httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From s.@apache.org
Subject svn commit: r1213344 - in /httpd/httpd/branches/2.4.x: ./ CHANGES docs/manual/configuring.xml include/http_config.h include/util_varbuf.h server/config.c server/util.c
Date Mon, 12 Dec 2011 18:20:16 GMT
Author: sf
Date: Mon Dec 12 18:20:15 2011
New Revision: 1213344

URL: http://svn.apache.org/viewvc?rev=1213344&view=rev
Log:
Merge r1213338:
Limit length of lines in .htaccess to 8K again, to reduce DoS potential.
Make ap_varbuf_cfg_getline() strictly enforce the max_len parameter.

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/docs/manual/configuring.xml
    httpd/httpd/branches/2.4.x/include/http_config.h
    httpd/httpd/branches/2.4.x/include/util_varbuf.h
    httpd/httpd/branches/2.4.x/server/config.c
    httpd/httpd/branches/2.4.x/server/util.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Dec 12 18:20:15 2011
@@ -1,3 +1,3 @@
 /httpd/httpd/branches/revert-ap-ldap:1150158-1150173
 /httpd/httpd/branches/wombat-integration:723609-723841
-/httpd/httpd/trunk:1201042,1201111,1201194,1201198,1201202,1202236,1202456,1202886,1203859,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206587,1206850,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210080,1210124,1210130,1210219,1210221,1210252,1210284,1210378,1210725,1210892,1210951,1210954,1211528,1211663,1211680,1212883
+/httpd/httpd/trunk:1201042,1201111,1201194,1201198,1201202,1202236,1202456,1202886,1203859,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206587,1206850,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210080,1210124,1210130,1210219,1210221,1210252,1210284,1210378,1210725,1210892,1210951,1210954,1211528,1211663,1211680,1212883,1213338

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Mon Dec 12 18:20:15 2011
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.0
 
+  *) core: Limit line length in .htaccess to 8K like in 2.2.x, to avoid
+     additional DoS potential. [Stefan Fritsch]
+
   *) core, all modules: Add unique tag to most error log messages. [Stefan
      Fritsch]
 

Modified: httpd/httpd/branches/2.4.x/docs/manual/configuring.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/configuring.xml?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/configuring.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/configuring.xml Mon Dec 12 18:20:15 2011
@@ -96,6 +96,11 @@ Server.</p>
     module="mod_env">SetEnv</directive>, take effect too late to be used for
     expansions in the configuration file.</p>
 
+    <p>The maximum length of a line in normal configuration files, after
+    variable substitution and joining any continued lines, is approximately
+    16 MiB. In <a href="configuring.xml#htaccess">.htaccess files</a>, the
+    maximum length is 8190 characters.</p>
+
     <p>You can check your configuration files for syntax errors
     without starting the server by using <code>apachectl
     configtest</code> or the <code>-t</code> command line

Modified: httpd/httpd/branches/2.4.x/include/http_config.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/http_config.h?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/include/http_config.h (original)
+++ httpd/httpd/branches/2.4.x/include/http_config.h Mon Dec 12 18:20:15 2011
@@ -818,6 +818,8 @@ AP_DECLARE(const char *) ap_pcfg_strerro
  * @param cmd The cmd_parms to pass to the directives inside the container
  * @param directive The directive name to read until
  * @return Error string on failure, NULL on success
+ * @note If cmd->pool == cmd->temp_pool, ap_soak_end_container() will assume
+ *       .htaccess context and use a lower maximum line length.
  */
 AP_DECLARE(const char *) ap_soak_end_container(cmd_parms *cmd, char *directive);
 
@@ -831,6 +833,8 @@ AP_DECLARE(const char *) ap_soak_end_con
  * @param curr_parent The current parent node
  * @param orig_directive The directive to read until hit.
  * @return Error string on failure, NULL on success
+ * @note If p == temp_pool, ap_build_cont_config() will assume .htaccess
+ *       context and use a lower maximum line length.
 */
 AP_DECLARE(const char *) ap_build_cont_config(apr_pool_t *p,
                                               apr_pool_t *temp_pool,
@@ -846,6 +850,8 @@ AP_DECLARE(const char *) ap_build_cont_c
  * @param temp_pool The temporary pool
  * @param conftree Place to store the root node of the config tree
  * @return Error string on erro, NULL otherwise
+ * @note If conf_pool == temp_pool, ap_build_config() will assume .htaccess
+ *       context and use a lower maximum line length.
  */
 AP_DECLARE(const char *) ap_build_config(cmd_parms *parms,
                                          apr_pool_t *conf_pool,

Modified: httpd/httpd/branches/2.4.x/include/util_varbuf.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/include/util_varbuf.h?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/include/util_varbuf.h (original)
+++ httpd/httpd/branches/2.4.x/include/util_varbuf.h Mon Dec 12 18:20:15 2011
@@ -150,10 +150,8 @@ AP_DECLARE(apr_status_t) ap_varbuf_regsu
 /** Read a line from an ap_configfile_t into an ap_varbuf.
  * @param vb pointer to the ap_varbuf struct
  * @param cfg pointer to the ap_configfile_t
- * @param max_len (soft) limit for the size of the buffer
+ * @param max_len maximum line length, including leading/trailing whitespace
  * @return see ap_cfg_getline()
- * @note The buffer will not be grown once it has reached at least max_len
- *       bytes. This means that the returned line can be longer than max_len.
  * @note vb->strlen will be set to the length of the line
  */
 AP_DECLARE(apr_status_t) ap_varbuf_cfg_getline(struct ap_varbuf *vb,

Modified: httpd/httpd/branches/2.4.x/server/config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/config.c?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/config.c (original)
+++ httpd/httpd/branches/2.4.x/server/config.c Mon Dec 12 18:20:15 2011
@@ -1202,11 +1202,14 @@ AP_DECLARE(const char *) ap_build_cont_c
     ap_directive_t *sub_tree = NULL;
     apr_status_t rc;
     struct ap_varbuf vb;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (p == temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     bracket = apr_pstrcat(temp_pool, orig_directive + 1, ">", NULL);
     ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN);
 
-    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN))
+    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len))
            == APR_SUCCESS) {
         if (!memcmp(vb.buf, "</", 2)
             && (strcasecmp(vb.buf + 2, bracket) == 0)
@@ -1324,6 +1327,9 @@ AP_DECLARE(const char *) ap_build_config
     ap_directive_t **last_ptr = NULL;
     apr_status_t rc;
     struct ap_varbuf vb;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (p == temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     ap_varbuf_init(temp_pool, &vb, VARBUF_INIT_LEN);
 
@@ -1349,7 +1355,7 @@ AP_DECLARE(const char *) ap_build_config
         }
     }
 
-    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, VARBUF_MAX_LEN))
+    while ((rc = ap_varbuf_cfg_getline(&vb, parms->config_file, max_len))
            == APR_SUCCESS) {
         errmsg = ap_build_config_sub(p, temp_pool, vb.buf, parms,
                                      &current, &curr_parent, conftree);
@@ -1540,10 +1546,13 @@ AP_DECLARE(const char *) ap_soak_end_con
     const char *args;
     char *cmd_name;
     apr_status_t rc;
+    apr_size_t max_len = VARBUF_MAX_LEN;
+    if (cmd->pool == cmd->temp_pool)
+        max_len = HUGE_STRING_LEN; /* lower limit for .htaccess */
 
     ap_varbuf_init(cmd->temp_pool, &vb, VARBUF_INIT_LEN);
 
-    while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, VARBUF_MAX_LEN))
+    while((rc = ap_varbuf_cfg_getline(&vb, cmd->config_file, max_len))
           == APR_SUCCESS) {
 #if RESOLVE_ENV_PER_TOKEN
         args = vb.buf;

Modified: httpd/httpd/branches/2.4.x/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/util.c?rev=1213344&r1=1213343&r2=1213344&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/server/util.c (original)
+++ httpd/httpd/branches/2.4.x/server/util.c Mon Dec 12 18:20:15 2011
@@ -1112,6 +1112,8 @@ AP_DECLARE(apr_status_t) ap_varbuf_cfg_g
         ap_varbuf_grow(vb, new_len);
         --cfp->line_number;
     }
+    if (vb->strlen > max_len)
+        return APR_ENOSPC;
     if (rc == APR_SUCCESS)
         vb->strlen = cfg_trim_line(vb->buf);
     return rc;



Mime
View raw message