httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jwool...@apache.org
Subject cvs commit: httpd-2.0/modules/filters mod_include.c
Date Mon, 21 Jul 2003 23:47:33 GMT
jwoolley    2003/07/21 16:47:33

  Modified:    .        CHANGES
               modules/filters mod_include.c
  Log:
  Fixed a trio of mod include bugs.  The first two were
  reported and investigated by Ron Park on dev@httpd in msgid
  <161E04AB9955D54E826FD86360578554D27087@169.32.17.10.nat.cnet.com>;
  the third was reported by Kevin Varley in PR 21095.
  
  Bug 1:  An incorrect parameter to bndm() was causing start sequences
          that spanned buckets to drop characters.
  Bug 2:  Failed conditional text spanning brigades would cause portions
          of the text that should have been removed to be present anyway.
  Bug 3:  Dropped characters when the end sequence spanned an
          8000-byte boundary with MMAP off.
  
  PR: 21095
  Submitted by:	Ron Park <ronald.park@cnet.com>, André Malo, Cliff Woolley
  
  Revision  Changes    Path
  1.1235    +4 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1234
  retrieving revision 1.1235
  diff -u -d -u -r1.1234 -r1.1235
  --- CHANGES	21 Jul 2003 12:02:40 -0000	1.1234
  +++ CHANGES	21 Jul 2003 23:47:31 -0000	1.1235
  @@ -2,6 +2,10 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) mod_include: Fix a trio of bugs that would cause various unusual
  +     sequences of parsed bytes to omit portions of the output stream.
  +     PR 21095. [Ron Park <ronald.park@cnet.com>, André Malo, Cliff Woolley]
  +
     *) mod_ssl: Fix segfaults after renegotiation failure. PR 21370
        [Hartmut Keil <Hartmut.Keil@adnovum.ch>]
   
  
  
  
  1.234     +17 -21    httpd-2.0/modules/filters/mod_include.c
  
  Index: mod_include.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
  retrieving revision 1.233
  retrieving revision 1.234
  diff -u -d -u -r1.233 -r1.234
  --- mod_include.c	3 Feb 2003 17:53:01 -0000	1.233
  +++ mod_include.c	21 Jul 2003 23:47:33 -0000	1.234
  @@ -429,7 +429,8 @@
           }
   
           if (len == 0) { /* end of pipe? */
  -            break;
  +            dptr = APR_BUCKET_NEXT(dptr);
  +            continue;
           }
   
           /* Set our buffer to use. */
  @@ -477,7 +478,7 @@
   
           if (len)
           {
  -            pos = bndm(str, slen, c, len, ctx->start_seq_pat);
  +            pos = bndm(str, slen, buf, len, ctx->start_seq_pat);
               if (pos != len)
               {
                   ctx->head_start_bucket = dptr;
  @@ -600,7 +601,8 @@
           }
   
           if (len == 0) { /* end of pipe? */
  -            break;
  +            dptr = APR_BUCKET_NEXT(dptr);
  +            continue;
           }
           if (dptr == ctx->tag_start_bucket) {
               c = buf + ctx->tag_start_index;
  @@ -2956,14 +2958,19 @@
               /* If I am inside a conditional (if, elif, else) that is false
                *   then I need to throw away anything contained in it.
                */
  -            if ((!(ctx->flags & FLAG_PRINTING)) && (tmp_dptr != NULL) &&
  +            if ((!(ctx->flags & FLAG_PRINTING)) &&
                   (dptr != APR_BRIGADE_SENTINEL(*bb))) {
  -                while ((dptr != APR_BRIGADE_SENTINEL(*bb)) &&
  -                       (dptr != tmp_dptr)) {
  +                apr_bucket *stop = (!tmp_dptr && ctx->state == PARSE_HEAD)
  +                                   ? ctx->head_start_bucket
  +                                   : tmp_dptr;
  +
  +                while ((dptr != APR_BRIGADE_SENTINEL(*bb)) && (dptr != stop)) {
                       apr_bucket *free_bucket = dptr;
   
  -                    dptr = APR_BUCKET_NEXT (dptr);
  -                    apr_bucket_delete(free_bucket);
  +                    dptr = APR_BUCKET_NEXT(dptr);
  +                    if (!APR_BUCKET_IS_METADATA(free_bucket)) {
  +                        apr_bucket_delete(free_bucket);
  +                    }
                   }
               }
   
  @@ -3197,19 +3204,8 @@
        *   once the whole tag has been found.
        */
       if (ctx->state == PRE_HEAD) {
  -        /* Inside a false conditional (if, elif, else), so toss it all... */
  -        if ((dptr != APR_BRIGADE_SENTINEL(*bb)) &&
  -            (!(ctx->flags & FLAG_PRINTING))) {
  -            apr_bucket *free_bucket;
  -            do {
  -                free_bucket = dptr;
  -                dptr = APR_BUCKET_NEXT (dptr);
  -                apr_bucket_delete(free_bucket);
  -            } while (dptr != APR_BRIGADE_SENTINEL(*bb));
  -        }
  -        else { 
  -            /* Otherwise pass it along...
  -             * No SSI tags in this brigade... */
  +        if (!APR_BRIGADE_EMPTY(*bb)) {
  +            /* pass it along... */
               rv = ap_pass_brigade(f->next, *bb);  
               if (rv != APR_SUCCESS) {
                   return rv;
  
  
  

Mime
View raw message