httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matthias Behrens" <>
Subject RE: problems with ssl in balance/proxy mode
Date Thu, 01 Dec 2005 11:06:29 GMT
> On 11/30/2005 11:53 AM, Matthias Behrens wrote:
> > thx
> > 
> > this seems to be the proper fix, but
> > how do i apply it? which tool do i need for patching the sourcecode?
> > 
> > sorry for asking such newby questions. i am new to opensourcedevelopment.
> Ok. Let me summarize: You found the reason for the problem (which was really not easy
in this case)

thx - yes i am not a newby programmer, just newby to opensource

> but you do not know how to apply a patch to the source code. You are using Outlook for
your mail

well, i never did it befor and never had to. outlook is not my personal joice, its company

> and runs on a Windows version of httpd. So you must be a Windows developer

on we have 8 windowsservers that are running in loadbalancingmode using mod_rewrite
and mod_proxy
i am specialised in vb, which is commonly running on windows; c++ on all platforms and sql
/ pl/sql 
so c code is pretty rough for me but i get along with it

at my private home i have no windows at all - just suse linux 9.0 which i only use for watching
movies and using mldonkey to share my noncopyrighted software and media ;-)

> Jokes aside. I am working on Unix where patches are applied with patch / gpatch. I really
do not
> know how to do this on Windows, except with cygwin :-). So some Windows developers to
the rescue please!

a colleague who is about to become a really linuxcrack showed me how to use it. thx

> > 
> > alos: can u tell me if my way of fixing the problem was wrong and why? 
> > what is it with brigades and buckets anyway?
> Please have a look at
> > they seem to be pretty unrelieable since it is possible to make a bucket that contains
a pointer to your local char variable and pass it to another function which gives the pointer
to another bucket in another brigade! 
> > thats very dangerous - especially since the guy who programmed the code responsible
for this bug, 
> > used the proper functions which indicate proper use of his data.

> [..cut..]
> No, this is neither unreliable nor really dangerous provided that you have a better knowledge
of the concept of brigades
> and buckets. Brigades and buckets are passed thru filter chains. The filters do whatever
work needs to be done (maybe
> even no work at all) on the buckets and pass them to the next filter in the chain. In
the case of output filters they
> get finally written to the client, in the case of input filters they normally get consumed
by the handler. From the call
> stack perspective the whole filter chain is done during one pass so pointers to local
variables of functions deeper in
> the call stack are still valid.
> Sometimes a filter cannot work on the data contained in the buckets right now during
this call, but it can do on one
> of the next calls to it when the unconsumed buckets fly by again. In this case the filter
typically sets these buckets
> "aside". For (nearly?) all bucket types there is a setaside operation defined to do just
that. In the case of a
> transient bucket the bucket is transformed into a heap bucket, which means that the data
from the transient buffer
> (local char in our case) is copied to a buffer on the heap and thus is still valid (provided
the pool from which the
> heap buffer was aquired survived) during the next call of the filter.

thank u very much on sharing that insides. maybe someday i will be able to provide apache
with some usefull code ;-)

> The problem you faced here, was caused by the situation that mod_proxy did not set aside
the buckets it did not want to
> work on immediately (it tries to get "enough" data to make a good and safe decision on
how to handle
> request bodies regarding content-length and transfer-encoding: chunked. See also "CVE-2005-2088"
> Regards
> RĂ¼diger

View raw message