Checkout Tools
  • last updated 2 hours ago
Constraints: committers
Constraints: files
Constraints: dates
Revert r1869222, wrong files committed.
  1. … 3 more files in changeset.
mod_proxy_http: follow up to r1869216.

Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case.

This both simplifies code and allows to keep EOS into the input_brigade until

it's sent, and thus detect whether we already fetched the whole body if/when

proxy_http_handler() re-enters for different balancer members.

[reverted by r1869223]

  1. … 3 more files in changeset.
mod_proxy_http: Fix 100-continue deadlock for spooled request bodies. PR 63855.

Send "100 Continue", if needed, before fetching/blocking on the request body in

spool_reqbody_cl(), otherwise mod_proxy and the client can wait for each other,

leading to a request timeout (408).

While at it, make so that ap_send_interim_response() uses the default status

line if none is set in r->status_line.

  1. … 2 more files in changeset.
Fix a typo in a message.

Reported and fixed by Christian Bartolomäus (bartolin

PR 63806

Fix a signed/unsigned comparison that can never match.

(+ add a missing space to improve formating)

Spotted by gcc 9.1 and -Wextra

Fix a shadow (and useless) variable.

Fix a cppcheck warning and a style issue.

* server/protocol.c (ap_rvputs): Call va_end before returning in the

error case, as required by C89/POSIX stdarg.h - Coverity warns for


add ids

  1. … 1 more file in changeset.
Add StrictHostCheck

.. to allow ucnonfigured hostnames to be rejected.

The checks happen during NVH mapping and checks that the

mapped VH itself has the host as a name or alias.

  1. … 6 more files in changeset.
http: Enforce consistently no response body with both 204 and 304 statuses.

Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and

use it where some special treatment is needed when no body is expected.

Some of those places handled 204 only.

  1. … 9 more files in changeset.
mod_proxy_http: forward 100-continue.

Handle end-to-end 100-continue, according to RFC 7231, such that the client

request body is not read/forwarded (according to its "Expect:" header) until

the backend wants to receive it (with interim 100 continue response), or never

forwarded if the backend provides a (non-interim) response and doesn't need

the client body at all.

This is achieved by filling the header_brigade in ap_proxy_http_prefetch()

and letting ap_proxy_http_request() determine whether it should forward that

brigade only (with the "Expect: 100-continue" specified by the client or added

according to "ping=" configuration), or forward the whole body for the usual

case (as before).

When 100-continue expectation is in place, the body is actually forwarded by

ap_proxy_http_process_response() when/if a "100 continue" response is sent by

the backend, otherwise the body is discarded; a future enhancement could make

so that in a balancer configuration, the body could be forwarded to another

balancer member depending on the status/error from the backend.

So stream_reqbody_cl() and stream_reqbody_chunked() functions are adapted to be

called by either ap_proxy_http_request() or ap_proxy_http_process_response(),

while spool_reqbody_cl() still spools the body in ap_proxy_http_prefetch() thus

before the backend is connected/reused to avoid inactivity on the connection

for the prefetch time (the prefetched body is also forwarded according to the

100-continue expectation, though).

Also, since the brigades and other runtime objects now need to be shared by the

ap_proxy_http_*() functions chain, a proxy_http_req_t struct/context is created

from the start and passed to them as (the single) argument. This is also a good

candidate for a future async baton, if we wanted to let the MPM event wait for

connection data for us at any stage and be called back ;)

Finally, ap_send_interim_response() is modified to correcly handle 100 continue

responses once, and take care of clearing r->expecting_100 only for them.

PR 60330.

  1. … 2 more files in changeset.
PR62368: Print the unparsed URI in AH03454

... to include r->args and get otherwise get as close to possible to

what came in over the wire.

Submitted By: Hank Ibell <hwibell>

Committed By: covener

Axe ap_rgetline_core(), not used anymore.

  1. … 4 more files in changeset.
Follow up to r1829659, ap_[f]getline() EBCDIC awareness.

Rename ap_fgetline_impl() to ap_fgetline_core(), and do missing EBCDIC

translation in ap_fgetline().

Also restore EBCDIC translation for ap_getline(), as noted by Ruediger this

was changed (unexpectedly) in r1829659.

http: add ap_fgetline() and AP_GETLINE_NONBLOCK flag.

It allows to read a line directly from an input filter, in blocking mode

or not. Since no request_rec is needed, a pool may be given.

Existing ap_[r]getline() function are now based off ap_fgetline() by calling:

ap_fgetline(s, n, read, r->proto_input_filters, flags, bb, r->pool);

Will follow up with a new ap_get_mime_headers_*() flavor which can be used by

any filter that needs non-blocking and not necessarily has a request_rec (e.g.

ap_http_filter() to read proxied response trailers).

  1. … 2 more files in changeset.
core: forward flags to recursive/folding call to ap_rgetline_core().

We still need them when folding, other than AP_GETLINE_FOLD itself of course.

core: Add and handle AP_GETLINE_NOSPC_EOL flag in ap_rgetline_core().

This tells the ap_getline() family of functions to consume the end of line

when the buffer is exhausted.

PR 62198.

  1. … 3 more files in changeset.
core: ap_getline_core() reads nothing for n == 0.
PR62200: EBCDIC: ap_rgetline APR_ENOSPC

On EBCDIC systems, translation does not occur in ap_rgetline() if the line is

larger than the buffer size.

Submitted By: Hank Ibell

Committed By: covener

  1. … 1 more file in changeset.
core: Ensure that ap_*getline*() return NUL terminated lines on any error.

This was done only on buffer full, so be consistent, and fail early if the

given buffer can't even hold the NUL bytes (negative or nul size).

  1. … 1 more file in changeset.
* server/protocol.c (ap_content_length_filter): Rewrite the content

length filter to avoid arbitrary memory consumption for streaming

responses (e.g. large CGI script output). Ensures C-L is still

generated in common cases (static content, small CGI script output),

but this DOES change behaviour and some responses will end up

chunked rather than C-L computed.

PR: 61222

Submitted by: jorton, rpluem

Restore single-char field names inadvertantly disallowed in 2.4.25.

PR: 61220

Submitted by: ylavic

Revert 1800111 for a cleaner logic flow proposed by Yann
Appears to resolve the issue to permit single-char fieldnames; PR61220
core: deprecate and replace ap_get_basic_auth_pw

*) core: Deprecate ap_get_basic_auth_pw() and add


Submitted By: Emmanuel Dreyfus <manu>, Jacob Champion, Eric Covener

CVEID: CVE-2017-3167

  1. … 4 more files in changeset.
Fix some spelling errors in comments
old IBM EBCDIC fix that never got shared.

  1. … 1 more file in changeset.
Partial port of proposed r1773158 for httpd-2.x only; this change causes all

illegible protocol args to be rejected, irrespective of the strict toggle as

we expect this to occur with a garbage raw SP embedded in the request URI.

Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0

error response.

String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol


Submitted by: rpluem, wrowe

Optimize away one more strchr
List discussion resulted in rejecting all but SP characters in the request

line, but in the strict mode prioritize excessive space testing over bad

space testing (which is captured later) and make both more efficient

(at this test ll[0] is already whitespace or \0 char). Also correct a comment.