Return-Path: Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 69058 invoked by uid 500); 27 Aug 2001 06:00:56 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Received: (qmail 69055 invoked from network); 27 Aug 2001 06:00:56 -0000 Received: from icarus.apache.org (64.125.133.21) by daedalus.apache.org with SMTP; 27 Aug 2001 06:00:56 -0000 Received: (qmail 47230 invoked by uid 1092); 27 Aug 2001 06:00:51 -0000 Date: 27 Aug 2001 06:00:51 -0000 Message-ID: <20010827060051.47229.qmail@icarus.apache.org> From: rbb@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/server util_filter.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Status: O X-Status: X-Keywords: X-UID: 550 rbb 01/08/26 23:00:51 Modified: . CHANGES include util_filter.h modules/ssl mod_ssl.c ssl_engine_io.c server util_filter.c Log: Allow mod_ssl to send back an error message if an HTTP request is sent over an HTTPS connection. This also adds an ap_remove_input_filter function, which should be used to remove the SSL input filter in this case, as soon as this code is stressed a bit more. For right now, we are sending the same message that we used to send in mod_ssl for Apache 1.3. Revision Changes Path 1.333 +3 -0 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.332 retrieving revision 1.333 diff -u -r1.332 -r1.333 --- CHANGES 2001/08/27 04:29:09 1.332 +++ CHANGES 2001/08/27 06:00:51 1.333 @@ -1,5 +1,8 @@ Changes with Apache 2.0.25-dev + *) Add a function ap_remove_input_filter. This is to match + up with ap_remove_output_filter. [Ryan Bloom] + *) Clean up location_walk, so that this step performs a minimum amount of redundant effort (it must be run twice, but it will no longer reparse all blocks when the request uri 1.58 +8 -0 httpd-2.0/include/util_filter.h Index: util_filter.h =================================================================== RCS file: /home/cvs/httpd-2.0/include/util_filter.h,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- util_filter.h 2001/08/07 16:19:02 1.57 +++ util_filter.h 2001/08/27 06:00:51 1.58 @@ -351,6 +351,14 @@ request_rec *r, conn_rec *c); /** + * Remove an input filter from either the request or connection stack + * it is associated with. + * @param f The filter to remove + */ + +AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f); + +/** * Remove an output filter from either the request or connection stack * it is associated with. * @param f The filter to remove 1.29 +28 -25 httpd-2.0/modules/ssl/mod_ssl.c Index: mod_ssl.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- mod_ssl.c 2001/08/24 18:06:47 1.28 +++ mod_ssl.c 2001/08/27 06:00:51 1.29 @@ -73,6 +73,8 @@ AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, desc), #define AP_END_CMD { NULL } +#define HTTP_ON_HTTPS_PORT "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n" + static const command_rec ssl_config_cmds[] = { /* @@ -374,36 +376,36 @@ * instead provide a faked one in order to continue the internal * Apache processing. * - */ - -#if 0 /* XXX */ - /* - * Still need to be ported to Apache 2.0 style */ - char ca[2]; - int rv; - + apr_bucket *e; + const char *str; + apr_size_t len; /* log the situation */ ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, "SSL handshake failed: HTTP spoken on HTTPS port; " "trying to send HTML error page"); - /* first: skip the remaining bytes of the request line */ - do { - do { - rv = read(fb->fd, ca, 1); - } while (rv == -1 && errno == EINTR); - } while (rv > 0 && ca[0] != '\012' /*LF*/); - - /* second: fake the request line */ - fb->inbase = ap_palloc(fb->pool, fb->bufsiz); - ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n", - fb->bufsiz); - fb->inptr = fb->inbase; - fb->incnt = strlen((char *)fb->inptr); -#else - ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR, - "SSL handshake failed: HTTP spoken on HTTPS port"); -#endif + + /* fake the request line */ + e = apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT, + strlen(HTTP_ON_HTTPS_PORT)); + APR_BRIGADE_INSERT_HEAD(pRec->pbbPendingInput, e); + + APR_BRIGADE_FOREACH(e, pRec->pbbInput) { + apr_bucket_read(e, &str, &len, APR_BLOCK_READ); + if (len) { + APR_BUCKET_REMOVE(e); + APR_BRIGADE_INSERT_TAIL(pRec->pbbPendingInput, e); + if ((strcmp(str, "\r\n") == 0) || + (ap_strstr_c(str, "\r\n\r\n"))) { + break; + } + } + } + e = APR_BRIGADE_LAST(pRec->pbbInput); + APR_BUCKET_REMOVE(e); + + ap_remove_output_filter(pRec->pOutputFilter); + return HTTP_BAD_REQUEST; } else if (ssl_util_getmodconfig_ssl(pRec->pssl, "ssl::handshake::timeout") == (void *)TRUE) { @@ -536,6 +538,7 @@ ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE); ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE); + ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE); ssl_var_register(); } 1.35 +3 -0 httpd-2.0/modules/ssl/ssl_engine_io.c Index: ssl_engine_io.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v retrieving revision 1.34 retrieving revision 1.35 diff -u -r1.34 -r1.35 --- ssl_engine_io.c 2001/08/24 18:06:47 1.34 +++ ssl_engine_io.c 2001/08/27 06:00:51 1.35 @@ -283,6 +283,9 @@ /* if this is the case, ssl connection has been shutdown * and pRec->pssl has been freed */ + if (ret == HTTP_BAD_REQUEST) { + return APR_SUCCESS; + } return ret; } 1.63 +20 -11 httpd-2.0/server/util_filter.c Index: util_filter.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/util_filter.c,v retrieving revision 1.62 retrieving revision 1.63 diff -u -r1.62 -r1.63 --- util_filter.c 2001/08/07 16:19:03 1.62 +++ util_filter.c 2001/08/27 06:00:51 1.63 @@ -176,13 +176,12 @@ r ? &r->output_filters : NULL, &c->output_filters); } -AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f) +static void remove_any_filter(ap_filter_t *f, ap_filter_t **r_filt, + ap_filter_t **c_filt) { - ap_filter_t *curr; - - curr = f->r ? f->r->output_filters : f->c->output_filters; + ap_filter_t **curr = r_filt ? r_filt : c_filt; - if (curr == f) { + if ((*curr) == f) { if (f->r) { f->r->output_filters = f->r->output_filters->next; } @@ -192,13 +191,23 @@ return; } - while (curr->next != f) { - curr = curr->next; - if (curr == NULL) { - return; - } + while ((*curr) && (*curr)->next != f) { + (*curr) = (*curr)->next; + } + if ((*curr) == NULL) { + return; } - curr->next = f->next; + (*curr)->next = f->next; +} + +AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f) +{ + return remove_any_filter(f, f->r ? &f->r->input_filters : NULL, &f->c->input_filters); +} + +AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f) +{ + return remove_any_filter(f, f->r ? &f->r->output_filters : NULL, &f->c->output_filters); } /*