httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org
Subject cvs commit: httpd-2.0/server util_filter.c
Date Mon, 27 Aug 2001 06:00:51 GMT
rbb         01/08/26 23:00:51

  Modified:    .        CHANGES
               include  util_filter.h
               modules/ssl mod_ssl.c ssl_engine_io.c
               server   util_filter.c
  Log:
  Allow mod_ssl to send back an error message if an HTTP request is sent
  over an HTTPS connection.  This also adds an ap_remove_input_filter
  function, which should be used to remove the SSL input filter in this
  case, as soon as this code is stressed a bit more.
  
  For right now, we are sending the same message that we used to send in
  mod_ssl for Apache 1.3.
  
  Revision  Changes    Path
  1.333     +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.332
  retrieving revision 1.333
  diff -u -r1.332 -r1.333
  --- CHANGES	2001/08/27 04:29:09	1.332
  +++ CHANGES	2001/08/27 06:00:51	1.333
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.25-dev
   
  +  *) Add a function ap_remove_input_filter.  This is to match
  +     up with ap_remove_output_filter.  [Ryan Bloom]
  +
     *) Clean up location_walk, so that this step performs a minimum
        amount of redundant effort (it must be run twice, but it will no
        longer reparse all <Location > blocks when the request uri
  
  
  
  1.58      +8 -0      httpd-2.0/include/util_filter.h
  
  Index: util_filter.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/include/util_filter.h,v
  retrieving revision 1.57
  retrieving revision 1.58
  diff -u -r1.57 -r1.58
  --- util_filter.h	2001/08/07 16:19:02	1.57
  +++ util_filter.h	2001/08/27 06:00:51	1.58
  @@ -351,6 +351,14 @@
   					       request_rec *r, conn_rec *c);
   
   /**
  + * Remove an input filter from either the request or connection stack
  + * it is associated with.
  + * @param f The filter to remove
  + */
  +
  +AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f);
  +
  +/**
    * Remove an output filter from either the request or connection stack
    * it is associated with.
    * @param f The filter to remove
  
  
  
  1.29      +28 -25    httpd-2.0/modules/ssl/mod_ssl.c
  
  Index: mod_ssl.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
  retrieving revision 1.28
  retrieving revision 1.29
  diff -u -r1.28 -r1.29
  --- mod_ssl.c	2001/08/24 18:06:47	1.28
  +++ mod_ssl.c	2001/08/27 06:00:51	1.29
  @@ -73,6 +73,8 @@
           AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, desc),
   #define AP_END_CMD { NULL }
   
  +#define HTTP_ON_HTTPS_PORT "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n"
  +
   static const command_rec ssl_config_cmds[] = {
   
       /*
  @@ -374,36 +376,36 @@
                    * instead provide a faked one in order to continue the internal
                    * Apache processing.
                    *
  -                 */
  -
  -#if 0 /* XXX */
  -                /*
  -                 * Still need to be ported to Apache 2.0 style
                    */
  -                char ca[2];
  -                int rv;
  -
  +                apr_bucket *e;
  +                const char *str;
  +                apr_size_t len;
                   /* log the situation */
                   ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
                           "SSL handshake failed: HTTP spoken on HTTPS port; "
                           "trying to send HTML error page");
  -                /* first: skip the remaining bytes of the request line */
  -                do {
  -                    do {
  -                        rv = read(fb->fd, ca, 1);
  -                    } while (rv == -1 && errno == EINTR);
  -                } while (rv > 0 && ca[0] != '\012' /*LF*/);
  -
  -                /* second: fake the request line */
  -                fb->inbase = ap_palloc(fb->pool, fb->bufsiz);
  -                ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n",
  -                           fb->bufsiz);
  -                fb->inptr = fb->inbase;
  -                fb->incnt = strlen((char *)fb->inptr);
  -#else
  -                ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
  -                        "SSL handshake failed: HTTP spoken on HTTPS port");
  -#endif
  +
  +                /* fake the request line */
  +                e = apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, 
  +                                               strlen(HTTP_ON_HTTPS_PORT));
  +                APR_BRIGADE_INSERT_HEAD(pRec->pbbPendingInput, e);
  +
  +                APR_BRIGADE_FOREACH(e, pRec->pbbInput) {
  +                    apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
  +                    if (len) {
  +                        APR_BUCKET_REMOVE(e);
  +                        APR_BRIGADE_INSERT_TAIL(pRec->pbbPendingInput, e);
  +                        if ((strcmp(str, "\r\n") == 0) ||
  +                            (ap_strstr_c(str, "\r\n\r\n"))) {
  +                            break;
  +                        }
  +                    }
  +                }
  +                e = APR_BRIGADE_LAST(pRec->pbbInput);
  +                APR_BUCKET_REMOVE(e);
  +
  +                ap_remove_output_filter(pRec->pOutputFilter);
  +                return HTTP_BAD_REQUEST;
               }
               else if (ssl_util_getmodconfig_ssl(pRec->pssl, "ssl::handshake::timeout")
                  == (void *)TRUE) {
  @@ -536,6 +538,7 @@
       ap_hook_fixups        (ssl_hook_Fixup,         NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_access_checker(ssl_hook_Access,        NULL,NULL, APR_HOOK_MIDDLE);
       ap_hook_auth_checker  (ssl_hook_Auth,          NULL,NULL, APR_HOOK_MIDDLE);
  +    ap_hook_post_read_request(ssl_hook_ReadReq,    NULL,NULL, APR_HOOK_MIDDLE);
   
       ssl_var_register();
   }
  
  
  
  1.35      +3 -0      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.34
  retrieving revision 1.35
  diff -u -r1.34 -r1.35
  --- ssl_engine_io.c	2001/08/24 18:06:47	1.34
  +++ ssl_engine_io.c	2001/08/27 06:00:51	1.35
  @@ -283,6 +283,9 @@
               /* if this is the case, ssl connection has been shutdown
                * and pRec->pssl has been freed
                */
  +            if (ret == HTTP_BAD_REQUEST) {
  +                return APR_SUCCESS;
  +            }
               return ret;
           }
   
  
  
  
  1.63      +20 -11    httpd-2.0/server/util_filter.c
  
  Index: util_filter.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/util_filter.c,v
  retrieving revision 1.62
  retrieving revision 1.63
  diff -u -r1.62 -r1.63
  --- util_filter.c	2001/08/07 16:19:03	1.62
  +++ util_filter.c	2001/08/27 06:00:51	1.63
  @@ -176,13 +176,12 @@
   			  r ? &r->output_filters : NULL, &c->output_filters);
   }
   
  -AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f)
  +static void remove_any_filter(ap_filter_t *f, ap_filter_t **r_filt, 
  +                                   ap_filter_t **c_filt)
   {
  -    ap_filter_t *curr;
  -
  -    curr = f->r ? f->r->output_filters : f->c->output_filters;
  +    ap_filter_t **curr = r_filt ? r_filt : c_filt;
   
  -    if (curr == f) {
  +    if ((*curr) == f) {
           if (f->r) {
               f->r->output_filters = f->r->output_filters->next;
           }
  @@ -192,13 +191,23 @@
           return;
       }
   
  -    while (curr->next != f) {
  -        curr = curr->next;
  -        if (curr == NULL) {
  -            return;
  -        }
  +    while ((*curr) && (*curr)->next != f) {
  +        (*curr) = (*curr)->next;
  +    }
  +    if ((*curr) == NULL) {
  +        return;
       }
  -    curr->next = f->next;
  +    (*curr)->next = f->next;
  +}
  +
  +AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f)
  +{
  +    return remove_any_filter(f, f->r ? &f->r->input_filters : NULL, &f->c->input_filters);
  +}
  +
  +AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f)
  +{
  +    return remove_any_filter(f, f->r ? &f->r->output_filters : NULL, &f->c->output_filters);
   }
   
   /* 
  
  
  

Mime
View raw message