httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1872230 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c modules/slotmem/mod_slotmem_shm.c
Date Wed, 01 Jan 2020 23:26:44 GMT
Author: minfrin
Date: Wed Jan  1 23:26:43 2020
New Revision: 1872230

URL: http://svn.apache.org/viewvc?rev=1872230&view=rev
Log:
Backport:

mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`   
 
always `on`, irregardless of configuration. 

mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written.

Modified:
    httpd/httpd/branches/2.4.x/   (props changed)
    httpd/httpd/branches/2.4.x/CHANGES
    httpd/httpd/branches/2.4.x/STATUS
    httpd/httpd/branches/2.4.x/modules/http2/h2_config.c
    httpd/httpd/branches/2.4.x/modules/http2/h2_h2.c
    httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c
    httpd/httpd/branches/2.4.x/modules/slotmem/mod_slotmem_shm.c

Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
  Merged /httpd/httpd/trunk:r1870454

Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Wed Jan  1 23:26:43 2020
@@ -1,6 +1,15 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.42
 
+  *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
+     ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`

+     always `on`, irregardless of configuration. Found and reported by
+     <Armin.Abfalterer@united-security-providers.ch> and
+     <Marcial.Rion@united-security-providers.ch>. [Stefan Eissing] 
+
+  *) mod_http2: Multiple field length violations in the same request no longer cause
+     several log entries to be written. [@mkauf]
+
   *) ap_check_pipeline: clarify/simplify !max_blank_lines logic, no functional change.
      [Christophe Jaillet]
 

Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Wed Jan  1 23:26:43 2020
@@ -132,12 +132,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_http2: Fix mod_reqtimeout interworking on handshakes. Fix H2Directr config value.
-     trunk patch: http://svn.apache.org/r1870454
-                  http://svn.apache.org/r1870499
-     2.4.x patch: svn merge -c 1870454,1870499 ^/httpd/httpd/trunk .
-     +1: icing, steffenal, minfrin
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

Modified: httpd/httpd/branches/2.4.x/modules/http2/h2_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_config.c?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/h2_config.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/h2_config.c Wed Jan  1 23:26:43 2020
@@ -269,8 +269,7 @@ static apr_int64_t h2_srv_config_geti64(
         case H2_CONF_UPGRADE:
             return H2_CONFIG_GET(conf, &defconf, h2_upgrade);
         case H2_CONF_DIRECT:
-            return 1;
-            /*return H2_CONFIG_GET(conf, &defconf, h2_direct);*/
+            return H2_CONFIG_GET(conf, &defconf, h2_direct);
         case H2_CONF_TLS_WARMUP_SIZE:
             return H2_CONFIG_GET(conf, &defconf, tls_warmup_size);
         case H2_CONF_TLS_COOLDOWN_SECS:

Modified: httpd/httpd/branches/2.4.x/modules/http2/h2_h2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_h2.c?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/h2_h2.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/h2_h2.c Wed Jan  1 23:26:43 2020
@@ -542,7 +542,7 @@ int h2_allows_h2_upgrade(request_rec *r)
  * Register various hooks
  */
 static const char* const mod_ssl[]        = { "mod_ssl.c", NULL};
-static const char* const mod_reqtimeout[] = { "mod_reqtimeout.c", NULL};
+static const char* const mod_reqtimeout[] = { "mod_ssl.c", "mod_reqtimeout.c", NULL};
 
 void h2_h2_register_hooks(void)
 {
@@ -553,7 +553,7 @@ void h2_h2_register_hooks(void)
      * a chance to take over before it.
      */
     ap_hook_process_connection(h2_h2_process_conn, 
-                               mod_ssl, mod_reqtimeout, APR_HOOK_LAST);
+                               mod_reqtimeout, NULL, APR_HOOK_LAST);
     
     /* One last chance to properly say goodbye if we have not done so
      * already. */

Modified: httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c (original)
+++ httpd/httpd/branches/2.4.x/modules/http2/h2_stream.c Wed Jan  1 23:26:43 2020
@@ -696,19 +696,23 @@ apr_status_t h2_stream_add_header(h2_str
     if (name[0] == ':') {
         if ((vlen) > session->s->limit_req_line) {
             /* pseudo header: approximation of request line size check */
-            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,  
-                          H2_STRM_LOG(APLOGNO(10178), stream, 
-                                      "Request pseudo header exceeds "
-                                      "LimitRequestFieldSize: %s"), name);
+            if (!h2_stream_is_ready(stream)) {
+                ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+                              H2_STRM_LOG(APLOGNO(10178), stream,
+                                          "Request pseudo header exceeds "
+                                          "LimitRequestFieldSize: %s"), name);
+            }
             error = HTTP_REQUEST_URI_TOO_LARGE;
         }
     }
     else if ((nlen + 2 + vlen) > session->s->limit_req_fieldsize) {
         /* header too long */
-        ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,  
-                      H2_STRM_LOG(APLOGNO(10180), stream,"Request header exceeds "
-                                  "LimitRequestFieldSize: %.*s"),
-                      (int)H2MIN(nlen, 80), name);
+        if (!h2_stream_is_ready(stream)) {
+            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+                          H2_STRM_LOG(APLOGNO(10180), stream,"Request header exceeds "
+                                      "LimitRequestFieldSize: %.*s"),
+                          (int)H2MIN(nlen, 80), name);
+        }
         error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
     }
     
@@ -720,9 +724,11 @@ apr_status_t h2_stream_add_header(h2_str
             h2_stream_rst(stream, H2_ERR_ENHANCE_YOUR_CALM);
             return APR_ECONNRESET;
         }
-        ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c, 
-                      H2_STRM_LOG(APLOGNO(10181), stream, "Number of request headers "
-                                  "exceeds LimitRequestFields"));
+        if (!h2_stream_is_ready(stream)) {
+            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+                          H2_STRM_LOG(APLOGNO(10181), stream, "Number of request headers
"
+                                      "exceeds LimitRequestFields"));
+        }
         error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
     }
     
@@ -782,10 +788,12 @@ apr_status_t h2_stream_end_headers(h2_st
         ctx.failed_key = NULL;
         apr_table_do(table_check_val_len, &ctx, stream->request->headers, NULL);
         if (ctx.failed_key) {
-            ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, stream->session->c,  
-                          H2_STRM_LOG(APLOGNO(10190), stream,"Request header exceeds "
-                                      "LimitRequestFieldSize: %.*s"),
-                          (int)H2MIN(strlen(ctx.failed_key), 80), ctx.failed_key);
+            if (!h2_stream_is_ready(stream)) {
+                ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, stream->session->c,
+                              H2_STRM_LOG(APLOGNO(), stream,"Request header exceeds "
+                                          "LimitRequestFieldSize: %.*s"),
+                              (int)H2MIN(strlen(ctx.failed_key), 80), ctx.failed_key);
+            }
             set_error_response(stream, HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
             /* keep on returning APR_SUCCESS, so that we send a HTTP response and
              * do not RST the stream. */

Modified: httpd/httpd/branches/2.4.x/modules/slotmem/mod_slotmem_shm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/slotmem/mod_slotmem_shm.c?rev=1872230&r1=1872229&r2=1872230&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/slotmem/mod_slotmem_shm.c (original)
+++ httpd/httpd/branches/2.4.x/modules/slotmem/mod_slotmem_shm.c Wed Jan  1 23:26:43 2020
@@ -21,6 +21,7 @@
  * otherwise.
  */
 
+#include <assert.h>
 #include  "ap_slotmem.h"
 
 #include "httpd.h"
@@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
             else {
                 apr_shm_remove(fname, pool);
                 rv = apr_shm_create(&shm, size, fname, gpool);
+                assert(rv == APR_SUCCESS);
             }
         }
         else {



Mime
View raw message