Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 4A6BA200BF4 for ; Fri, 23 Dec 2016 06:22:18 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 3DF51160B35; Fri, 23 Dec 2016 05:22:18 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 697CD160B26 for ; Fri, 23 Dec 2016 06:22:16 +0100 (CET) Received: (qmail 28763 invoked by uid 500); 23 Dec 2016 05:22:15 -0000 Mailing-List: contact cvs-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list cvs@httpd.apache.org Received: (qmail 28754 invoked by uid 99); 23 Dec 2016 05:22:15 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 23 Dec 2016 05:22:15 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id B6D403A0111 for ; Fri, 23 Dec 2016 05:22:14 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1775788 [1/2] - in /httpd/httpd/branches/2.2.x: ./ docs/manual/mod/ include/ modules/http/ server/ Date: Fri, 23 Dec 2016 05:22:13 -0000 To: cvs@httpd.apache.org From: wrowe@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20161223052214.B6D403A0111@svn01-us-west.apache.org> archived-at: Fri, 23 Dec 2016 05:22:18 -0000 Author: wrowe Date: Fri Dec 23 05:22:13 2016 New Revision: 1775788 URL: http://svn.apache.org/viewvc?rev=1775788&view=rev Log: I really just did that on my test-merge branch??? fueque... reverting r1775787 Modified: httpd/httpd/branches/2.2.x/ (props changed) httpd/httpd/branches/2.2.x/CHANGES httpd/httpd/branches/2.2.x/STATUS httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml httpd/httpd/branches/2.2.x/include/ap_mmn.h httpd/httpd/branches/2.2.x/include/http_core.h httpd/httpd/branches/2.2.x/include/http_protocol.h httpd/httpd/branches/2.2.x/include/httpd.h httpd/httpd/branches/2.2.x/modules/http/http_filters.c httpd/httpd/branches/2.2.x/server/core.c httpd/httpd/branches/2.2.x/server/gen_test_char.c httpd/httpd/branches/2.2.x/server/protocol.c httpd/httpd/branches/2.2.x/server/util.c httpd/httpd/branches/2.2.x/server/vhost.c Propchange: httpd/httpd/branches/2.2.x/ ------------------------------------------------------------------------------ --- svn:mergeinfo (original) +++ svn:mergeinfo Fri Dec 23 05:22:13 2016 @@ -1,4 +1,2 @@ -/httpd/httpd/branches/2.2.x-merge-http-strict:1775686-1775717,1775749-1775780 /httpd/httpd/branches/2.4.x:1555538,1555559,1648845,1649003,1681034,1682929,1682939,1707123,1722573,1726087 -/httpd/httpd/branches/2.4.x-merge-http-strict:1767913-1775776 -/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,892678,892808,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1057372,1058192,1070096,1082189,1082196,1090645,1100511,1172732,1178566,1185385,1188745,1200040,1200372,1200374,1213380,1213391,1222335,1223048,1231446,1237407,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,13453 19,1348656,1349905,1352911-1352912,1363183,1363186,1366344,1367778,1368131,1368396,1369568,1392347,1395225,1398066,1400700,1406719,1407004,1407088,1407528,1407599,1407643,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1425366,1426827,1426877,1426879,1426988,1426992,1428145,1433613,1435178,1436457,1446421,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1483005,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1597352,1603156,1604353,1610207,1610311,1610383,1610491,1610501,1611165,1611169,1620932,1621453,1635762,1643537,1643543,1648840,1649001,1649043,16 50310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1664576,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,1683123,1684513,1684900,1685345,1685347,1685349-1685350,1687539,1687642-1687643,1687680,1688274,1688331,1688339-1688340,1688343,1688536,1688538,1697013,1697015,1706989,1710095,1722572,1723567,1726086,1727544,1745767,1748448,1753228,1754536,1754538-1754541,1754544,1754547-1754548,1754555-1754556,1754568-1754570,1754577,1754579,1755123-1755126,1755233-1755236,1755263-1755264,1755343,1755744,1756540,1756555,1756649,1756729,1756821,1756823-1756824,1756847,1756849,1756862,1756934,1756937,1756946,1756959,1756978,1757062,1757065,1757589,1757593,1757711,1757920-1757921,1757924,1758226,1758263,1758265-1758266,1758304-1758305,1758313,1760444,1764961,1765112-1765115,1765451,1769965,1770786,1770817,1770867,1770869,1771690,1772418,1773159,1773162,1773293,1773346,1773761,1773779,1773812,1773861 -1773862,1773865,1774286 +/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,892678,892808,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1100511,1102124,1172732,1200040,1200372,1200374,1213380,1213391,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,13631 83,1363186,1366344,1367778,1368131,1368396,1369568,1395225,1398066,1400700,1407004,1407088,1407528,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1597352,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621419,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,16 80942,1681037,1682923,1682937,1684513,1684900,1685345,1685347,1685349-1685350,1687539,1687680,1688274,1688331,1688339-1688340,1688343,1688536,1688538,1697013,1697015,1706989,1710095,1722572,1723567,1726086,1727544,1745767,1748448,1753228 Modified: httpd/httpd/branches/2.2.x/CHANGES URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original) +++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Fri Dec 23 05:22:13 2016 @@ -1,46 +1,17 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.32 - *) SECURITY: CVE-2016-8743 (cve.mitre.org) - Enforce HTTP request grammar corresponding to RFC7230 for request lines - and request headers, to prevent response splitting and cache pollution by - malicious clients or downstream proxies. [William Rowe, Stefan Fritsch] - - *) CVE-2016-5387: core: Mitigate [f]cgi "httpoxy" issues. + *) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues. [Dominic Scheirlinck , Yann Ylavic] - *) Validate HTTP response header grammar defined by RFC7230, resulting - in a 500 error in the event that invalid response header contents are - detected when serving the response, to avoid response splitting and cache - pollution by malicious clients, upstream servers or faulty modules. - [Stefan Fritsch, Eric Covener, Yann Ylavic] - - *) core: Enforce LimitRequestFieldSize after multiple headers with the same - name have been merged. [Stefan Fritsch] - - *) core: Drop Content-Length header and message-body from HTTP 204 responses. - PR 51350 [Luca Toscano] - - *) core: Permit unencoded ';' characters to appear in proxy requests and - Location: response headers. Corresponds to modern browser behavior. - [William Rowe] - - *) core: ap_rgetline_core now pulls from r->proto_input_filters. - - *) core: Correctly parse an IPv6 literal host specification in an absolute - URL in the request line. [Stefan Fritsch] - - *) core: New directive RegisterHttpMethod for registering non-standard - HTTP methods. [Stefan Fritsch] - *) core: Limit to ten the number of tolerated empty lines between request. [Yann Ylavic] - *) core: reject NULLs in request line or request headers. + *) Core: reject NULLs in request line or request headers. PR 43039 [Nick Kew] - *) core: Avoid a possible truncation of the faulty header included in the - HTML response when LimitRequestFieldSize is reached. [Yann Ylavic] + *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params. + [Jan Kaluza, Yann Ylavic] *) mod_proxy: Fix a regression with 2.2.31 that caused inherited workers to use a different scoreboard slot then the original one. PR 58267. @@ -71,12 +42,6 @@ Changes with Apache 2.2.32 failures under Visual Studio 2015 and other mismatched MSVCRT flavors. PR59630 [Jan Ehrhardt ] - *) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params. - [Jan Kaluza, Yann Ylavic] - - *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes. - PR 57167 [Edward Lu ] - Changes with Apache 2.2.31 *) Correct win32 build issues for mod_proxy exports, OpenSSL 1.0.x headers. Modified: httpd/httpd/branches/2.2.x/STATUS URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/STATUS (original) +++ httpd/httpd/branches/2.2.x/STATUS Fri Dec 23 05:22:13 2016 @@ -99,32 +99,6 @@ CURRENT RELEASE NOTES: RELEASE SHOWSTOPPERS: - *) Rather than odds-and-ends applied out of order, proposing we revert - r1757240, r1757256, r1757295, r1758671, r1758672, r1775232, all of - which is now recorded in the 2.2.x-merge-http-strict branch, and - bring that branch back into 2.2.x for 2.4.32 release. - Merges; - -c-1775232 . - -c-1757672 . - -c-1757671 . - -c-1757295 . - -c-1757256 . - -c-1757240 . - [here we are back at 2.2.32-dev bump] - -r1775685:1775780 https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x-merge-http-strict/ - Roll-up patch of the above (not recommended for casual reading, these - would be committed individually as noted above... but for only for sanity - testing the end result. Due to intervening CHANGES/ap_mmn changes, there - is small delta after reverting the above...) - https://raw.githubusercontent.com/wrowe/patches/master/httpd-2.2-HEAD-http-protocol-strict.patch - This patch above does *NOT* apply to the 2.2.31 release, c.f. the delta - of the 2.2.x-merge-http-strict branch for that information. This is for - folks who are testing rollbacks plus 2.4.x activity against 2.2.x HEAD! - Sorry to start from scratch, but yann's correct observation was correct, - that nothing will apply out-of-order, and everything on 2.2 branch had - already become disordered. - +1: wrowe - PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] @@ -178,6 +152,44 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK: http://home.apache.org/~ylavic/patches/httpd-2.2.x-r1753592.patch +1: ylavic + *) Enforce LimitRequestFieldSize after multiple headers with the same + name have been merged, Ensure LimitRequestFieldSize is always logged. + Downgrade some more log messages indicating client errors from level error + to info. Add log messages for various reasons to return HTTP_BAD_REQUEST. + Correctly return a 400 (Bad request) in case of a HTTP/0.9 request like + "GET @example.org/foo". + Add some trace logging to core (using AP_DEBUG_THE_REQUEST macro, because + the TRACE5 facilities aren't in 2.2.x branch). + Improve error message (PR 54384). + Submitted by: sf, rpluem, jailletc36 + [Note: everything in this patch is modifying logging and brings in the + LimitRequestFieldSize logic used for the lifespan of 2.4.x] + Trunk version of patch + http://svn.apache.org/r951900 (server/protocol.c alone) + http://svn.apache.org/r1178566 + http://svn.apache.org/r1185385 + http://svn.apache.org/r1188745 + http://svn.apache.org/r1352911 + http://svn.apache.org/r1433613 + Backport: (Adjustments dodging 2.4'isms such as APLOGNO's) + https://raw.githubusercontent.com/wrowe/patches/master/backport-2.2.x-r951900-r1178566-r1185385-r1188745-r1352911-r1433613.patch + +1: wrowe, covener + ylavic: the patch does not apply cleanly? (I tried both w/ and w/o + backport-2.2.x-r892678.patch first, conflicts in protocol.c) + + *) core: ErrorDocument now works for requests without a Host header. + Support custom ErrorDocuments for HTTP 501 and 414 status codes. + PR: 48357, 57167 + Submitted by: trawick, [Edward Lu ] + Trunk version of patch + http://svn.apache.org/r1392347 + http://svn.apache.org/r1635762 + Backport: + https://raw.githubusercontent.com/wrowe/patches/master/backport-2.2.x-r1392347-r1635762.patch + +1: wrowe, covener + ylavic: same here (hunk + access_status = HTTP_BAD_REQUEST;) + depends on the previous one? + *) core: potential rejection of valid MaxMemFree and ThreadStackSize directives trunk patch: https://svn.apache.org/r1542338 2.4.x patch: https://svn.apache.org/r1542549 Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml (original) +++ httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml Fri Dec 23 05:22:13 2016 @@ -1440,82 +1440,6 @@ MIME content-type - -HttpProtocolOptions -Modify restrictions on HTTP Request Messages -HttpProtocolOptions [Strict|Unsafe] [RegisteredMethods|LenientMethods] - [Allow0.9|Require1.0] -HttpProtocolOptions Strict LenientMethods Allow0.9 -server config -virtual host -2.2.32 or 2.4.24 and later - - -

This directive changes the rules applied to the HTTP Request Line - (RFC 7230 §3.1.1) and the HTTP Request Header Fields - (RFC 7230 §3.2), which are now applied by default or using - the Strict option. Due to legacy modules, applications or - custom user-agents which must be deperecated the Unsafe - option has been added to revert to the legacy behaviors. These rules - are applied prior to request processing, so must be configured at the - global or default (first) matching virtual host section, by IP/port - interface (and not by name) to be honored.

- -

Prior to the introduction of this directive, the Apache HTTP Server - request message parsers were tolerant of a number of forms of input - which did not conform to the protocol. - RFC 7230 §9.4 Request Splitting and - §9.5 Response Smuggling call out only two of the potential - risks of accepting non-conformant request messages, while - RFC 7230 §3.5 "Message Parsing Robustness" identify the - risks of accepting obscure whitespace and request message formatting. - As of the introduction of this directive, all grammer rules of the - specification are enforced in the default Strict operating - mode, and the strict whitespace suggested by section 3.5 is enforced - and cannot be relaxed.

- -

Users are strongly cautioned against toggling the Unsafe - mode of operation, particularly on outward-facing, publicly accessible - server deployments. If an interface is required for faulty monitoring - or other custom service consumers running on an intranet, users should - toggle the Unsafe option only on a specific virtual host configured - to service their internal private network.

- -

Reviewing the messages logged to the ErrorLog, - configured with LogLevel debug level, - can help identify such faulty requests along with their origin. - Users should pay particular attention to the 400 responses in the access - log for invalid requests which were unexpectedly rejected.

- -

RFC 7231 §4.1 "Request Methods" "Overview" requires that - origin servers shall respond with an error when an unsupported method - is encountered in the request line. This already happens when the - LenientMethods option is used, but administrators may wish - to toggle the RegisteredMethods option and register any - non-standard methods using the RegisterHttpMethod - directive, particularly if the Unsafe option has been toggled. - The RegisteredMethods option should not - be toggled for forward proxy hosts, as the methods supported by the - origin servers are unknown to the proxy server.

- -

RFC 2616 §19.6 "Compatibility With Previous Versions" had - encouraged HTTP servers to support legacy HTTP/0.9 requests. RFC 7230 - superceeds this with "The expectation to support HTTP/0.9 requests has - been removed" and offers additional comments in - RFC 7230 Appendix A. The Require1.0 option allows - the user to remove support of the default Allow0.9 option's - behavior.

- - - IfDefine Encloses directives that will be processed only @@ -3757,19 +3681,5 @@ hostname or IP address - -RegisterHttpMethod -Register non-standard HTTP methods -RegisterHttpMethod method [method [...]] -server config - -

HTTP Methods that are not conforming to the relvant RFCs are normally -rejected by request processing in Apache HTTPD. To avoid this, modules -can register non-standard HTTP methods they support. -The RegisterHttpMethod allows to register such -methods manually. This can be useful for if such methods are forwared -for external processing, e.g. to a CGI script.

- - Modified: httpd/httpd/branches/2.2.x/include/ap_mmn.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/ap_mmn.h?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/include/ap_mmn.h (original) +++ httpd/httpd/branches/2.2.x/include/ap_mmn.h Fri Dec 23 05:22:13 2016 @@ -160,13 +160,6 @@ * 20051115.40 (2.2.30) Add ap_map_http_request_error() * 20051115.41 (2.2.32) Add s member to proxy_server_conf struct and server * member to proxy_worker struct. - * 20151115.42 (2.2.32) Add http09_enable, http_conformance, and - * http_methods to core_server_config - * Add ap_scan_http_field_token(), - * ap_scan_http_field_content(), - * and ap_scan_vchar_obstext() - * Replaced fold boolean with with multiple bit flags - * to ap_[r]getline() */ #define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */ @@ -174,7 +167,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20051115 #endif -#define MODULE_MAGIC_NUMBER_MINOR 42 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 41 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a Modified: httpd/httpd/branches/2.2.x/include/http_core.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/http_core.h?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/include/http_core.h (original) +++ httpd/httpd/branches/2.2.x/include/http_core.h Fri Dec 23 05:22:13 2016 @@ -627,21 +627,6 @@ typedef struct { #define AP_MERGE_TRAILERS_DISABLE 2 int merge_trailers; -#define AP_HTTP09_UNSET 0 -#define AP_HTTP09_ENABLE 1 -#define AP_HTTP09_DISABLE 2 - char http09_enable; - -#define AP_HTTP_CONFORMANCE_UNSET 0 -#define AP_HTTP_CONFORMANCE_UNSAFE 1 -#define AP_HTTP_CONFORMANCE_STRICT 2 - char http_conformance; - -#define AP_HTTP_METHODS_UNSET 0 -#define AP_HTTP_METHODS_LENIENT 1 -#define AP_HTTP_METHODS_REGISTERED 2 - char http_methods; - } core_server_config; /* for AddOutputFiltersByType in core.c */ Modified: httpd/httpd/branches/2.2.x/include/http_protocol.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/http_protocol.h?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/include/http_protocol.h (original) +++ httpd/httpd/branches/2.2.x/include/http_protocol.h Fri Dec 23 05:22:13 2016 @@ -510,22 +510,17 @@ AP_DECLARE(int) ap_get_basic_auth_pw(req */ AP_CORE_DECLARE(void) ap_parse_uri(request_rec *r, const char *uri); -#define AP_GETLINE_FOLD 1 /* Whether to merge continuation lines */ -#define AP_GETLINE_CRLF 2 /*Whether line ends must be in the form CR LF */ - /** * Get the next line of input for the request * @param s The buffer into which to read the line * @param n The size of the buffer * @param r The request - * @param flags Bit flag of multiple parsing options - * AP_GETLINE_FOLD Whether to merge continuation lines - * AP_GETLINE_CRLF Whether line ends must be in the form CR LF + * @param fold Whether to merge continuation lines * @return The length of the line, if successful * n, if the line is too big to fit in the buffer * -1 for miscellaneous errors */ -AP_DECLARE(int) ap_getline(char *s, int n, request_rec *r, int flags); +AP_DECLARE(int) ap_getline(char *s, int n, request_rec *r, int fold); /** * Get the next line of input for the request @@ -543,9 +538,7 @@ AP_DECLARE(int) ap_getline(char *s, int * @param n The size of the buffer * @param read The length of the line. * @param r The request - * @param flags Bit flag of multiple parsing options - * AP_GETLINE_FOLD Whether to merge continuation lines - * AP_GETLINE_CRLF Whether line ends must be in the form CR LF + * @param fold Whether to merge continuation lines * @param bb Working brigade to use when reading buckets * @return APR_SUCCESS, if successful * APR_ENOSPC, if the line is too big to fit in the buffer @@ -554,7 +547,7 @@ AP_DECLARE(int) ap_getline(char *s, int #if APR_CHARSET_EBCDIC AP_DECLARE(apr_status_t) ap_rgetline(char **s, apr_size_t n, apr_size_t *read, - request_rec *r, int flags, + request_rec *r, int fold, apr_bucket_brigade *bb); #else /* ASCII box */ #define ap_rgetline(s, n, read, r, fold, bb) \ @@ -564,7 +557,7 @@ AP_DECLARE(apr_status_t) ap_rgetline(cha /** @see ap_rgetline */ AP_DECLARE(apr_status_t) ap_rgetline_core(char **s, apr_size_t n, apr_size_t *read, - request_rec *r, int flags, + request_rec *r, int fold, apr_bucket_brigade *bb); /** Modified: httpd/httpd/branches/2.2.x/include/httpd.h URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/httpd.h?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/include/httpd.h (original) +++ httpd/httpd/branches/2.2.x/include/httpd.h Fri Dec 23 05:22:13 2016 @@ -1414,28 +1414,6 @@ AP_DECLARE(char *) ap_get_list_item(apr_ */ AP_DECLARE(int) ap_find_list_item(apr_pool_t *p, const char *line, const char *tok); -/* Scan a string for field content chars, as defined by RFC7230 section 3.2 - * including VCHAR/obs-text, as well as HT and SP - * @param ptr The string to scan - * @return A pointer to the first (non-HT) ASCII ctrl character. - * @note lws and trailing whitespace are scanned, the caller is responsible - * for trimming leading and trailing whitespace - */ -AP_DECLARE(const char *) ap_scan_http_field_content(const char *ptr); - -/* Scan a string for token characters, as defined by RFC7230 section 3.2.6 - * @param ptr The string to scan - * @return A pointer to the first non-token character. - */ -AP_DECLARE(const char *) ap_scan_http_token(const char *ptr); - -/* Scan a string for visible ASCII (0x21-0x7E) or obstext (0x80+) - * and return a pointer to the first SP/CTL/NUL character encountered. - * @param ptr The string to scan - * @return A pointer to the first SP/CTL character. - */ -AP_DECLARE(const char *) ap_scan_vchar_obstext(const char *ptr); - /** * Retrieve a token, spacing over it and adjusting the pointer to * the first non-white byte afterwards. Note that these tokens Modified: httpd/httpd/branches/2.2.x/modules/http/http_filters.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/http_filters.c?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/modules/http/http_filters.c (original) +++ httpd/httpd/branches/2.2.x/modules/http/http_filters.c Fri Dec 23 05:22:13 2016 @@ -125,15 +125,14 @@ static apr_status_t bail_out_on_error(ht /** * Parse a chunk line with optional extension, detect overflow. - * There are several error cases: - * 1) If the chunk link is misformatted, APR_EINVAL is returned. - * 2) If the conversion would require too many bits, APR_EGENERAL is returned. - * 3) If the conversion used the correct number of bits, but an overflow + * There are two error cases: + * 1) If the conversion would require too many bits, APR_EGENERAL is returned. + * 2) If the conversion used the correct number of bits, but an overflow * caused only the sign bit to flip, then APR_ENOSPC is returned. - * A negative chunk length always indicates an overflow error. + * In general, any negative number can be considered an overflow error. */ static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer, - apr_size_t len, int linelimit, int strict) + apr_size_t len, int linelimit) { apr_size_t i = 0; @@ -146,12 +145,6 @@ static apr_status_t parse_chunk_size(htt if (ctx->state == BODY_CHUNK_END || ctx->state == BODY_CHUNK_END_LF) { if (c == LF) { - if (strict && (ctx->state != BODY_CHUNK_END_LF)) { - /* - * CR missing before LF. - */ - return APR_EINVAL; - } ctx->state = BODY_CHUNK; } else if (c == CR && ctx->state == BODY_CHUNK_END) { @@ -159,7 +152,7 @@ static apr_status_t parse_chunk_size(htt } else { /* - * CRLF expected. + * LF expected. */ return APR_EINVAL; } @@ -186,12 +179,6 @@ static apr_status_t parse_chunk_size(htt } if (c == LF) { - if (strict && (ctx->state != BODY_CHUNK_LF)) { - /* - * CR missing before LF. - */ - return APR_EINVAL; - } if (ctx->remaining) { ctx->state = BODY_CHUNK_DATA; } @@ -213,17 +200,14 @@ static apr_status_t parse_chunk_size(htt } else if (ctx->state == BODY_CHUNK_EXT) { /* - * Control chars (excluding tabs) are invalid. - * TODO: more precisely limit input + * Control chars (but tabs) are invalid. */ if (c != '\t' && apr_iscntrl(c)) { return APR_EINVAL; } } else if (c == ' ' || c == '\t') { - /* Be lenient up to 10 implied *LWS, a legacy of RFC 2616, - * and noted as errata to RFC7230; - * https://www.rfc-editor.org/errata_search.php?rfc=7230&eid=4667 + /* Be lenient up to 10 BWS (term from rfc7230 - 3.2.3). */ ctx->state = BODY_CHUNK_CR; if (++ctx->chunk_bws > 10) { @@ -339,10 +323,7 @@ apr_status_t ap_http_filter(ap_filter_t ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { - core_server_config *conf = - (core_server_config *)ap_get_module_config(f->r->server->module_config, - &core_module); - int strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); + core_server_config *conf; apr_bucket *e; http_ctx_t *ctx = f->ctx; apr_status_t rv; @@ -350,6 +331,9 @@ apr_status_t ap_http_filter(ap_filter_t apr_bucket_brigade *bb; int again; + conf = (core_server_config *) + ap_get_module_config(f->r->server->module_config, &core_module); + /* just get out of the way of things we don't want. */ if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) { return ap_get_brigade(f->next, b, mode, block, readbytes); @@ -541,7 +525,7 @@ apr_status_t ap_http_filter(ap_filter_t if (rv == APR_SUCCESS) { parsing = 1; rv = parse_chunk_size(ctx, buffer, len, - f->r->server->limit_req_fieldsize, strict); + f->r->server->limit_req_fieldsize); } if (rv != APR_SUCCESS) { ap_log_rerror(APLOG_MARK, APLOG_INFO, rv, f->r, @@ -683,83 +667,14 @@ apr_status_t ap_http_filter(ap_filter_t return APR_SUCCESS; } -struct check_header_ctx { - request_rec *r; - int strict; -}; - -/* check a single header, to be used with apr_table_do() */ -static int check_header(void *arg, const char *name, const char *val) -{ - struct check_header_ctx *ctx = arg; - const char *test; - - if (name[0] == '\0') { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, - "Empty response header name, aborting request"); - return 0; - } - - if (ctx->strict) { - test = ap_scan_http_token(name); - } - else { - test = ap_scan_vchar_obstext(name); - } - if (*test) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, - "Response header name '%s' contains invalid " - "characters, aborting request", - name); - return 0; - } - - test = ap_scan_http_field_content(val); - if (*test) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, - "Response header '%s' value of '%s' contains invalid " - "characters, aborting request", - name, val); - return 0; - } - return 1; -} - -/** - * Check headers for HTTP conformance - * @return 1 if ok, 0 if bad - */ -static APR_INLINE int check_headers(request_rec *r) -{ - struct check_header_ctx ctx; - core_server_config *conf = - (core_server_config *)ap_get_module_config(r->server->module_config, - &core_module); - - ctx.r = r; - ctx.strict = (conf->http_conformance != AP_HTTP_CONFORMANCE_UNSAFE); - return apr_table_do(check_header, &ctx, r->headers_out, NULL) && - apr_table_do(check_header, &ctx, r->err_headers_out, NULL); -} - -static int check_headers_recursion(request_rec *r) -{ - void *check = NULL; - apr_pool_userdata_get(&check, "check_headers_recursion", r->pool); - if (check) { - return 1; - } - apr_pool_userdata_setn("true", "check_headers_recursion", NULL, r->pool); - return 0; -} - typedef struct header_struct { apr_pool_t *pool; apr_bucket_brigade *bb; } header_struct; /* Send a single HTTP header field to the client. Note that this function - * is used in calls to apr_table_do(), so don't change its interface. + * is used in calls to table_do(), so their interfaces are co-dependent. + * In other words, don't change this one without checking table_do in alloc.c. * It returns true unless there was a write error of some kind. */ static int form_header_field(header_struct *h, @@ -1231,7 +1146,6 @@ AP_DECLARE_NONSTD(int) ap_send_http_trac typedef struct header_filter_ctx { int headers_sent; - int headers_error; } header_filter_ctx; AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, @@ -1247,23 +1161,19 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ header_filter_ctx *ctx = f->ctx; const char *ctype; ap_bucket_error *eb = NULL; - apr_bucket *eos = NULL; AP_DEBUG_ASSERT(!r->main); - if (!ctx) { - ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx)); - } - if (ctx->headers_sent) { - /* Eat body if response must not have one. */ - if (r->header_only || r->status == HTTP_NO_CONTENT) { + if (r->header_only) { + if (!ctx) { + ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx)); + } + else if (ctx->headers_sent) { apr_brigade_cleanup(b); - return APR_SUCCESS; + return OK; } } - else if (!ctx->headers_error && !check_headers(r)) { - ctx->headers_error = 1; - } + for (e = APR_BRIGADE_FIRST(b); e != APR_BRIGADE_SENTINEL(b); e = APR_BUCKET_NEXT(e)) @@ -1280,44 +1190,10 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ ap_remove_output_filter(f); return ap_pass_brigade(f->next, b); } - if (ctx->headers_error && APR_BUCKET_IS_EOS(e)) { - eos = e; - } } - if (ctx->headers_error) { - if (!eos) { - /* Eat body until EOS */ - apr_brigade_cleanup(b); - return APR_SUCCESS; - } - - /* We may come back here from ap_die() below, - * so clear anything from this response. - */ - ctx->headers_error = 0; - apr_table_clear(r->headers_out); - apr_table_clear(r->err_headers_out); - - /* Don't recall ap_die() if we come back here (from its own internal - * redirect or error response), otherwise we can end up in infinite - * recursion; better fall through with 500, minimal headers and an - * empty body (EOS only). - */ - if (!check_headers_recursion(r)) { - apr_brigade_cleanup(b); - ap_die(HTTP_INTERNAL_SERVER_ERROR, r); - return AP_FILTER_ERROR; - } - APR_BUCKET_REMOVE(eos); - apr_brigade_cleanup(b); - APR_BRIGADE_INSERT_TAIL(b, eos); - r->status = HTTP_INTERNAL_SERVER_ERROR; - r->content_type = r->content_encoding = NULL; - r->content_languages = NULL; - ap_set_content_length(r, 0); - } - else if (eb) { + if (eb) { int status; + status = eb->status; apr_brigade_cleanup(b); ap_die(status, r); @@ -1374,10 +1250,6 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ apr_table_unset(r->headers_out, "Content-Length"); } - if (r->status == HTTP_NO_CONTENT) { - apr_table_unset(r->headers_out, "Content-Length"); - } - ctype = ap_make_content_type(r, r->content_type); if (strcasecmp(ctype, NO_CONTENT_TYPE)) { apr_table_setn(r->headers_out, "Content-Type", ctype); @@ -1466,11 +1338,11 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_ terminate_header(b2); ap_pass_brigade(f->next, b2); - ctx->headers_sent = 1; - if (r->header_only || r->status == HTTP_NO_CONTENT) { + if (r->header_only) { apr_brigade_cleanup(b); - return APR_SUCCESS; + ctx->headers_sent = 1; + return OK; } r->sent_bodyct = 1; /* Whatever follows is real body stuff... */ Modified: httpd/httpd/branches/2.2.x/server/core.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core.c?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/server/core.c (original) +++ httpd/httpd/branches/2.2.x/server/core.c Fri Dec 23 05:22:13 2016 @@ -546,15 +546,6 @@ static void *merge_core_server_configs(a ? virt->merge_trailers : base->merge_trailers; - if (virt->http09_enable != AP_HTTP09_UNSET) - conf->http09_enable = virt->http09_enable; - - if (virt->http_conformance != AP_HTTP_CONFORMANCE_UNSET) - conf->http_conformance = virt->http_conformance; - - if (virt->http_methods != AP_HTTP_METHODS_UNSET) - conf->http_methods = virt->http_methods; - return conf; } @@ -3250,57 +3241,6 @@ static const char *add_ct_output_filters return NULL; } - -static const char *set_http_protocol_options(cmd_parms *cmd, void *dummy, - const char *arg) -{ - core_server_config *conf = ap_get_module_config(cmd->server->module_config, - &core_module); - if (strcasecmp(arg, "allow0.9") == 0) - conf->http09_enable |= AP_HTTP09_ENABLE; - else if (strcasecmp(arg, "require1.0") == 0) - conf->http09_enable |= AP_HTTP09_DISABLE; - else if (strcasecmp(arg, "strict") == 0) - conf->http_conformance |= AP_HTTP_CONFORMANCE_STRICT; - else if (strcasecmp(arg, "unsafe") == 0) - conf->http_conformance |= AP_HTTP_CONFORMANCE_UNSAFE; - else if (strcasecmp(arg, "registeredmethods") == 0) - conf->http_methods |= AP_HTTP_METHODS_REGISTERED; - else if (strcasecmp(arg, "lenientmethods") == 0) - conf->http_methods |= AP_HTTP_METHODS_LENIENT; - else - return "HttpProtocolOptions accepts " - "'Unsafe' or 'Strict' (default), " - "'RegisteredMethods' or 'LenientMethods' (default), and " - "'Require1.0' or 'Allow0.9' (default)"; - - if ((conf->http09_enable & AP_HTTP09_ENABLE) - && (conf->http09_enable & AP_HTTP09_DISABLE)) - return "HttpProtocolOptions 'Allow0.9' and 'Require1.0'" - " are mutually exclusive"; - - if ((conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) - && (conf->http_conformance & AP_HTTP_CONFORMANCE_UNSAFE)) - return "HttpProtocolOptions 'Strict' and 'Unsafe'" - " are mutually exclusive"; - - if ((conf->http_methods & AP_HTTP_METHODS_REGISTERED) - && (conf->http_methods & AP_HTTP_METHODS_LENIENT)) - return "HttpProtocolOptions 'RegisteredMethods' and 'LenientMethods'" - " are mutually exclusive"; - - return NULL; -} - -static const char *set_http_method(cmd_parms *cmd, void *conf, const char *arg) -{ - const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); - if (err != NULL) - return err; - ap_method_register(cmd->pool, arg); - return NULL; -} - /* * Insert filters requested by the AddOutputFilterByType * configuration directive. We cannot add filters based @@ -3610,12 +3550,6 @@ AP_INIT_FLAG("Suexec", unixd_set_suexec, #endif AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF, "merge request trailers into request headers or not"), -AP_INIT_ITERATE("HttpProtocolOptions", set_http_protocol_options, NULL, RSRC_CONF, - "'Allow0.9' or 'Require1.0' (default); " - "'RegisteredMethods' or 'LenientMethods' (default); " - "'Unsafe' or 'Strict' (default). Sets HTTP acceptance rules"), -AP_INIT_ITERATE("RegisterHttpMethod", set_http_method, NULL, RSRC_CONF, - "Registers non-standard HTTP methods"), { NULL } }; Modified: httpd/httpd/branches/2.2.x/server/gen_test_char.c URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/gen_test_char.c?rev=1775788&r1=1775787&r2=1775788&view=diff ============================================================================== --- httpd/httpd/branches/2.2.x/server/gen_test_char.c (original) +++ httpd/httpd/branches/2.2.x/server/gen_test_char.c Fri Dec 23 05:22:13 2016 @@ -16,11 +16,11 @@ #ifdef CROSS_COMPILE -#include #define apr_isalnum(c) (isalnum(((unsigned char)(c)))) #define apr_isalpha(c) (isalpha(((unsigned char)(c)))) #define apr_iscntrl(c) (iscntrl(((unsigned char)(c)))) #define apr_isprint(c) (isprint(((unsigned char)(c)))) +#include #define APR_HAVE_STDIO_H 1 #define APR_HAVE_STRING_H 1 @@ -51,13 +51,11 @@ #define T_HTTP_TOKEN_STOP (0x08) #define T_ESCAPE_LOGITEM (0x10) #define T_ESCAPE_FORENSIC (0x20) -#define T_HTTP_CTRLS (0x80) -#define T_VCHAR_OBSTEXT (0x100) int main(int argc, char *argv[]) { unsigned c; - unsigned short flags; + unsigned char flags; printf("/* this file is automatically generated by gen_test_char, " "do not edit */\n" @@ -67,22 +65,18 @@ int main(int argc, char *argv[]) "#define T_HTTP_TOKEN_STOP (%u)\n" "#define T_ESCAPE_LOGITEM (%u)\n" "#define T_ESCAPE_FORENSIC (%u)\n" - "#define T_HTTP_CTRLS (%u)\n" - "#define T_VCHAR_OBSTEXT (%u)\n" "\n" - "static const unsigned short test_char_table[256] = {", + "static const unsigned char test_char_table[256] = {", T_ESCAPE_SHELL_CMD, T_ESCAPE_PATH_SEGMENT, T_OS_ESCAPE_PATH, T_HTTP_TOKEN_STOP, T_ESCAPE_LOGITEM, - T_ESCAPE_FORENSIC, - T_HTTP_CTRLS, - T_VCHAR_OBSTEXT); + T_ESCAPE_FORENSIC); for (c = 0; c < 256; ++c) { flags = 0; - if (c % 8 == 0) + if (c % 20 == 0) printf("\n "); /* escape_shell_cmd */ @@ -110,36 +104,15 @@ int main(int argc, char *argv[]) flags |= T_ESCAPE_PATH_SEGMENT; } - if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:;@&=/~", c)) { + if (!apr_isalnum(c) && !strchr("$-_.+!*'(),:@&=/~", c)) { flags |= T_OS_ESCAPE_PATH; } - /* Stop for any non-'token' character, including ctrls, obs-text, - * and "tspecials" (RFC2068) a.k.a. "separators" (RFC2616), which - * is easer to express as characters remaining in the ASCII token set - */ - if (!c || !(apr_isalnum(c) || strchr("!#$%&'*+-.^_`|~", c))) { + /* these are the "tspecials" (RFC2068) or "separators" (RFC2616) */ + if (c && (apr_iscntrl(c) || strchr(" \t()<>@,;:\\\"/[]?={}", c))) { flags |= T_HTTP_TOKEN_STOP; } - /* Catch CTRLs other than VCHAR, HT and SP, and obs-text (RFC7230 3.2) - * This includes only the C0 plane, not C1 (which is obs-text itself.) - * XXX: We should verify that all ASCII C0 ctrls/DEL corresponding to - * the current EBCDIC translation are captured, and ASCII C1 ctrls - * corresponding are all permitted (as they fall under obs-text rule) - */ - if (!c || (apr_iscntrl(c) && c != '\t')) { - flags |= T_HTTP_CTRLS; - } - - /* From RFC3986, the specific sets of gen-delims, sub-delims (2.2), - * and unreserved (2.3) that are possible somewhere within a URI. - * Spec requires all others to be %XX encoded, including obs-text. - */ - if (c && !apr_iscntrl(c) && c != ' ') { - flags |= T_VCHAR_OBSTEXT; - } - /* For logging, escape all control characters, * double quotes (because they delimit the request in the log file) * backslashes (because we use backslash for escaping) @@ -157,7 +130,7 @@ int main(int argc, char *argv[]) flags |= T_ESCAPE_FORENSIC; } - printf("0x%03x%c", flags, (c < 255) ? ',' : ' '); + printf("%u%c", flags, (c < 255) ? ',' : ' '); } printf("\n};\n");