httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c
Date Mon, 08 Mar 2004 17:40:39 GMT
jorton      2004/03/08 09:40:39

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES NWGNUmakefile STATUS
                        libhttpd.dsp
               include  Tag: APACHE_2_0_BRANCH http_connection.h
               modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
               server   Tag: APACHE_2_0_BRANCH Makefile.in connection.c
                        core.c
  Added:       server   Tag: APACHE_2_0_BRANCH eoc_bucket.c
  Log:
  Fix mod_ssl to issue SSL close_notify alerts before the connection is
  closed by adding an EOC bucket type:
  
  * include/http_connection.h: Declare eoc bucket interface.
  
  * server/eoc_bucket.c: New file.
  
  * server/Makefile.in, libhttpd.dsp: Build eoc_bucket.c.
  
  * server/core.c (core_output_filter): Delete EOC bucket.
  
  * server/connection.c (ap_flush_conn): Send an EOC bucket.
  
  * modules/ssl/ssl_engine_io.c (ssl_io_filter_output): Shutdown
  the SSL connection for an EOC bucket.
  (bio_filter_out_write): Conditionally disable buffering.
  
  PR: 27428
  Submitted by: Madhusudan Mathihalli
  Reviewed by: Madhusudan Mathihalli, Justin Erenkrantz, Joe Orton
  
  (sneaking in fixes for libhttpd.dsp and NWGNUMakefile)
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.249 +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.248
  retrieving revision 1.988.2.249
  diff -w -d -u -r1.988.2.248 -r1.988.2.249
  --- CHANGES	7 Mar 2004 22:03:15 -0000	1.988.2.248
  +++ CHANGES	8 Mar 2004 17:40:33 -0000	1.988.2.249
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0.49
   
  +  *) mod_ssl: Send the Close Alert message to the peer before closing
  +     the SSL session.  PR 27428.  [Madhusudan Mathihalli, Joe Orton]
  +
     *) SECURITY: CAN-2004-0113 (cve.mitre.org)
        mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
        PR 27106.  [Joe Orton]
  
  
  
  1.13.2.9  +1 -0      httpd-2.0/NWGNUmakefile
  
  Index: NWGNUmakefile
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/NWGNUmakefile,v
  retrieving revision 1.13.2.8
  retrieving revision 1.13.2.9
  diff -w -d -u -r1.13.2.8 -r1.13.2.9
  --- NWGNUmakefile	21 Nov 2003 23:46:03 -0000	1.13.2.8
  +++ NWGNUmakefile	8 Mar 2004 17:40:34 -0000	1.13.2.9
  @@ -194,6 +194,7 @@
   	$(OBJDIR)/config.o \
   	$(OBJDIR)/connection.o \
   	$(OBJDIR)/core.o \
  +	$(OBJDIR)/eoc_bucket.o \
   	$(OBJDIR)/error_bucket.o \
   	$(OBJDIR)/http_core.o \
   	$(OBJDIR)/http_protocol.o \
  
  
  
  1.751.2.730 +1 -13     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.729
  retrieving revision 1.751.2.730
  diff -w -d -u -r1.751.2.729 -r1.751.2.730
  --- STATUS	8 Mar 2004 16:40:42 -0000	1.751.2.729
  +++ STATUS	8 Mar 2004 17:40:34 -0000	1.751.2.730
  @@ -81,18 +81,6 @@
         http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/mpm/winnt/child.c?r1=1.29&r2=1.30
         +1: stoddard, trawick, ake
   
  -    * mod_ssl: Send the Close Alert message to the peer before closing
  -      the SSL session.
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_connection.h?r1=1.59&r2=1.60
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.118&r2=1.119
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/Makefile.in?r1=1.91&r2=1.92
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/connection.c?r1=1.114&r2=1.116
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.261&r2=1.263
  -      http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/eoc_bucket.c (new file) 
  -      PR: 27428
  -      +1: madhum, jerenkrantz, jorton
  -      (jorton: needs libhttpd.dsp change for Win32 too)
  -
       * mod_setenvif: remove support for remote_user variable which never
         worked at all. PR 25725 (2.0 + 1.3)
           modules/metadata/mod_setenvif.c: r1.50
  
  
  
  1.51.2.10 +4 -0      httpd-2.0/libhttpd.dsp
  
  Index: libhttpd.dsp
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/libhttpd.dsp,v
  retrieving revision 1.51.2.9
  retrieving revision 1.51.2.10
  diff -w -d -u -r1.51.2.9 -r1.51.2.10
  --- libhttpd.dsp	10 Oct 2003 16:08:47 -0000	1.51.2.9
  +++ libhttpd.dsp	8 Mar 2004 17:40:34 -0000	1.51.2.10
  @@ -401,6 +401,10 @@
   # PROP Default_Filter ""
   # Begin Source File
   
  +SOURCE=.\server\eoc_bucket.c
  +# End Source File
  +# Begin Source File
  +
   SOURCE=.\server\error_bucket.c
   # End Source File
   # Begin Source File
  
  
  
  No                   revision
  No                   revision
  1.54.2.5  +28 -0     httpd-2.0/include/http_connection.h
  
  Index: http_connection.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/include/http_connection.h,v
  retrieving revision 1.54.2.4
  retrieving revision 1.54.2.5
  diff -w -d -u -r1.54.2.4 -r1.54.2.5
  --- http_connection.h	9 Feb 2004 20:54:34 -0000	1.54.2.4
  +++ http_connection.h	8 Mar 2004 17:40:36 -0000	1.54.2.5
  @@ -103,6 +103,34 @@
    */
   AP_DECLARE_HOOK(int,process_connection,(conn_rec *c))
   
  +/* End Of Connection (EOC) bucket */
  +
  +AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eoc;
  +
  +/**
  + * Determine if a bucket is an End Of Connection (EOC) bucket
  + * @param e The bucket to inspect
  + * @return true or false
  + */
  +#define AP_BUCKET_IS_EOC(e)         (e->type == &ap_bucket_type_eoc)
  +
  +/**
  + * Make the bucket passed in an End Of Connection (EOC) bucket
  + * @param b The bucket to make into an EOC bucket
  + * @return The new bucket, or NULL if allocation failed
  + * @deffunc apr_bucket *ap_bucket_eoc_make(apr_bucket *b)
  + */
  +AP_DECLARE(apr_bucket *) ap_bucket_eoc_make(apr_bucket *b);
  +
  +/**
  + * Create a bucket referring to an End Of Connection (EOC). This indicates
  + * that the connection will be closed.
  + * @param list The freelist from which this bucket should be allocated
  + * @return The new bucket, or NULL if allocation failed
  + * @deffunc apr_bucket *ap_bucket_eoc_create(apr_bucket_alloc_t *list)
  + */
  +AP_DECLARE(apr_bucket *) ap_bucket_eoc_create(apr_bucket_alloc_t *list);
  +
   #ifdef __cplusplus
   }
   #endif
  
  
  
  No                   revision
  No                   revision
  1.100.2.13 +19 -1     httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.100.2.12
  retrieving revision 1.100.2.13
  diff -w -d -u -r1.100.2.12 -r1.100.2.13
  --- ssl_engine_io.c	7 Mar 2004 22:03:16 -0000	1.100.2.12
  +++ ssl_engine_io.c	8 Mar 2004 17:40:36 -0000	1.100.2.13
  @@ -100,6 +100,7 @@
       BIO                *pbioWrite;
       ap_filter_t        *pInputFilter;
       ap_filter_t        *pOutputFilter;
  +    int                nobuffer; /* non-zero to prevent buffering */
   } ssl_filter_ctx_t;
   
   typedef struct {
  @@ -193,7 +194,8 @@
        */
       BIO_clear_retry_flags(bio);
   
  -    if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer)))
{
  +    if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer))
&&
  +        !outctx->filter_ctx->nobuffer) {
           /* the first two SSL_writes (of 1024 and 261 bytes)
            * need to be in the same packet (vec[0].iov_base)
            */
  @@ -1308,6 +1310,22 @@
                    */
                   apr_bucket_delete(bucket);
               }
  +        }
  +        else if (AP_BUCKET_IS_EOC(bucket)) {
  +            /* The special "EOC" bucket means a shutdown is needed;
  +             * - turn off buffering in bio_filter_out_write
  +             * - issue the SSL_shutdown
  +             */
  +            filter_ctx->nobuffer = 1;
  +            status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
  +            if (status != APR_SUCCESS) {
  +                ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
  +                             "SSL filter error shutting down I/O");
  +            }
  +            if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
  +                return status;
  +            }
  +            break;
           }
           else {
               /* filter output */
  
  
  
  No                   revision
  No                   revision
  1.75.2.9  +2 -1      httpd-2.0/server/Makefile.in
  
  Index: Makefile.in
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/Makefile.in,v
  retrieving revision 1.75.2.8
  retrieving revision 1.75.2.9
  diff -w -d -u -r1.75.2.8 -r1.75.2.9
  --- Makefile.in	12 Jan 2004 14:30:14 -0000	1.75.2.8
  +++ Makefile.in	8 Mar 2004 17:40:37 -0000	1.75.2.9
  @@ -14,7 +14,8 @@
   	rfc1413.c connection.c listen.c \
   	mpm_common.c util_charset.c util_debug.c util_xml.c \
   	util_filter.c exports.c buildmark.c \
  -	scoreboard.c error_bucket.c protocol.c core.c request.c provider.c
  +	scoreboard.c error_bucket.c protocol.c core.c request.c provider.c \
  +	eoc_bucket.c
   
   TARGETS = delete-exports $(LTLIBRARY_NAME) $(CORE_IMPLIB_FILE) export_vars.h httpd.exp
   
  
  
  
  1.106.2.7 +7 -0      httpd-2.0/server/connection.c
  
  Index: connection.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/connection.c,v
  retrieving revision 1.106.2.6
  retrieving revision 1.106.2.7
  diff -w -d -u -r1.106.2.6 -r1.106.2.7
  --- connection.c	9 Feb 2004 20:59:45 -0000	1.106.2.6
  +++ connection.c	8 Mar 2004 17:40:37 -0000	1.106.2.7
  @@ -71,8 +71,15 @@
       apr_bucket *b;
   
       bb = apr_brigade_create(c->pool, c->bucket_alloc);
  +
  +    /* FLUSH bucket */
       b = apr_bucket_flush_create(c->bucket_alloc);
       APR_BRIGADE_INSERT_TAIL(bb, b);
  +
  +    /* End Of Connection bucket */
  +    b = ap_bucket_eoc_create(c->bucket_alloc);
  +    APR_BRIGADE_INSERT_TAIL(bb, b);
  +
       ap_pass_brigade(c->output_filters, bb);
   }
   
  
  
  
  1.225.2.16 +4 -1      httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.225.2.15
  retrieving revision 1.225.2.16
  diff -w -d -u -r1.225.2.15 -r1.225.2.16
  --- core.c	26 Feb 2004 20:32:21 -0000	1.225.2.15
  +++ core.c	8 Mar 2004 17:40:37 -0000	1.225.2.16
  @@ -3857,7 +3857,10 @@
               if (APR_BUCKET_IS_EOS(e)) {
                   break;
               }
  -            if (APR_BUCKET_IS_FLUSH(e)) {
  +            if (AP_BUCKET_IS_EOC(e)) {
  +                apr_bucket_delete(e);
  +            }
  +            else if (APR_BUCKET_IS_FLUSH(e)) {
                   if (e != APR_BRIGADE_LAST(b)) {
                       more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
                   }
  
  
  
  No                   revision
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.225.2.15
  retrieving revision 1.225.2.16
  diff -w -d -u -r1.225.2.15 -r1.225.2.16
  --- core.c	26 Feb 2004 20:32:21 -0000	1.225.2.15
  +++ core.c	8 Mar 2004 17:40:37 -0000	1.225.2.16
  @@ -3857,7 +3857,10 @@
               if (APR_BUCKET_IS_EOS(e)) {
                   break;
               }
  -            if (APR_BUCKET_IS_FLUSH(e)) {
  +            if (AP_BUCKET_IS_EOC(e)) {
  +                apr_bucket_delete(e);
  +            }
  +            else if (APR_BUCKET_IS_FLUSH(e)) {
                   if (e != APR_BRIGADE_LAST(b)) {
                       more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
                   }
  
  
  
  No                   revision
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.225.2.15
  retrieving revision 1.225.2.16
  diff -w -d -u -r1.225.2.15 -r1.225.2.16
  --- core.c	26 Feb 2004 20:32:21 -0000	1.225.2.15
  +++ core.c	8 Mar 2004 17:40:37 -0000	1.225.2.16
  @@ -3857,7 +3857,10 @@
               if (APR_BUCKET_IS_EOS(e)) {
                   break;
               }
  -            if (APR_BUCKET_IS_FLUSH(e)) {
  +            if (AP_BUCKET_IS_EOC(e)) {
  +                apr_bucket_delete(e);
  +            }
  +            else if (APR_BUCKET_IS_FLUSH(e)) {
                   if (e != APR_BRIGADE_LAST(b)) {
                       more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
                   }
  
  
  
  1.1.2.1   +0 -0      httpd-2.0/server/eoc_bucket.c
  
  Index: eoc_bucket.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/eoc_bucket.c,v
  retrieving revision 1.1
  retrieving revision 1.1.2.1
  diff -w -d -u -r1.1 -r1.1.2.1
  
  
  

Mime
View raw message