httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: svn commit: r723652 - in /httpd/httpd/branches/wombat-integration: include/httpd.h include/util_script.h server/util_script.c
Date Sat, 06 Dec 2008 08:57:19 GMT


On 12/05/2008 09:36 AM, pquerna@apache.org wrote:
> Author: pquerna
> Date: Fri Dec  5 00:36:26 2008
> New Revision: 723652
> 
> URL: http://svn.apache.org/viewvc?rev=723652&view=rev
> Log:
> New API, ap_body_to_table, a very ineffeicent and bad hack to remove an apreq dependency.
> 
> Modified:
>     httpd/httpd/branches/wombat-integration/include/httpd.h
>     httpd/httpd/branches/wombat-integration/include/util_script.h
>     httpd/httpd/branches/wombat-integration/server/util_script.c
> 
> Modified: httpd/httpd/branches/wombat-integration/include/httpd.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/wombat-integration/include/httpd.h?rev=723652&r1=723651&r2=723652&view=diff
> ==============================================================================
> --- httpd/httpd/branches/wombat-integration/include/httpd.h (original)
> +++ httpd/httpd/branches/wombat-integration/include/httpd.h Fri Dec  5 00:36:26 2008
> @@ -1005,6 +1005,7 @@
>  
>      apr_thread_mutex_t *invoke_mtx;
>  
> +    apr_table_t *body_table;

This requires a minor bump.

>  /* Things placed at the end of the record to avoid breaking binary
>   * compatibility.  It would be nice to remember to reorder the entire
>   * record to improve 64bit alignment the next time we need to break
> 
> Modified: httpd/httpd/branches/wombat-integration/include/util_script.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/wombat-integration/include/util_script.h?rev=723652&r1=723651&r2=723652&view=diff
> ==============================================================================
> --- httpd/httpd/branches/wombat-integration/include/util_script.h (original)
> +++ httpd/httpd/branches/wombat-integration/include/util_script.h Fri Dec  5 00:36:26
2008
> @@ -142,6 +142,8 @@
>  
>  AP_DECLARE(void) ap_args_to_table(request_rec *r, apr_table_t **table);
>  
> +AP_DECLARE(apr_status_t) ap_body_to_table(request_rec *r, apr_table_t **table);
> +    
>  #ifdef __cplusplus
>  }
>  #endif
> 
> Modified: httpd/httpd/branches/wombat-integration/server/util_script.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/wombat-integration/server/util_script.c?rev=723652&r1=723651&r2=723652&view=diff
> ==============================================================================
> --- httpd/httpd/branches/wombat-integration/server/util_script.c (original)
> +++ httpd/httpd/branches/wombat-integration/server/util_script.c Fri Dec  5 00:36:26
2008
> @@ -729,6 +729,10 @@
>      char *key;
>      char *value;
>      char *strtok_state;
> +
> +    if (str == NULL) {
> +        return;
> +    }
>      
>      key = apr_strtok(str, "&", &strtok_state);
>      while (key) {
> @@ -758,4 +762,77 @@
>      *table = t;
>  }
>  
> +AP_DECLARE(apr_status_t) ap_body_to_table(request_rec *r, apr_table_t **table)
> +{
> +    apr_bucket_brigade *bb;
> +    apr_bucket_brigade *tmpbb;
> +    apr_status_t rv = APR_SUCCESS;
> +
> +    if (r->body_table) {
> +        *table = r->body_table;
> +        return APR_SUCCESS;
> +    }
> +    
> +    *table = NULL;
> +
> +    bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
> +    tmpbb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
> +
> +    do {
> +        apr_off_t len;
> +
> +        rv = ap_get_brigade(r->input_filters, tmpbb, AP_MODE_READBYTES,
> +                            APR_BLOCK_READ, AP_IOBUFSIZE);
> +        if (rv) {
> +            break;
> +        }
> +
> +        rv = apr_brigade_length(tmpbb, 1, &len);
> +        if (rv) {
> +            break;
> +        }
> +        
> +        if (len == 0) {
> +            break;
> +        }
> +
> +        APR_BRIGADE_CONCAT(bb, tmpbb);
> +    } while(1);
> +
> +    if (!rv) {
> +        r->body_table = apr_table_make(r->pool, 10);
> +        
> +        if (!APR_BRIGADE_EMPTY(bb)) {
> +            char *buffer;
> +            apr_off_t len;
> +            apr_pool_t *tpool;
> +
> +            apr_pool_create(&tpool, r->pool);
> +            
> +            rv = apr_brigade_length(bb, 1, &len);
> +
> +            if (!rv) {
> +                apr_size_t total;
> +                buffer = apr_palloc(tpool, len+1);
> +                
> +                total = len+1;
> +
> +                rv = apr_brigade_flatten(bb, buffer, &total);
> +
> +                buffer[total] = '\0';
> +
> +                argstr_to_table(r->pool, buffer, r->body_table);
> +            }
> +            apr_pool_destroy(tpool);
> +        }
> +    }

I guess in the user of this function should advice the end user to
carefully thing about setting LimitRequestBody. Otherwise this can
be easily used for DoS.

> +
> +    apr_brigade_destroy(bb);
> +    apr_brigade_destroy(tmpbb);
> +
> +    *table = r->body_table;
> +
> +    return rv;
> +}
> +
>  
> 
> 
> 

Regards

RĂ¼diger


Mime
View raw message