httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/server util_script.c
Date Fri, 27 Aug 2004 09:03:24 GMT
jorton      2004/08/27 02:03:24

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               modules/mappers Tag: APACHE_2_0_BRANCH mod_rewrite.c
               modules/ssl Tag: APACHE_2_0_BRANCH mod_ssl.h ssl_engine_io.c
                        ssl_engine_vars.c
               os/unix  Tag: APACHE_2_0_BRANCH unixd.c
               server   Tag: APACHE_2_0_BRANCH util_script.c
  Log:
  Backport from HEAD:
  
  * os/unix/unixd.c (unixd_accept): Eliminate now-redundant call to
  apr_os_sock_get(); let APR check for accept returning zero on TPF.
  
  * modules/ssl/ssl_engine_io.c (ssl_io_input_read): Fix rollback
  handling for AP_MODE_SPECULATIVE.
  
  * modules/mappers/mod_rewrite.c (post_config): Retrieve optional
  functions from mod_ssl.  (lookup_variable): Support SSL:...
  and HTTPS variables via mod_ssl optional hooks, if available.
  
  * server/util_script.c (ap_scan_script_header_err_core): Set
  Content-Range in r->headers_out, so that the byterange filter knows to
  do nothing for a CGI script which produced a content-range.
  
  * modules/ssl/mod_ssl.h: Declare ssl_is_https optional function.
  
  * modules/ssl/ssl_engine_vars.c (ssl_is_https): New function.
  (ssl_var_register): Register it.
  
  PR: 30134, 30464
  Reviewed by: trawick, jerenkrantz, nd, stoddard
  
  Revision  Changes    Path
  No                   revision
  No                   revision
  1.988.2.338 +13 -0     httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.337
  retrieving revision 1.988.2.338
  diff -d -w -u -r1.988.2.337 -r1.988.2.338
  --- CHANGES	26 Aug 2004 22:16:52 -0000	1.988.2.337
  +++ CHANGES	27 Aug 2004 09:03:21 -0000	1.988.2.338
  @@ -1,5 +1,18 @@
   Changes with Apache 2.0.51
   
  +  *) SECURITY: CAN-2004-0751 (cve.mitre.org)
  +     mod_ssl: Fix a segfault in the SSL input filter which could be
  +     triggered if using "speculative" mode, for instance by a 
  +     proxy request to an SSL server.  PR 30134.  [Joe Orton]
  +
  +  *) mod_rewrite: Add %{SSL:...} and %{HTTPS} variable lookups.
  +     PR 30464.  [Joe Orton]
  +
  +  *) mod_ssl: Add new 'ssl_is_https' optional function.  [Joe Orton]
  +
  +  *) Prevent CGI script output which includes a Content-Range header
  +     from being passed through the byterange filter.  [Joe Orton]
  +
     *) Satisfy directives now can be influenced by a surrounding <Limit>
        container.  PR 14726.  [André Malo]
   
  
  
  
  1.751.2.1024 +1 -23     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.1023
  retrieving revision 1.751.2.1024
  diff -d -w -u -r1.751.2.1023 -r1.751.2.1024
  --- STATUS	26 Aug 2004 22:21:33 -0000	1.751.2.1023
  +++ STATUS	27 Aug 2004 09:03:22 -0000	1.751.2.1024
  @@ -83,28 +83,6 @@
          +1: stoddard, trawick
          nd: I'd like to add 1.169
   
  -    *) [SECURITY] mod_ssl: Fix potential input filter segfaults in SPECULATIVE mode.
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126
  -       PR: 30134
  -       +1: jorton, trawick, jerenkrantz
  -
  -    *) unixd_accept: Eliminate now-unnecessary apr_os_sock_get() call.
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/os/unix/unixd.c?r1=1.66&r2=1.67
  -       +1: jorton, trawick, jerenkrantz
  -
  -    *) Prevent byterange filter doing its thang for a CGI which returns a Content-Range
  -       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/util_script.c?r1=1.89&r2=1.90
  -       +1: jorton, trawick, nd, jerenkrantz
  -
  -    *) mod_ssl: Add ssl_is_https optional hook.
  -       http://www.apache.org/~jorton/mod_ssl-2.0-ishttps.diff
  -       +1: jorton, stoddard, trawick, nd
  -
  -    *) mod_rewrite: Add %{SSL:...} and %{HTTPS} support (regression from 1.3/mod_ssl).
  -       http://www.apache.org/~jorton/mod_rewrite-2.0-sslvar.diff
  -       PR: 30464
  -       +1: jorton, stoddard, nd
  -
       *) Remove LDAP toolkit specific code from util_ldap and mod_auth_ldap.
            modules/experimental/mod_auth_ldap.c: 1.28
            modules/experimental/util_ldap.c: 1.36
  
  
  
  No                   revision
  No                   revision
  1.135.2.29 +24 -0     httpd-2.0/modules/mappers/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/mappers/mod_rewrite.c,v
  retrieving revision 1.135.2.28
  retrieving revision 1.135.2.29
  diff -d -w -u -r1.135.2.28 -r1.135.2.29
  --- mod_rewrite.c	26 Aug 2004 21:53:24 -0000	1.135.2.28
  +++ mod_rewrite.c	27 Aug 2004 09:03:23 -0000	1.135.2.29
  @@ -73,6 +73,14 @@
   #include "http_protocol.h"
   #include "mod_rewrite.h"
   
  +/* mod_ssl.h is not safe for inclusion in 2.0, so duplicate the
  + * optional function declarations. */
  +APR_DECLARE_OPTIONAL_FN(char *, ssl_var_lookup,
  +                        (apr_pool_t *, server_rec *,
  +                         conn_rec *, request_rec *,
  +                         char *));
  +APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
  +
   #if !defined(OS2) && !defined(WIN32) && !defined(BEOS)  && !defined(NETWARE)
   #include "unixd.h"
   #define MOD_REWRITE_SET_MUTEX_PERMS /* XXX Apache should define something */
  @@ -135,6 +143,10 @@
   static apr_global_mutex_t *rewrite_mapr_lock_acquire = NULL;
   static apr_global_mutex_t *rewrite_log_lock = NULL;
   
  +/* Optional functions imported from mod_ssl when loaded: */
  +static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *rewrite_ssl_lookup = NULL;
  +static APR_OPTIONAL_FN_TYPE(ssl_is_https) *rewrite_is_https = NULL;
  +
   /*
   ** +-------------------------------------------------------+
   ** |                                                       |
  @@ -1018,6 +1030,10 @@
               }
           }
       }
  +
  +    rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
  +    rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
  +
       return OK;
   }
   
  @@ -3902,6 +3918,11 @@
               result = getenv(var+4);
           }
       }
  +    else if (strlen(var) > 4 && !strncasecmp(var, "SSL:", 4) 
  +             && rewrite_ssl_lookup) {
  +        result = rewrite_ssl_lookup(r->pool, r->server, r->connection, r, 
  +                                    var + 4);
  +    }
   
   #define LOOKAHEAD(subrecfunc) \
           if ( \
  @@ -3949,6 +3970,9 @@
           if (r->finfo.valid & APR_FINFO_GROUP) {
               apr_group_name_get((char **)&result, r->finfo.group, r->pool);
           }
  +    } else if (strcasecmp(var, "HTTPS") == 0) {
  +        int flag = rewrite_is_https && rewrite_is_https(r->connection);
  +        result = flag ? "on" : "off";
       }
   
       if (result == NULL) {
  
  
  
  No                   revision
  No                   revision
  1.122.2.11 +4 -0      httpd-2.0/modules/ssl/mod_ssl.h
  
  Index: mod_ssl.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.h,v
  retrieving revision 1.122.2.10
  retrieving revision 1.122.2.11
  diff -d -w -u -r1.122.2.10 -r1.122.2.11
  --- mod_ssl.h	23 Aug 2004 15:18:54 -0000	1.122.2.10
  +++ mod_ssl.h	27 Aug 2004 09:03:24 -0000	1.122.2.11
  @@ -665,6 +665,10 @@
                            conn_rec *, request_rec *,
                            char *));
   
  +/* An optional function which returns non-zero if the given connection
  + * is using SSL/TLS. */
  +APR_DECLARE_OPTIONAL_FN(int, ssl_is_https, (conn_rec *));
  +
   /* Proxy Support */
   int ssl_proxy_enable(conn_rec *c);
   int ssl_engine_disable(conn_rec *c);
  
  
  
  1.100.2.16 +6 -2      httpd-2.0/modules/ssl/ssl_engine_io.c
  
  Index: ssl_engine_io.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
  retrieving revision 1.100.2.15
  retrieving revision 1.100.2.16
  diff -d -w -u -r1.100.2.15 -r1.100.2.16
  --- ssl_engine_io.c	23 Aug 2004 14:59:52 -0000	1.100.2.15
  +++ ssl_engine_io.c	27 Aug 2004 09:03:24 -0000	1.100.2.16
  @@ -562,8 +562,12 @@
           *len = bytes;
           if (inctx->mode == AP_MODE_SPECULATIVE) {
               /* We want to rollback this read. */
  +            if (inctx->cbuf.length > 0) {
               inctx->cbuf.value -= bytes;
               inctx->cbuf.length += bytes;
  +            } else {
  +                char_buffer_write(&inctx->cbuf, buf, (int)bytes);
  +            }
               return APR_SUCCESS;
           }
           /* This could probably be *len == wanted, but be safe from stray
  
  
  
  1.22.2.9  +7 -0      httpd-2.0/modules/ssl/ssl_engine_vars.c
  
  Index: ssl_engine_vars.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_vars.c,v
  retrieving revision 1.22.2.8
  retrieving revision 1.22.2.9
  diff -d -w -u -r1.22.2.8 -r1.22.2.9
  --- ssl_engine_vars.c	9 Feb 2004 20:53:20 -0000	1.22.2.8
  +++ ssl_engine_vars.c	27 Aug 2004 09:03:24 -0000	1.22.2.9
  @@ -47,8 +47,15 @@
   static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
   static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
   
  +static int ssl_is_https(conn_rec *c)
  +{
  +    SSLConnRec *sslconn = myConnConfig(c);
  +    return sslconn && sslconn->ssl;
  +}
  +
   void ssl_var_register(void)
   {
  +    APR_REGISTER_OPTIONAL_FN(ssl_is_https);
       APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
       return;
   }
  
  
  
  No                   revision
  No                   revision
  1.55.2.11 +1 -8      httpd-2.0/os/unix/unixd.c
  
  Index: unixd.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/os/unix/unixd.c,v
  retrieving revision 1.55.2.10
  retrieving revision 1.55.2.11
  diff -d -w -u -r1.55.2.10 -r1.55.2.11
  --- unixd.c	26 May 2004 23:03:13 -0000	1.55.2.10
  +++ unixd.c	27 Aug 2004 09:03:24 -0000	1.55.2.11
  @@ -462,19 +462,12 @@
   {
       apr_socket_t *csd;
       apr_status_t status;
  -    int sockdes;
   
       *accepted = NULL;
       status = apr_accept(&csd, lr->sd, ptrans);
       if (status == APR_SUCCESS) { 
           *accepted = csd;
  -        apr_os_sock_get(&sockdes, csd);
  -#ifdef TPF
  -        if (sockdes == 0) {                  /* 0 is invalid socket for TPF */
  -            return APR_EINTR;
  -        }
  -#endif
  -        return status;
  +        return APR_SUCCESS;
       }
   
       if (APR_STATUS_IS_EINTR(status)) {
  
  
  
  No                   revision
  No                   revision
  1.80.2.6  +3 -0      httpd-2.0/server/util_script.c
  
  Index: util_script.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/util_script.c,v
  retrieving revision 1.80.2.5
  retrieving revision 1.80.2.6
  diff -d -w -u -r1.80.2.5 -r1.80.2.6
  --- util_script.c	9 Feb 2004 20:59:46 -0000	1.80.2.5
  +++ util_script.c	27 Aug 2004 09:03:24 -0000	1.80.2.6
  @@ -556,6 +556,9 @@
   	else if (!strcasecmp(w, "Content-Length")) {
   	    apr_table_set(r->headers_out, w, l);
   	}
  +        else if (!strcasecmp(w, "Content-Range")) {
  +            apr_table_set(r->headers_out, w, l);
  +        }
   	else if (!strcasecmp(w, "Transfer-Encoding")) {
   	    apr_table_set(r->headers_out, w, l);
   	}
  
  
  

Mime
View raw message