58:25	1.403
  +++ STATUS	1998/05/21 04:11:18	1.404
  @@ -37,10 +37,6 @@
   
   Available Patches:
   
  -    * Ed Korthof's patch to fix protocol issues surrounding 400, 408, and
  -      414 responses.
  -      <Pine.GSO.3.95.980204191834.4314K-200000@aether.organic.com>
  -
       * Wilfredo Sanchez's port to Rhapsody 5.1 for 1.2.6 - forward port to
         1.3?
         <199804182347.QAA05438@scv2.apple.com>
  @@ -316,6 +312,9 @@
         execuables, usually after a very long pause.  Ought
         to stuff .conf in the registry mapping it to text.
   
  +    * apparently either "BrowserMatch" or the "nokeepalive" variable
  +      cause instability - see PR#1729.
  +
   Delayed until after 1.3.0, unless someone happens to get to it:
   
       * Arnt Gulbrandsen <agulbra@troll.no> 03 Apr 1998 21:28:17 +0200
  @@ -371,4 +370,18 @@
         use the new child_info structure, is this still safe?  Needs to be 
         looked at.
   
  +    * suexec doesn't understand argv parameters; e.g.
  +
  +        <!--#exec cmd="./ls -l" -->
  +
  +      fails even when "ls" is in the same directory because suexec is trying
  +      to stat a file called "ls -l".  A patch for this is available at
  +
  +        http://www.xnet.com/~emarshal/suexec.diff
   
  +      and it's not bad except that it doesn't handle programs with spaces in
  +      the filename (think win32, or samba-mounted filesystems).  There are
  +      several PR's to this and I don't see for security reasons why we can't
  +      accomodate it, though it does add complexity to suexec.c.
  +      PR #1120
  +      Brian: +1
  
  
  
  1.858     +3 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.857
  retrieving revision 1.858
  diff -u -r1.857 -r1.858
  --- CHANGES	1998/05/21 04:07:11	1.857
  +++ CHANGES	1998/05/21 04:11:23	1.858
  @@ -1,5 +1,8 @@
   Changes with Apache 1.3b7
   
  +  *) A fix for protocol issues surrounding 400, 408, and
  +     414 responses. [Ed Korthof]
  +
     *) Ignore MaxRequestsPerChild on WIN32. [Brian Behlendorf]
   
     *) Fix discrepancy in proxy_ftp.c which was causing failures when 
  
  
  
  1.214     +40 -5     apache-1.3/src/main/http_protocol.c
  
  Index: http_protocol.c
  ===================================================================
  RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
  retrieving revision 1.213
  retrieving revision 1.214
  diff -u -r1.213 -r1.214
  --- http_protocol.c	1998/05/07 01:21:22	1.213
  +++ http_protocol.c	1998/05/21 04:11:27	1.214
  @@ -661,7 +661,11 @@
           ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
                       "request failed for %s, reason: URI too long",
               ap_get_remote_host(r->connection, r->per_dir_config, REMOTE_NAME));
  -        r->status = HTTP_REQUEST_URI_TOO_LARGE;
  +	/* hack to deal with the HTTP_REQUEST_TIME_OUT setting up above: */
  +	if (r->status == HTTP_REQUEST_TIME_OUT)
  +	  r->status = HTTP_OK;
  +	r->request_time = time(NULL);
  +	ap_die (HTTP_REQUEST_URI_TOO_LARGE, r);
           return 0;
       }
   
  @@ -720,16 +724,33 @@
       while ((len = getline(field, MAX_STRING_LEN, c->client, 1)) > 0) {
           char *copy = ap_palloc(r->pool, len + 1);
           memcpy(copy, field, len + 1);
  +	
  +	if (!(value = strchr(copy, ':'))) {     /* Find the colon separator */
  +	  /* if there's none, this request is screwed up.
  +	   * a hack to deal with how we set HTTP_REQUEST_TIME_OUT earlier.*/
  +	  if (r->status == HTTP_REQUEST_TIME_OUT)
  +	    r->status = HTTP_OK;
  +	  
  +	  ap_die (HTTP_BAD_REQUEST, r);
  +	  return;
  +	}
   
  -        if (!(value = strchr(copy, ':')))      /* Find the colon separator */
  -            continue;           /* or should puke 400 here */
  -
           *value = '\0';
           ++value;
           while (isspace(*value))
               ++value;            /* Skip to start of value   */
   
           ap_table_mergen(r->headers_in, copy, value);
  +
  +	/* the header was too long; at the least we should skip extra data */
  +	if (len >= MAX_STRING_LEN - 1) { 
  +	  char junk[MAX_STRING_LEN];     
  +	  while ((len = getline(junk, MAX_STRING_LEN, c->client, 1))
  +		 >= MAX_STRING_LEN - 1)   /* soak up the extra data */
  +	    ;
  +	  if (len == 0) /* time to exit the larger loop as well */
  +	    break;
  +	}
       }
   }
   
  @@ -767,6 +788,7 @@
       r->read_body       = REQUEST_NO_BODY;
   
       r->status          = HTTP_REQUEST_TIME_OUT;  /* Until we get a request */
  +    r->the_request     = NULL;
   
       /* Get the request... */
   
  @@ -776,11 +798,22 @@
       ap_keepalive_timeout("read request line", r);
       if (!read_request_line(r)) {
           ap_kill_timeout(r);
  +	if (r->status != HTTP_REQUEST_TIME_OUT)  /* we must have had an error.*/
  +	    ap_log_transaction(r);
           return NULL;
       }
       if (!r->assbackwards) {
           ap_hard_timeout("read request headers", r);
           get_mime_headers(r);
  +        if (r->status != HTTP_REQUEST_TIME_OUT) {/* we must have had an error.*/
  +	    ap_log_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
  +		         "request failed for %s: error reading the headers",
  +		         ap_get_remote_host(r->connection, r->per_dir_config, 
  +					    REMOTE_NAME));
  +	    ap_log_transaction(r);
  +	    return NULL;
  +	}
  +
       }
       ap_kill_timeout(r);
   
  @@ -798,6 +831,8 @@
   
       if ((access_status = ap_run_post_read_request(r))) {
           ap_die(access_status, r);
  +	ap_log_transaction(r);
  +
           return NULL;
       }
   
  @@ -1985,7 +2020,7 @@
            * redirect URL. We don't really want to output this URL
            * as a text message, so first check the custom response
            * string to ensure that it is a text-string (using the
  -         * same test used in die(), i.e. does it start with a ").
  +         * same test used in ap_die(), i.e. does it start with a ").
            * If it doesn't, we've got a recursive error, so find
            * the original error and output that as well.
            */
  
  
  

Mime
View raw message