Return-Path: Delivered-To: apmail-httpd-cvs-archive@www.apache.org Received: (qmail 48615 invoked from network); 20 Apr 2004 20:22:15 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 20 Apr 2004 20:22:15 -0000 Received: (qmail 92133 invoked by uid 500); 20 Apr 2004 20:22:03 -0000 Delivered-To: apmail-httpd-cvs-archive@httpd.apache.org Received: (qmail 92103 invoked by uid 500); 20 Apr 2004 20:22:03 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 92065 invoked by uid 500); 20 Apr 2004 20:22:03 -0000 Delivered-To: apmail-httpd-2.0-cvs@apache.org Received: (qmail 92062 invoked from network); 20 Apr 2004 20:22:02 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 20 Apr 2004 20:22:02 -0000 Received: (qmail 48601 invoked by uid 1569); 20 Apr 2004 20:22:13 -0000 Date: 20 Apr 2004 20:22:13 -0000 Message-ID: <20040420202213.48600.qmail@minotaur.apache.org> From: nd@apache.org To: httpd-2.0-cvs@apache.org Subject: cvs commit: httpd-2.0/server core.c X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N nd 2004/04/20 13:22:13 Modified: . CHANGES server core.c Log: Recursive Include directives no longer crash. The server stops including configuration files after a certain nesting level (128 as distributed). This is configurable at compile time using the -DAP_MAX_INCLUDE_DEPTH switch. PR: 28370 Revision Changes Path 1.1464 +5 -0 httpd-2.0/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/httpd-2.0/CHANGES,v retrieving revision 1.1463 retrieving revision 1.1464 diff -u -u -r1.1463 -r1.1464 --- CHANGES 18 Apr 2004 20:26:06 -0000 1.1463 +++ CHANGES 20 Apr 2004 20:22:13 -0000 1.1464 @@ -2,6 +2,11 @@ [Remove entries to the current 2.0 section below, when backported] + *) Recursive Include directives no longer crash. The server stops + including configuration files after a certain nesting level (128 + as distributed). This is configurable at compile time using the + -DAP_MAX_INCLUDE_DEPTH switch. PR 28370. [Andr� Malo] + *) mod_headers: Allow %% in header values to represent a literal %. [Andr� Malo] 1.275 +33 -1 httpd-2.0/server/core.c Index: core.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/core.c,v retrieving revision 1.274 retrieving revision 1.275 diff -u -u -r1.274 -r1.275 --- core.c 10 Apr 2004 21:44:43 -0000 1.274 +++ core.c 20 Apr 2004 20:22:13 -0000 1.275 @@ -54,6 +54,11 @@ #define AP_MIN_SENDFILE_BYTES (256) +/* maximum include nesting level */ +#ifndef AP_MAX_INCLUDE_DEPTH +#define AP_MAX_INCLUDE_DEPTH (128) +#endif + APR_HOOK_STRUCT( APR_HOOK_LINK(get_mgmt_items) ) @@ -2245,9 +2250,30 @@ const char *name) { ap_directive_t *conftree = NULL; - const char* conffile = ap_server_root_relative(cmd->pool, name); + const char* conffile; + unsigned *recursion; + void *data; + + apr_pool_userdata_get(&data, "ap_include_sentinel", cmd->pool); + if (data) { + recursion = data; + } + else { + data = recursion = apr_palloc(cmd->pool, sizeof(*recursion)); + *recursion = 0; + apr_pool_userdata_setn(data, "ap_include_sentinel", NULL, cmd->pool); + } + if (++*recursion > AP_MAX_INCLUDE_DEPTH) { + *recursion = 0; + return apr_psprintf(cmd->pool, "Exceeded maximum include depth of %u. " + "You have probably a recursion somewhere.", + AP_MAX_INCLUDE_DEPTH); + } + + conffile = ap_server_root_relative(cmd->pool, name); if (!conffile) { + *recursion = 0; return apr_pstrcat(cmd->pool, "Invalid Include path ", name, NULL); } @@ -2255,6 +2281,12 @@ ap_process_resource_config(cmd->server, conffile, &conftree, cmd->pool, cmd->temp_pool); *(ap_directive_t **)dummy = conftree; + + /* recursion level done */ + if (*recursion) { + --*recursion; + } + return NULL; }