httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/server config.c core.c
Date Sun, 15 Aug 2004 22:42:14 GMT
nd          2004/08/15 15:42:14

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               os/netware Tag: APACHE_2_0_BRANCH pre_nw.h
               server   Tag: APACHE_2_0_BRANCH config.c core.c
  Log:
  Recursive Include directives no longer crash. The server stops
  including configuration files after a certain nesting level (128
  as distributed). This is configurable at compile time using the
  -DAP_MAX_INCLUDE_DEPTH switch.
  
  PR: 28370
  Reviewed by: Brad Nicholes, Jeff Trawick
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.319 +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.318
  retrieving revision 1.988.2.319
  diff -u -u -r1.988.2.318 -r1.988.2.319
  --- CHANGES	15 Aug 2004 21:59:56 -0000	1.988.2.318
  +++ CHANGES	15 Aug 2004 22:42:12 -0000	1.988.2.319
  @@ -1,5 +1,10 @@
   Changes with Apache 2.0.51
   
  +  *) Recursive Include directives no longer crash. The server stops
  +     including configuration files after a certain nesting level (128
  +     as distributed). This is configurable at compile time using the
  +     -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]
  +
     *) mod_dir: the trailing-slash behaviour is now configurable using the
        DirectorySlash directive.  [André Malo]
   
  
  
  
  1.751.2.981 +1 -7      httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.980
  retrieving revision 1.751.2.981
  diff -u -u -r1.751.2.980 -r1.751.2.981
  --- STATUS	15 Aug 2004 21:59:57 -0000	1.751.2.980
  +++ STATUS	15 Aug 2004 22:42:13 -0000	1.751.2.981
  @@ -192,12 +192,6 @@
            server/config.c: r1.175
          +1: nd
   
  -    *) detect Include directive recursion by counting the nesting level.
  -       PR 28370.
  -         server/core.c: r1.275
  -         os/netware/pre_nw.h: r1.7
  -       +1: nd, bnicholes, trawick
  -
       *) mod_headers: Regression from 1.3: There's no ErrorHeader directive.
          Since this was always a misnomer, it was dropped in 2.1 and
          Header was extended instead. Backport this from 2.1 and document
  
  
  
  No                   revision
  No                   revision
  1.2.2.4   +3 -0      httpd-2.0/os/netware/pre_nw.h
  
  Index: pre_nw.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/os/netware/pre_nw.h,v
  retrieving revision 1.2.2.3
  retrieving revision 1.2.2.4
  diff -u -u -r1.2.2.3 -r1.2.2.4
  --- pre_nw.h	9 Feb 2004 20:59:45 -0000	1.2.2.3
  +++ pre_nw.h	15 Aug 2004 22:42:14 -0000	1.2.2.4
  @@ -60,6 +60,9 @@
   /* Allow MOD_AUTH_DBM to use APR */
   #define AP_AUTH_DBM_USE_APR
   
  +/* Restrict the number of nested includes */
  +#define AP_MAX_INCLUDE_DEPTH    48
  +
   #endif
   
   
  
  
  
  No                   revision
  No                   revision
  1.156.2.16 +1 -1      httpd-2.0/server/config.c
  
  Index: config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/config.c,v
  retrieving revision 1.156.2.15
  retrieving revision 1.156.2.16
  diff -u -u -r1.156.2.15 -r1.156.2.16
  --- config.c	12 Apr 2004 21:34:18 -0000	1.156.2.15
  +++ config.c	15 Aug 2004 22:42:14 -0000	1.156.2.16
  @@ -1108,7 +1108,7 @@
   {
       ap_directive_t *current = *conftree;
       ap_directive_t *curr_parent = NULL;
  -    char l[MAX_STRING_LEN];
  +    char *l = apr_palloc (temp_pool, MAX_STRING_LEN);
       const char *errmsg;
   
       if (current != NULL) {
  
  
  
  1.225.2.25 +33 -1     httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.225.2.24
  retrieving revision 1.225.2.25
  diff -u -u -r1.225.2.24 -r1.225.2.25
  --- core.c	12 Jul 2004 17:03:18 -0000	1.225.2.24
  +++ core.c	15 Aug 2004 22:42:14 -0000	1.225.2.25
  @@ -59,6 +59,11 @@
   
   #define AP_MIN_SENDFILE_BYTES           (256)
   
  +/* maximum include nesting level */
  +#ifndef AP_MAX_INCLUDE_DEPTH
  +#define AP_MAX_INCLUDE_DEPTH            (128)
  +#endif
  +
   APR_HOOK_STRUCT(
       APR_HOOK_LINK(get_mgmt_items)
   )
  @@ -2244,9 +2249,30 @@
                                      const char *name)
   {
       ap_directive_t *conftree = NULL;
  -    const char* conffile = ap_server_root_relative(cmd->pool, name);
  +    const char* conffile;
  +    unsigned *recursion;
  +    void *data;
  +
  +    apr_pool_userdata_get(&data, "ap_include_sentinel", cmd->pool);
  +    if (data) {
  +        recursion = data;
  +    }
  +    else {
  +        data = recursion = apr_palloc(cmd->pool, sizeof(*recursion));
  +        *recursion = 0;
  +        apr_pool_userdata_setn(data, "ap_include_sentinel", NULL, cmd->pool);
  +    }
   
  +    if (++*recursion > AP_MAX_INCLUDE_DEPTH) {
  +        *recursion = 0;
  +        return apr_psprintf(cmd->pool, "Exceeded maximum include depth of %u. "
  +                            "You have probably a recursion somewhere.",
  +                            AP_MAX_INCLUDE_DEPTH);
  +    }
  +
  +    conffile = ap_server_root_relative(cmd->pool, name);
       if (!conffile) {
  +        *recursion = 0;
           return apr_pstrcat(cmd->pool, "Invalid Include path ", 
                              name, NULL);
       }
  @@ -2254,6 +2280,12 @@
       ap_process_resource_config(cmd->server, conffile,
                                  &conftree, cmd->pool, cmd->temp_pool);
       *(ap_directive_t **)dummy = conftree;
  +
  +    /* recursion level done */
  +    if (*recursion) {
  +        --*recursion;
  +    }
  +
       return NULL;
   }
   
  
  
  

Mime
View raw message