Checkout Tools
  • last updated 2 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Merge r1534995, r1560482, r1728779, r1805491, r1861528, r1868016, r1874470, r1874602, r1875769, r1875811 from trunk:

don't ignore some apr_procattr failures (clang scan-build)

doxygen improvements

Standardize order of "extern" and XXX_DECLARE_YYY.

Fix some compilation warning when MIME_MAGIC_DEBUG is defined.

warning: format ‘%x’ expects argument of type ‘unsigned int’, but argument <n> has type ‘<something> *’ [-Wformat=]

style: cmd_rec at the bottom

no functional change

Fix a typo in a message.

Reported and fixed by Christian Bartolomäus (bartolin

PR 63806

malloc -> ap_malloc

bz #63967

Slighly simplify code.

No need to set to NULL or 0 fields that are apr_pcalloc'ed.

Axe 'set_cookie_enable' and use 'ap_set_flag_slot' instead.

(based on ideas taken from r1874389)

Parentheses around AP_BUCKET_IS_EOR argument.

Fix a typo

Submitted by: trawick, rjung, jailletc36, covener, jailletc36, gbechis, jailletc36, ylavic, jailletc36

Reviewed by: jailletc36, gbechis, jim

  1. … 14 more files in changeset.
Merge r1873985 from trunk:

Fix spelling errors found by codespell. [skip ci]

Submitted by: mrumph

Reviewed by: mrumph, jim, ylavic

  1. … 90 more files in changeset.
Merge r1873748 from trunk:

factor out TE=chunked checking

Submitted by: covener

Reviewed by: covener, minfrin, jorton

  1. … 7 more files in changeset.
Merge r1851332, r1861432, r1862202, r1864759, r1867254, r1867255, r1867569, r1869512 from trunk:

fix a misleading comment about s->defn_name

use the provided types via the macro

* modules/metadata/mod_mime_magic.c: Constify some constant

data, remove unused "suf_recursion" field. No functional


Axe some dead code + slighly improve a comment

Fix a typo

Fix a typo

* modules/ssl/ssl_engine_log.c (ssl_log_cert_error): Use string

length returned by apr_vsnprintf. No functional change.

mod_authz_core: follow up to r1864759.

We should at least log the unexpected provider_name == NULL condition.

Submitted by: covener, jorton, jailletc36, jailletc36, jailletc36, jorton, ylavic

Reviewed by: jailletc36, jim, ylavic

  1. … 8 more files in changeset.
Merge of r1426802,1744460,1829799,1824716,1838318,1840678,1861294

*) easy patches to synch 2.4.x and trunk:

- core: extend description of r->hostname

- mod_proxy_http: Avoid memory allocation before making sure that this handler can handle the URL

- core: Save a few cycles in 'ap_parse_form_data()'

- mod_cache_socache: Save some cycles

- mod_proxy_ftp: Save some cycle

- vhost: move an assignment to the end of the loop to ease readability and please a compiler

- core: Be a little more verbose when an error in trigerred in 'ap_set_file_slot()'

  1. … 8 more files in changeset.
Merge of r1847430,r1853302 from trunk:

*) core: Split out the ability to parse wildcard files and directories

from the Include/IncludeOptional directives into a generic set of

functions ap_dir_nofnmatch() and ap_dir_fnmatch().

  1. … 6 more files in changeset.
Easy patches: synch 2.4.x and trunk

- core: 80 chars

- http_core: Clean-uo and style. No functional change overall

- http_core: One more style fix in ap_process_http_async_connection()

- mod_mime: Fix a cppcheck warning

- mod_proxy_ajp: Fix a harmless clang warning

- suexec: avoid a potential sprintf overflow

- mod_headers: This is harmless, but this really should be an 'echo_do *'

- core: Fix typo

- core: Update a comment about the 'PATCH' HTTP command

- mod_proxy_balancer: Fix some HTML syntax issues

trunk patch:











2.4.x patch: svn merge -c 1780282,1814659,1814660,1838285,1842881,1846253,1853757,1851702,1853980,1855614 ^/httpd/httpd/trunk .

+1: jailletc36, jim, rjung

  1. … 11 more files in changeset.
Merge of r1855705 from trunk:

core: merge consecutive slashes in the path

  1. … 7 more files in changeset.
Merge r1837056 from trunk:

*) http: Enforce consistently no response body with both 204 and 304

statuses. [Yann Ylavic]

  1. … 8 more files in changeset.
Merge r1490294, r1734635, r1749403, r1813116, r1816179, r1817598, r1832198, r1832200, r1832277, r1832317 from trunk:

Note that the function will be available in APR.

Silent a smatch warning:

mod_auth_form.c:626 get_form_auth() warn: variable dereferenced before check 'sent_user' (see line 616)

Use 'memcpy' instead of 'strcpy' when the size of the string has already been computed.

Fix compilation failure :

unixd.c: In function ‘ap_unixd_mpm_set_signals’:

unixd.c:579:5: error: implicit declaration of function ‘apr_signal’; did you mean ‘strsignal’? [-Werror=implicit-function-declaration]

apr_signal(SIGPIPE, SIG_IGN);



Not sure where it comes from, maybe related to r1812301.

mod_substitute: add runtime traces. PR 61132.

In verify_ocsp_status in ssl_engine_ocsp.c, the log message, "OCSP response not successful: %d" should print the value of r instead of rc.

The value of rc will always be 0.

PR 61876 [sam <sam.eastman.4114>]

Success of 'SHGetMalloc()' should be tested with the SUCCEEDED macro.

/!\ This commit is _NOT COMPILE TESTED_. (I don't have a windows build environment available)

See PR 60086.

Axe some dead code.

See PR 60086.

Fix typo

Fix a potential un-intialized variable usage warning.

This can not be a runtime ixsue, because, in such a case, we would assert and abort before.

PR 59819.

Submitted by: minfrin, jailletc36, jailletc36, jailletc36, ylavic, jailletc36, jailletc36, jailletc36, jailletc36, jailletc36

Reviewed by: jailletc36, ylavic, covener

  1. … 11 more files in changeset.
Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862, r1824877 from trunk:

mpm_event: move lingering close "sucker" from the listener to worker(s).

This was the last non-constant time action performed by the listener thread.

It's now handled by the worker thread directly after entering lingering close,

which should directly address the cases when the socket is already closed

remotely at that time, hence avoid more scheduling (it may be the common case

for some scenarios).

And it's only if the above would need blocking (i.e. more data to suck) that

the socket is added to the pollset for the listener to re-schedule a worker

later when ready. If no worker is available at that time then the socket is

forcibly closed (similarly to what's done for keepalive connections in this


Also, since process_lingering_close() is now called by a worker thread and

with almost no depth in the call stack, we can grow the size of the "suck"

buffer from 2K to 32K to potentially call recv() up to sixteen times less.

mpm_event: follow up to r1823047.

Update clogged counter on read_request retry too.

mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).

mpm_event: follow up to r1823047: complete state validation after processing.

mpm_event: follow up to r1823047: CHANGES entry.

mpm_event: follow up to r1823047 and r1824464.

MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid

states returned process_connection (never have been).

mpm_event: follow up to r1823047 and r1824862.

Revert (broken) functional change from r1824862.

Submitted by: ylavic

Reviewed by: ylavic, minfrin, jim

  1. … 4 more files in changeset.
Revert r1824868 (and r1824869).
  1. … 5 more files in changeset.
Merge r1823047, r1824454, r1824463, r1824464, r1824497, r1824862 from trunk:

mpm_event: move lingering close "sucker" from the listener to worker(s).

This was the last non-constant time action performed by the listener thread.

It's now handled by the worker thread directly after entering lingering close,

which should directly address the cases when the socket is already closed

remotely at that time, hence avoid more scheduling (it may be the common case

for some scenarios).

And it's only if the above would need blocking (i.e. more data to suck) that

the socket is added to the pollset for the listener to re-schedule a worker

later when ready. If no worker is available at that time then the socket is

forcibly closed (similarly to what's done for keepalive connections in this


Also, since process_lingering_close() is now called by a worker thread and

with almost no depth in the call stack, we can grow the size of the "suck"

buffer from 2K to 32K to potentially call recv() up to sixteen times less.

mpm_event: follow up to r1823047.

Update clogged counter on read_request retry too.

mpm_event: follow up to r1823047: simplify "clogging" logic (reentrance).

mpm_event: follow up to r1823047: complete state validation after processing.

mpm_event: follow up to r1823047: CHANGES entry.

mpm_event: follow up to r1823047 and r1824464.

MMN bump for CONN_STATE_NUM, plus don't consider CONN_STATE_LINGER_* as valid

states returned process_connection (never have been).

Submitted by: ylavic

Reviewed by: ylavic, minfrin, jim

[Reverted by r1824874]

  1. … 4 more files in changeset.

r1772419 | covener | 2016-12-02 19:10:53 -0500 (Fri, 02 Dec 2016) | 7 lines

Merge r1772418 from trunk:

loop in checking response headers

w/ HTTPProtocolOptions Unsafe


r1772236 | wrowe | 2016-12-01 11:29:27 -0500 (Thu, 01 Dec 2016) | 8 lines

Appears we cannot disallow this whitespace, since the chunk BNF coexisted

with the implied *LWS rule, before RFC7230 eliminated the later. Whether

this is actually OWS or BWS is an editorial decision beyond our pay grade.

Backports: r1765475

Submitted by: wrowe


r1771697 | rpluem | 2016-11-28 04:59:00 -0500 (Mon, 28 Nov 2016) | 4 lines

Merge r1771690 from trunk:

* Fix numbers count in comment.


r1771696 | rpluem | 2016-11-28 04:56:42 -0500 (Mon, 28 Nov 2016) | 1 line

* Revert 1771372: As Bill points out correctly. Only backport trunk revisions to this branch.


r1771372 | rpluem | 2016-11-25 14:55:18 -0500 (Fri, 25 Nov 2016) | 1 line

* Fix numbers count in comment.


r1770870 | wrowe | 2016-11-22 13:44:21 -0500 (Tue, 22 Nov 2016) | 3 lines

Optimize away one more strchr.

Backports: 1770869


r1770868 | wrowe | 2016-11-22 13:34:25 -0500 (Tue, 22 Nov 2016) | 8 lines

List discussion resulted in rejecting all but SP characters in the request

line, but in the strict mode prioritize excessive space testing over bad

space testing (which is captured later) and make both more efficient

(at this test ll[0] is already whitespace or \0 char). Also correct a comment.

Backports: r1770867

Submitted by: wrowe


r1770846 | covener | 2016-11-22 09:32:45 -0500 (Tue, 22 Nov 2016) | 5 lines

Merge r1770817 from trunk:

Removing unused warning after r1764961 changes.


r1770789 | covener | 2016-11-21 20:58:06 -0500 (Mon, 21 Nov 2016) | 25 lines

Merge r1770786 from trunk:

remove Location: header checks for absolute URL

The "Location" header field is used in some responses to refer to a

specific resource in relation to the response. The type of

relationship is defined by the combination of request method and

status code semantics.

Location = URI-reference

The field value consists of a single URI-reference. When it has the

form of a relative reference ([RFC3986], Section 4.2), the final

value is computed by resolving it against the effective request URI

([RFC3986], Section 5).

There is even an example with no scheme:

Location: /People.html#tim


r1770386 | wrowe | 2016-11-18 09:45:32 -0500 (Fri, 18 Nov 2016) | 6 lines

Backport: r1769965

Submitted by: wrowe, rpluem

Actually cause the Host header to be overridden, as noted by rpluem,

and simplify now that there isn't a log-only mode.


r1770173 | wrowe | 2016-11-17 07:09:32 -0500 (Thu, 17 Nov 2016) | 1 line

Merge of r1765451 did not apply cleanly, drop unneeded prototype.


r1769675 | wrowe | 2016-11-14 13:57:12 -0500 (Mon, 14 Nov 2016) | 1 line

Add an entry about RFC strictness


r1769674 | wrowe | 2016-11-14 13:54:42 -0500 (Mon, 14 Nov 2016) | 1 line

Clean up CHANGES for clarity


r1769672 | wrowe | 2016-11-14 13:15:07 -0500 (Mon, 14 Nov 2016) | 31 lines

Dropped the never-released ap_has_cntrls() as it had very limited

and inefficient application at that, added ap_scan_vchar_obstext()

to accomplish a similar purpose.

Dropped HttpProtocolOptions StrictURL option, this will be better

handled in the future with a specific directive and perhaps multiple

levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there

are no control characters or whitespace within the URI.

Changed the scanning of the response header table by check_headers()

to follow the same rulesets as reading request headers. Disallow any

CTL character within a response header value, and any CTL or whitespace

in response header field name, even in strict mode.

Apply HttpProtocolOptions Strict to chunk header parsing, invalid

whitespace is invalid, line termination must follow CRLF convention.

Submitted by: wrowe

Backport: r1764961,1765112-1765115

When redrawing the parser, ap_get_http_token looked to be useful, but there's

no application for this yet in httpd, so hold off adding this function when

we backport the enhancements. ap_scan_http_token was entirely sufficient.

If the community wants this new function, we can add it when backporting

work is complete.

This patch, and the earlier patches Friday actually demanded an mmn major

bump due to struct member changes. In any final backport, new members must

be added to the end of the struct to retain an mmn minor designation.

Submitted by: wrowe

Backport: r1765451


r1769669 | wrowe | 2016-11-14 12:59:10 -0500 (Mon, 14 Nov 2016) | 124 lines

Fix syntax

Submitted by: jailletc36

Backport: r1756862

Introduce StrictURI|UnsafeURI for RFC3986 enforcement

Submitted by: wrowe

Backport: r1756959

Surpress noise about syntax

Submitted by: wrowe

Backport: r1756978

Yann is correct, % is distinct from reserved and unreserved

Submitted by: wrowe

Backport: r1757062

As commented, ensure we don't flag a request as a rejected 0.9 request

if we identified any other parsing errors and handle all 0.9 request

errors as 400 BAD REQUEST, presuming HTTP/1.0 to deliver the error details.

Do not report 0.9 issues as 505 INVALID PROTOCOL because the client apparently

specified no protocol, and 505 post-dates the simple HTTP request mechanism.

Submitted by: wrowe

Backport: r1757065

Rename LenientWhitespace to UnsafeWhitespace and change StrictWhitespace

to the default behavior, after discussion with fielding et al about the

purpose of section 3.5. Update the documentation to clarify this.

This patch removes whitespace considerations from the Strict|Unsafe toggle

and consolidates them all in the StrictWhitespace|UnsafeWhitespace toggle.

Added a bunch of logic comments to read_request_line parsing.

Dropped the badwhitespace list for an all-or-nothing toggle in rrl.

Leading space before the method is optimized to be evaluated only once.

Toggled the request from HTTP/0.9 to HTTP/1.0 for more BAD_REQUEST cases.

Moved s/[\n\v\f\r]/ / cleanup logic earlier in the cycle, to operate on

each individual line read, and catch bad whitespace errors earlier.

This changes the obs-fold to more efficiently condense whitespace and

forces concatinatination with a single SP, always. Overrides are not

necessary since obs-fold is clearly deprecated.

Submitted by: wrowe

Backport: r1757589

Also catch invalid spaces between the URI <> Protocol in StrictWhitespace mode.

(matching the test for the Method <> URI)

Submitted by: wrowe

Backport: r1757593

Correct RFC reference text (link was right)

Submitted by: wrowe

Backport: r1757711

First survey results, all intrinsicly bad input will be logged at the debug

level, no louder. This patch intentionally dodges the Limit* constrained tests

since administrators may shoot themselves in the foot, or be confronted with

impossibly long cookie values, etc.

Adjust the documentation to match.

Submitted by: wrowe

Backport: r1757920

Correct URL failure reporting.

Drop the second reporting of HEAD over HTTP/0.9 requests, we short-circuit

this early now in read_request_line() when presented anything other than

the sole "GET" method permitted by spec.

Revert to the correct APLOGNO ID for this case

Submitted by: wrowe

Backport: r1757921, r1757924

Folding StrictWhitespace into the Strict ruleset of RFC7230, per dev@ poll.

This choice is unanimous, although StrictURI (a different RFC) still hasn't

found absolute concensus.

Submitted by: wrowe

Backport: r1758226

Correct the parser construction for several optimizations,

based on the fact that bad whitespace shall not be permitted

or corrected in any operating mode, while preserving the

ability to extract bad method/uri/proto for later reporting

and diagnostics.

This change causes badwhitespace in the request line or any

request field line to always fail, and not honor the setting

of the HttpProtocolOptions Unsafe option. Mult SP characters

or trailing SP characters in the request line are still

permitted in Unsafe mode.

Adjusted several error message emits to match these changes.

Submitted by: wrowe

Backport: r1758263

Clarify documentation based on concensus decisions discussed on dev@

and reflecting the current implementation, clean up stray <p>

Submitted by: wrowe

Backport: r1758265, r1758266

New optional flag to enforce <CR><LF> line delimiters in ap_[r]getline,

created by overloading 'int fold' (1 or 0) as 'int flags', with the same

value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value


Enforce CRLF when HttpProtocolOptions Strict is in force.

Correctly introduces a new t/TEST fail.

Submitted by: wrowe

Backport: r1758304

Calm some overly agressive crlf handling, and clarify

Submitted by: wrowe

Backport: r1758305, r1758313

Review of IE 11, Firefox 48 and Chrome 53 all indicate that ';' URI characters

are transmitted unencoded, per RFC3986 section 3.3 grammer. Correct httpd's

behavior to not encode ';' in proxied URI's or Location: response headers.

Submitted by: wrowe

Backport: r1760444


r1769664 | wrowe | 2016-11-14 12:07:40 -0500 (Mon, 14 Nov 2016) | 48 lines

Drop unused, previously sscanf() target variables

Submitted by: wrowe

Backport: r1756821

Drop redundant == --rrl_none evaluation

Submitted by: rpluem

Backport: r1756823

server/protocol.c (read_request_line): Fix compiler warnings with GCC.

Submitted by: jorton

Backport: r1756824

Correct request header handling of whitespace with the new possible config of

HttpProtocolOptions Unsafe StrictWhitespace

I have elected not to preserve any significance to excess whitespace in the

now-deprecated obs-fold code path, that's certainly open for discussion.

This can be reviewed by tweaking t/conf/extra.conf to switch Strict to Unsafe.

Submitted by: wrowe

Backport: r1756847

A band-aid to resolve an immediate IBM MVS'ism

Submitted by: wrowe

Backport: r1756849

Resolve Netware (and other arch) build error for non-portable isascii()

Submitted by: wrowe

Backport: r1756934

Generally, the cart comes before the horse, this mirrors apr_lib.h

Submitted by: wrowe

Backport: r1756937

After lengthy investigation with covener's assistance, it seems we cannot

use a static table. We cannot change this to dynamic use of the local iconv

without build changes to avoid such use on cross-platform builds.

I'm satisfied if we trust iscntrl to at least catch all the most lethal

C0 Ctrls (we are promised it catches bad carriage control/line endings)

and leave this in the short term with an XXX to revisit at a future time.

The token stop never needed this table, because we can use the affirmative

list of token characters to define it.

Submitted by: wrowe, covener

Backport: r1756946


r1769662 | wrowe | 2016-11-14 12:01:20 -0500 (Mon, 14 Nov 2016) | 46 lines

Rename the previously undocumented HTTPProtocol directive

to EnforceHTTPProtocol, and invert the default behavior

to strictly observe RFC 7230 unless otherwise configured.

And Document This.

The relaxation option is renamed 'Unsafe'. 'Strict' is no

longer case sensitive. 'min=0.9|1.0' is now the verbose

'Allow0.9' or 'Require1.0' case-insenstive grammer. The

exclusivity tests have been modified to detect conflicts.

The 'strict,log' option failed to enforce strict conformance,

and has been removed. Unsafe, informational logging is possible

in any loadable module, after the request data is unsafely


This triggers a group of failures in t/apache/headers.t as

expected since those patterns violated RFC 7230 section 3.2.4.

Submitted by: wrowe

Backport: r1756540


Submitted by: wrowe

Backport: r1756555

Renaming this directive to HttpProtocolOptions after discussion on dev@

Submitted by: wrowe

Backport: r1756649

Perform correct, strict parsing of the request line, handling the

http protocol tag, url and method appropriately, and attempting

to extract values even in the presence of unusual whitespace in

keeping with section 3.5, prior to responding with whatever

error reply is needed. Conforms to RFC7230 in all respects,

the section 3.5 optional behavior can be disabled by the user

with a new HttpProtocolOptions StrictWhitespace flag. In all

cases, the_request is regenerated from the parsed components

with exactly two space characters.

Shift sf's 'strict' method check from the Strict behavior because

it violates forward proxy logic, adding a new RegisteredMethods

flag, as it will certainly be useful to some.

Submitted by: wrowe

Backport: r1756729


r1769649 | wrowe | 2016-11-14 10:29:20 -0500 (Mon, 14 Nov 2016) | 124 lines

Improve legibility of reviewing the generated table, using hex rather than dec

Submitted by: wrowe

Backport: r1754536

Correct T_HTTP_TOKEN_STOP per RFC2068 (2.2) - RFC7230 (3.2.6),

which has always defined 'token' as CHAR or VCHAR - visible USASCII only.

NUL char is also a stop, end of parsing.

Submitted by: wrowe

Backport: r1754538

Be more explicit about NUL in case iscntrl is inconsistent

Submitted by: wrowe

Backport: r1754539

Introduce T_HTTP_CTRLS for efficiently finding non-text chars

Submitted by: wrowe

Backport: r1754540

Introduce ap_scan_http_field_content, ap_scan_http_token

and ap_get_http_token [later reverted] for more efficient

string handling.

Submitted by: wrowe

Backport: r1754541

With NUL as a TOKEN_STOP, this code is more efficient

Submitted by: wrowe

Backport: r1754544

We arrive here for more than one cause; offer a more general statement

Submitted by: wrowe

Backport: r1754547

Strictly observe spec on obs-fold

Submitted by: wrowe

Backport: r1754548

Leave an emphatic TODO per Jeff's observations

Submitted by: trawick

Backport: r1754555

Introduce ap_scan_http_token / ap_scan_http_field_content for a much

more efficient pass through the header text; rather than reparsing

the strings over and over under the HTTP_CONFORMANCE_STRICT fules.

Improve logic and legibility by eliminating multiple repetitive tests

of the STRICT flag, and simply reorder 'classic' behavior first and

this new parser second to simplify the diff. Because of the whitespace

change (which I had wished to dodge), reading this --ignore-all-space

is a whole lot easier. Particularly against 2.4.x branch, which is now

identical in the 'classic' logic flow. Both of which I'll share with dev@

Submitted by: wrowe

Backport: r1754556

Friendly catch by Rüdiger, restore line mis-removed by the previous commit

Submitted by: rpluem

Backport: r1754568

Clean up doubled-'{'

Correct usage for ap_scan_http_token (had used _get_ syntax)

Correct logic, detect no 'token' chars, or missing ':'

Submitted by: wrowe, rpluem

Backport: r1754569,r1754570,r1754577

Replacement solution to identify VCHAR/ASCII symbols, even in EBCDIC.

Looking for someone with an EBCDIC environment to post the output of

the test_char.h generated file for verification.

Submitted by: wrowe

Backport: r1754579

Clean up an edge case where obs-fold continuation preceeds the first header,

as with r1755098, but this time ensure the previous header processing logic

ensures there was a previous header as identified by jchampion.

This patch restructures the loop for legibility with a loop continuation,

allowing us to flatten all of this hard-to-follow code. The subsequent

patch will be a whitespace-only change for formatting.

Testing len > 0 is redundant when *field is a "\0" and mismatches here,

folded flag was a no-op, unused once we added continue; logic.

Fix these as initially attempted in r1755114.

Improve comments and reflow whitespace.

Submitted by: wrowe

Backport: r1755123,r1755124,r1755125,r1755126

As promised, reduce this logic by net 9 code lines, shifting the burden

of killing trailing whitespace to the purpose-agnostic read logic.

Whitespace before or after an obs-fold, and before or after a field value

have no semantic purpose at all. Because we are building a buffer for all

folded values, reducing the size of the newly allocated buffer is always

to our advantage.

Submitted by: wrowe

Backport: r1755233

Treat empty obs-fold line as a noop, eliminate all intra-obs-fold excess

whitespace, and observe the 1 SP per obs-folding per spec.

Submitted by: wrowe

Backport: r1755234,r1755235,r1755236

Treat empty obs-fold line as abusive traffic.

Submitted by: wrowe

Backport: r1755263

Stop reflecting irrelevant data to the request error notes, particularly

for abusive and malformed traffic the non-technical consumer of a user-agent

has no control over.

Simply take note where the administrator-configured limits have been exceeded,

that administrator can find details in the error log if desired.

Submitted by: wrowe

Backport: r1755264

Follow up to r1755264.

Don't crash when ap_rgetline() returns a NULL field on ENOSPC.

Submitted by: ylavic

Backport: r1755343

Follow on to r1755264, for the case of merged header length exceptions,

and ensure the field header name is truncated to a sane log width.

Submitted by: wrowe

Backport: r1755744


r1769454 | wrowe | 2016-11-12 18:47:29 -0500 (Sat, 12 Nov 2016) | 2 lines

Partial Backport of r1746884, no-op changes that introduce patch conflicts.


r1768978 | wrowe | 2016-11-09 09:39:05 -0500 (Wed, 09 Nov 2016) | 5 lines

Backports: r1687643

Submitted by: covener

be less weird in comment


r1768977 | wrowe | 2016-11-09 09:37:34 -0500 (Wed, 09 Nov 2016) | 5 lines

Backports: r1687642

Submitted by: covener

elaborate on a misleading comment


r1768971 | wrowe | 2016-11-09 09:32:09 -0500 (Wed, 09 Nov 2016) | 8 lines

core: Follow up to r1664205 (previously backported)

Don't let invalid r->proto_num/protocol out of read_request_line() reach

the output filters (when responding with 400 Bad Request).

Suggested by: rpluem

Backports: r1664576


r1768969 | wrowe | 2016-11-09 09:23:00 -0500 (Wed, 09 Nov 2016) | 10 lines

Backport: r1610383

Submitted by: jailletc36

Simplify code.

Cases where 'loc' doesn't have any ':' or is starting with ':' are already

handled by 'ap_is_url()'

Calling 'apr_isascii()' seems useless.


r1768968 | wrowe | 2016-11-09 09:20:45 -0500 (Wed, 09 Nov 2016) | 4 lines

Backport: r1546860

Submitted by: jailletc36

Fix missing space in message of protocol.c (other r1546860 changes ignored)


r1768093 | wrowe | 2016-11-04 16:50:45 -0400 (Fri, 04 Nov 2016) | 7 lines

ap_rgetline_core() now pulls from r->proto_input_filters

for better input filtering behavior during chunked trailer

processing by ap_http_filter().

Backports: r1446421

Submitted by: joes


r1768090 | wrowe | 2016-11-04 16:47:00 -0400 (Fri, 04 Nov 2016) | 7 lines

Stupid CodeWarrior compiler cant take vars with struct inits.

Ensure that is_v6literal is always initialized

Backports: r1428145, r1436457

Submitted by: fuankg, rpluem


r1768036 | wrowe | 2016-11-04 10:20:16 -0400 (Fri, 04 Nov 2016) | 40 lines

Add an option to enforce stricter HTTP conformance

This is a first stab, the checks will likely have to be revised.

For now, we check

* if the request line contains control characters

* if the request uri has fragment or username/password

* that the request method is standard or registered with RegisterHttpMethod

* that the request protocol is of the form HTTP/[1-9]+.[0-9]+,

or missing for 0.9

* if there is garbage in the request line after the protocol

* if any request header contains control characters

* if any request header has an empty name

* for the host name in the URL or Host header:

- if an IPv4 dotted decimal address: Reject octal or hex values, require

exactly four parts

- if a DNS host name: Reject non-alphanumeric characters besides '.' and

'-'. As a side effect, this rejects multiple Host headers.

* if any response header contains control characters

* if any response header has an empty name

* that the Location response header (if present) has a valid scheme and is


If we have a host name both from the URL and the Host header, we replace the

Host header with the value from the URL to enforce RFC conformance.

There is a log-only mode, but the loglevels of the logged messages need some

thought/work. Currently, the checks for incoming data log for 'core' and the

checks for outgoing data log for 'http'. Maybe we need a way to configure the

loglevels separately from the core/http loglevels.

change protocol number parsing in strict mode according to HTTPbis draft

- only accept single digit version components

- don't accept white-space after protocol specification

Clean up comment, fix log tags.

Submitted by: sf

Backports: r1426877, r1426879, r1426988, r1426992


r1768035 | wrowe | 2016-11-04 10:14:59 -0400 (Fri, 04 Nov 2016) | 14 lines

Correctly parse an IPv6 literal host specification in an absolute URL

in the request line.

- Fix handling of brackets [ ] surrounding the IPv6 address.

- Skip parsing r->hostname again if not necessary.

- Do some checks that the IPv6 address is sane. This is not done by


log client error at level debug, log broken Host header value

Backports: r1407006, r1426827

Submitted by: sf


r1767942 | wrowe | 2016-11-03 14:01:23 -0400 (Thu, 03 Nov 2016) | 5 lines

Expose ap_method_register() to the admin with a new RegisterHttpMethod


Backports: r1407599

Submitted by: sf


r1767941 | wrowe | 2016-11-03 13:57:50 -0400 (Thu, 03 Nov 2016) | 9 lines

New directive HttpProtocol which allows to disable HTTP/0.9 support

with min=0.9|1.0 syntax.

A tighter restriction off the version in the request line is still

possible with <If "%{SERVER_PROTOCOL_NUM} ..."> .

Submitted by: sf

Backports: r1406719, r1407643, r1425366


r1767912 | wrowe | 2016-11-03 11:55:18 -0400 (Thu, 03 Nov 2016) | 1 line

Branch to bring http protocol parsing in 2.4.x in sync with trunk


  1. … 13 more files in changeset.
Merge r1756038 from trunk:

Fix spelling in comments and text files.

No functional change.

PR 59990

Submitted by: rjung

Reviewed/backported by: jim

  1. … 72 more files in changeset.
Add ap_cstr_casecmp[n]() - placeholder of apr_cstr_casecmp[n] functions

for case-insensitive C/POSIX-locale token comparison.

Submitted by: wrowe

Reviewed by: jim, minfrin

  1. … 4 more files in changeset.
Merge r1730723 from trunk:

Add 451... Needed to adjust RESPONSE_CODES which

was not in the provided patch

BUGZ# 58985

Reviewed/backported by: jim

  1. … 3 more files in changeset.
reversal of r1747004 bc unwanted changes
  1. … 3 more files in changeset.
  1. … 3 more files in changeset.
Merge r1722177, r1722195, r1722229, r1722320, r1722328, r1722334, r1722350, r1722351, r1722358, r1722377, r1723953, r1724879, r1724992, r1724993, r1724995, r1725018, r1725031, r1725120, r1725328, r1725387, r1725489, r1725498, r1725499, r1725523, r1725545, r1725567, r1725581, r1725602, r1725822, r1725967, r1726038, r1726049, r1726051, r1726052, r1726055, r1725090, r1728326, r1737020 from trunk:

Commit framework impl of health-check module plus

required changes. The actual health checking is

currently in progress, but wanted to add in at

this stage.

Make aware of new status: Failed Health Check.

Store the number of current passes/fails in shm

finish looping logic... place-holder for actual checking

Better check

move to per server conf, useful for adding HealthCheckCondition

Now implement the condition ruleset definition. The

actual checking will be done in the actual health check


just check watched servers... use 'hc' prefix for sub directives

Check that we have names for both templates and


command changes

Don't bother w/ methods that return bodies. We don't

handle them now anyway.

Use enums and structs to keep things better organized

1st cut of 'simple' tcp check... We reuse various proxy

function and so this *could* be more streamlined, but

use this to show how the other would work, since we need

brigades, SSL/TLS support, etc.

Since every check needs this, do this in the main

check loop. Allows some optimizations.

move scope

pull this out... large enough for a func

Move to a set of health check workers, mapping to

each worker itself, instead of a single reused generic


some ordering optimization

Make balancer manager health-check aware

And we now allow for health checks via OPTIONS *

Leverage the OPTIONS code for HEAD as well...

So we now support: TCP, OPTIONS and HEAD.

Right now, anything other than an error (even a 404)

is consider a PASS.

Fill in APLOGNO.

I hope that doesn't result in merge trouble

for Jim.

Open up hook/scar to allow for passes/fails and

method to be changed via bal-man...

OPTIONS/HEAD proxy function should be diff from simple TCP check

For OPTIONS and HEAD, only 2xx and 3xx are considered "passing"

(until I implement the conditions expr testing)... honor

the pass/fail count and LOG_INFO when the health check enables

or disables a backend worker.

Start impl of expr conditions for runtime checks

Adjust log levels

correct error string

Use worker status character defines taken

from mod_proxy.h instead of explicit characters.

Noted by rpluem.

With the updated ap_expr, we can now check for the

returned response body, stored in kept_body

Assign log message tags

Implement expr lookup in mod_proxy_hcheck for

variables whose names start with "HC_" and for

the new function hc().

Currently only HC_BODY and hc(body) are supported.

Both return the saved body of the health check

response to be used in an expr that decides about

success of a check.

Fix copy&paste error in new function.

Try fixing new proxy_hcheck expr extension.

Interestingly mod_ssl using NULL as well,

but some other module I wrote uses parms->name.


clash :)

Enabling a worker via health-check also moves them out of

ERROR more (which may have been set via the static

"health" check done via mod_proxy).

Some flow improvements...

Submitted by: jim, rjung, jim, jim, jim, jim, jim, jim, rjung, jim, jim, rjung, rjung, rjung, jim, jim, olegk, jim, jim

Reviewed/backported by: jim

  1. … 350 more files in changeset.
Merge r1729929 from trunk:

Introduce an ap_get_useragent_host() accessor to replace the old

ap_get_remote_host() in most applications, but preserve the original

behavior for all ap_get_remote_host() consumers (mostly, because we

don't have the request_rec in the first place, and also to avoid any

unintended consequences).

This accessor continues to store the remote_host of connection based

uesr agents within the conn_rec for optimization. Only where some

other module modifies the useragent_addr will we perform a per-request

query of the remote_host.

(Fixed compilation issues noted by Ranier, applies to 2.4.x trunk,

modulo CHANGES and ap_mmn.h)

Submitted by: wrowe

Reviewed/backported by: jim

  1. … 6 more files in changeset.
Fix typo in comment (s/patterm/pattern/).

Backport of r1726086 from trunk.

  1. … 2 more files in changeset.
Merge r1710095, r1710105, r1711902 from trunk:

core: Limit to ten the number of tolerated empty lines between request,

and consume them before the pipelining check to avoid possible response

delay when reading the next request without flushing.

Before this commit, the maximum number of empty lines was the same as

configured LimitRequestFields, defaulting to 100, which was way too much.

We now use a fixed/hard limit of 10 (DEFAULT_LIMIT_BLANK_LINES).

check_pipeline() is changed to check for (up to the limit) and comsume the

trailing [CR]LFs so that they won't be interpreted as pipelined requests,

otherwise we would block on the next read without flushing data, and hence

possibly delay pending response(s) until the next/real request comes in or

the keepalive timeout expires.

Finally, when the maximum number of empty line is reached in

read_request_line(), or that request line does not contains at least a method

and an (valid) URI, we can fail early and avoid some failure detected in

further processing.

core: follow up to r1710095.

Simplify logic in check_pipeline(), and log unexpected errors.

core: follow up to r1710095, r1710105.

We can do this in a single (no inner) loop, and simplify again the logic.

Submitted by: ylavic

Reviewed/backported by: jim

  1. … 5 more files in changeset.
Merge r1708107, r1709587, r1709602, r1709995, r1710231, r1710419, r1710572, r1710583, r1715023 from trunk:

mod_ssl: performing protocol switch directly after ALPN selection, mod_http2: connection hook inits network filters to force TLS handshake, reads input only if H2Direct explicitly enabled, changes H2Direct default to off even for cleartext connections

new ap_is_allowed_protocol() for testing configured protocols, added H2Upgrade on/off directive, changed H2Direct default back to on when h2c is in Protocols

moved ssl handshake trigger from mod_http2 to new process_connection hook in mod_ssl

mod_ssl: check request-server for TLS settings compatible to handshake server, allow request if equal, renegotiation checks: remember last used cipher_suite for optimizations, deny any regnegotiation in presence of master connection

announce protocol choices on first request

fixing compilation issue for older platform

disabling protocol upgrades on slave connections

first request on master connection only reports more preferred protocols in Upgrade header

mod_ssl: follow up to r1709602.

Fix "HTTP spoken on HTTPS port" broken by the SSL handshake trigger moved to

process_connection hook (r1709602) along with H2Direct speculative read.

Submitted by: icing, ylavic

Reviewed/backported by: jim

  1. … 11 more files in changeset.

  1. … 28 more files in changeset.
Merge r1697855, r1697339, r1696428, r1696266, r1696264, r1695874, r1695727, r1692516, r1692486, r1610674, r1685069, r1693918, r1698116, r1698133, r1694950, r1700968, r1701005, r1701145, r1701178 from trunk:

adding ap_get_protocol(c) which safeguards against NULL returns, for use instead of direct calling ap_run_protocol_get

changed Protocols to let vhosts override servers, removed old H2Engine example from readme

creating ap_array_index in util, forwarding scheme into request processing, enabling SSL vars only when scheme is not http:, delayed connection creation until task worker assignment

removed unnecessary lingering_close and sbh update on end of protocol upgrade handling

introducing ap_array_index in util, used in protocol and mod_h2

fixes existing protocol missing in selection if not explicitly proposed

new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed preference selection and config merging

removed accidental code

new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse

proxy configuration, a remote attacker could send a carefully crafted

request which could crash a server process, resulting in denial of


Thanks to Marek Kroemeke working with HP's Zero Day Initiative for

reporting this issue.

* server/util.c (ap_parse_token_list_strict): New function.

* modules/proxy/proxy_util.c (find_conn_headers): Use it here.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):

Send a 400 for a malformed Connection header.

Submitted by: Edward Lu, breser, covener

http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code

for clients requesting a hostname on a reused connection whose SNI (from the

TLS handshake) does not match.

PR 5802.

This allows HTTP/2 clients to fall back to a new connection as per:

Proposed by: Stefan Eissing <stefan>

Reviewed by: ylavic


Allowing protocol_propose hooks to be called with offers=NULL, clarifying semantics as proposed by

giving ap_array_index a start parameter, adding ap_array_contains

ap_process_request needs exportation for use in mod_h2 on Windows

final final change to the new ap_array_str_* functions after review

changed Protocols default to http/1.1 only, updated documentation, changed ap_select_protocol() to return NULL when no protocol could be agreed upon

mod_ssl: fix compiler warning (bad cast).

improvements in ap_select_protocol(), supplied by yann ylavic

Submitted by: icing, jorton, ylavic, covener, icing, icing, gsmith, icing, icing, ylavic, icing

Reviewed/backported by: jim

  1. … 16 more files in changeset.
Fix typo in comment

(r1380525 on trunk)

Backport r1690137.

Doc and comment fix only

  1. … 11 more files in changeset.
Not that hard to explain...
  1. … 1 more file in changeset.