You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2011/09/03 19:42:57 UTC
svn commit: r1164894 - in /httpd/httpd/branches/2.2.x: CHANGES
docs/conf/httpd.conf.in docs/manual/mod/core.xml include/ap_mmn.h
include/http_core.h modules/http/byterange_filter.c server/core.c
Author: covener
Date: Sat Sep 3 17:42:56 2011
New Revision: 1164894
URL: http://svn.apache.org/viewvc?rev=1164894&view=rev
Log:
backport revisions 1162584, 1164861, 1162587 from trunk:
Add MaxRanges directive and limit # of accepted ranges to 200 by default.
Submitted By: Eric Covener, Guenter Knauf
Reviewed By: covener, fuankg, sf
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/docs/conf/httpd.conf.in
httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml
httpd/httpd/branches/2.2.x/include/ap_mmn.h
httpd/httpd/branches/2.2.x/include/http_core.h
httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
httpd/httpd/branches/2.2.x/server/core.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Sat Sep 3 17:42:56 2011
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.21
+ *) core: Add MaxRanges directive to control the number of ranges permitted
+ before returning the entire resource, with a default limit of 200.
+ [Eric Covener]
Changes with Apache 2.2.20
Modified: httpd/httpd/branches/2.2.x/docs/conf/httpd.conf.in
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/conf/httpd.conf.in?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/conf/httpd.conf.in (original)
+++ httpd/httpd/branches/2.2.x/docs/conf/httpd.conf.in Sat Sep 3 17:42:56 2011
@@ -350,6 +350,12 @@ DefaultType text/plain
#
#
+# MaxRanges: Maximum number of Ranges in a request before
+# returning the entire resource, or 0 for unlimited
+# Default setting is to accept 200 Ranges
+#MaxRanges 0
+
+#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall is used to deliver
# files. This usually improves server performance, but must
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/core.xml Sat Sep 3 17:42:56 2011
@@ -2298,6 +2298,24 @@ connection</description>
</example>
</usage>
</directivesynopsis>
+<directivesynopsis>
+<name>MaxRanges</name>
+<description>Number of ranges allowed before returning the complete
+resource </description>
+<syntax>MaxRanges <var>number</var> (0 = no limit)</syntax>
+<default>MaxRanges 200</default>
+<contextlist><context>server config</context><context>virtual host</context>
+<context>directory</context>
+</contextlist>
+<compatibility>Available in Apache HTTP Server 2.3.15 and later</compatibility>
+
+<usage>
+ <p>The <directive>MaxRanges</directive> directive
+ limits the number of HTTP ranges the server is willing to
+ return to the client. If more ranges then permitted are requested,
+ the complete resource is returned instead.</p>
+</usage>
+</directivesynopsis>
<directivesynopsis>
<name>NameVirtualHost</name>
Modified: httpd/httpd/branches/2.2.x/include/ap_mmn.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/ap_mmn.h?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/ap_mmn.h (original)
+++ httpd/httpd/branches/2.2.x/include/ap_mmn.h Sat Sep 3 17:42:56 2011
@@ -146,6 +146,7 @@
* Add core_dir_config.decode_encoded_slashes.
* 20051115.28 (2.2.19) Restore ap_unescape_url_keep2f(char *url) signature
* altered in 2.2.18. Add ap_unescape_url_keep2f_ex().
+ * 20051115.29 (2.2.21) add max_ranges to core_dir_config
*/
#define MODULE_MAGIC_COOKIE 0x41503232UL /* "AP22" */
@@ -153,7 +154,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20051115
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 28 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 29 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
Modified: httpd/httpd/branches/2.2.x/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/http_core.h?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/http_core.h (original)
+++ httpd/httpd/branches/2.2.x/include/http_core.h Sat Sep 3 17:42:56 2011
@@ -570,6 +570,10 @@ typedef struct {
unsigned int decode_encoded_slashes : 1; /* whether to decode encoded slashes in URLs */
+
+ /** Number of Ranges before returning HTTP_OK, 0/unlimited -1/unset. **/
+ int max_ranges;
+
} core_dir_config;
/* Per-server core configuration */
Modified: httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c (original)
+++ httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c Sat Sep 3 17:42:56 2011
@@ -55,6 +55,10 @@
#include <unistd.h>
#endif
+#ifndef DEFAULT_MAX_RANGES
+#define DEFAULT_MAX_RANGES 200
+#endif
+
static int ap_set_byterange(request_rec *r, apr_off_t clength,
apr_array_header_t **indexes);
@@ -243,6 +247,12 @@ typedef struct indexes_t {
apr_off_t end;
} indexes_t;
+static int get_max_ranges(request_rec *r) {
+ core_dir_config *core_conf = ap_get_module_config(r->per_dir_config,
+ &core_module);
+ return core_conf->max_ranges == -1 ? DEFAULT_MAX_RANGES : core_conf->max_ranges;
+}
+
AP_CORE_DECLARE_NONSTD(apr_status_t) ap_byterange_filter(ap_filter_t *f,
apr_bucket_brigade *bb)
{
@@ -263,6 +273,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
indexes_t *idx;
int original_status;
int i;
+ int max_ranges = get_max_ranges(r);
/*
* Iterate through the brigade until reaching EOS or a bucket with
@@ -290,7 +301,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
num_ranges = ap_set_byterange(r, clength, &indexes);
/* We have nothing to do, get out of the way. */
- if (num_ranges == 0) {
+ if (num_ranges == 0 || (max_ranges > 0 && num_ranges > max_ranges)) {
r->status = original_status;
ap_remove_output_filter(f);
return ap_pass_brigade(f->next, bb);
Modified: httpd/httpd/branches/2.2.x/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/core.c?rev=1164894&r1=1164893&r2=1164894&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/core.c (original)
+++ httpd/httpd/branches/2.2.x/server/core.c Sat Sep 3 17:42:56 2011
@@ -165,6 +165,8 @@ static void *create_core_dir_config(apr_
conf->enable_sendfile = ENABLE_SENDFILE_UNSET;
conf->allow_encoded_slashes = 0;
conf->decode_encoded_slashes = 0;
+
+ conf->max_ranges = -1;
return (void *)conf;
}
@@ -453,6 +455,8 @@ static void *merge_core_dir_configs(apr_
conf->allow_encoded_slashes = new->allow_encoded_slashes;
conf->decode_encoded_slashes = new->decode_encoded_slashes;
+ conf->max_ranges = new->max_ranges != -1 ? new->max_ranges : base->max_ranges;
+
return (void*)conf;
}
@@ -2978,6 +2982,16 @@ static const char *set_limit_xml_req_bod
return NULL;
}
+static const char *set_max_ranges(cmd_parms *cmd, void *conf_, const char *arg)
+{
+ core_dir_config *conf = conf_;
+
+ conf->max_ranges = atoi(arg);
+ if (conf->max_ranges < 0)
+ return "MaxRanges requires a non-negative integer (0 = unlimited)";
+
+ return NULL;
+}
AP_DECLARE(size_t) ap_get_limit_xml_body(const request_rec *r)
{
core_dir_config *conf;
@@ -3407,6 +3421,9 @@ AP_INIT_TAKE1("LimitXMLRequestBody", set
"Limit (in bytes) on maximum size of an XML-based request "
"body"),
+AP_INIT_TAKE1("MaxRanges", set_max_ranges, NULL, RSRC_CONF|ACCESS_CONF,
+ "Maximum number of Ranges in a request before returning the entire "
+ "resource, or 0 for unlimited"),
/* System Resource Controls */
#ifdef RLIMIT_CPU
AP_INIT_TAKE12("RLimitCPU", set_limit_cpu,
Re: svn commit: r1164894 - in /httpd/httpd/branches/2.2.x: CHANGES
docs/conf/httpd.conf.in docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h
modules/http/byterange_filter.c server/core.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 9/7/2011 11:56 AM, Eric Covener wrote:
>
> I think it's useful, but maybe not baked into the same patch as the fix?
Because of recent backchannel traffic on the topic, it's mandatory.
Committers to httpd, remember you may subscribe to security@h.a.o if you
have a history of contributing/intend to contribute to security fixes.
> Just noticing -- should the macro be AP_* before it ships in 2.2.21 or
> apply_to/?
Agree with you both... +1
Re: svn commit: r1164894 - in /httpd/httpd/branches/2.2.x: CHANGES docs/conf/httpd.conf.in docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h modules/http/byterange_filter.c server/core.c
Posted by Jim Jagielski <ji...@apache.org>.
Seems to me the macro should be AP_
+1
On Sep 7, 2011, at 12:56 PM, Eric Covener wrote:
>
> I think it's useful, but maybe not baked into the same patch as the fix?
>
> Just noticing -- should the macro be AP_* before it ships in 2.2.21 or
> apply_to/?
>
> --
> Eric Covener
> covener@gmail.com
>
Re: svn commit: r1164894 - in /httpd/httpd/branches/2.2.x: CHANGES
docs/conf/httpd.conf.in docs/manual/mod/core.xml include/ap_mmn.h
include/http_core.h modules/http/byterange_filter.c server/core.c
Posted by Eric Covener <co...@gmail.com>.
On Wed, Sep 7, 2011 at 12:34 PM, William A. Rowe Jr.
<wr...@rowe-clan.net> wrote:
> On 9/3/2011 12:42 PM, covener@apache.org wrote:
>> Author: covener
>> Date: Sat Sep 3 17:42:56 2011
>> New Revision: 1164894
>>
>> URL: http://svn.apache.org/viewvc?rev=1164894&view=rev
>> Log:
>> backport revisions 1162584, 1164861, 1162587 from trunk:
>>
>> Add MaxRanges directive and limit # of accepted ranges to 200 by default.
>
> So this doesn't make sense in deploying a patch but seems appropriate to at
> least allow for compiled-in settings... For purposes of < 2.2.21 patching,
> this would be my interpretation, using the same -Define as in the soon to be
> released versions. Comments?
>
>> Modified: httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c?rev=1164894&r1=1164893&r2=1164894&view=diff
>> ==============================================================================
>> --- httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c (original)
>> +++ httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c Sat Sep 3 17:42:56 2011
>> @@ -55,6 +55,10 @@
>> #include <unistd.h>
>> #endif
>>
>> +#ifndef DEFAULT_MAX_RANGES
>> +#define DEFAULT_MAX_RANGES 200
>> +#endif
>> +
>> static int ap_set_byterange(request_rec *r, apr_off_t clength,
>> apr_array_header_t **indexes);
>>
>> @@ -290,7 +294,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
>> num_ranges = ap_set_byterange(r, clength, &indexes);
>>
>> /* We have nothing to do, get out of the way. */
>> - if (num_ranges == 0) {
>> + if (num_ranges == 0 || (DEFAULT_MAX_RANGES > 0 && num_ranges > DEFAULT_MAX_RANGES)) {
>> r->status = original_status;
>> ap_remove_output_filter(f);
>> return ap_pass_brigade(f->next, bb);
>>
>
>
I think it's useful, but maybe not baked into the same patch as the fix?
Just noticing -- should the macro be AP_* before it ships in 2.2.21 or
apply_to/?
--
Eric Covener
covener@gmail.com
Re: svn commit: r1164894 - in /httpd/httpd/branches/2.2.x: CHANGES
docs/conf/httpd.conf.in docs/manual/mod/core.xml include/ap_mmn.h include/http_core.h
modules/http/byterange_filter.c server/core.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 9/3/2011 12:42 PM, covener@apache.org wrote:
> Author: covener
> Date: Sat Sep 3 17:42:56 2011
> New Revision: 1164894
>
> URL: http://svn.apache.org/viewvc?rev=1164894&view=rev
> Log:
> backport revisions 1162584, 1164861, 1162587 from trunk:
>
> Add MaxRanges directive and limit # of accepted ranges to 200 by default.
So this doesn't make sense in deploying a patch but seems appropriate to at
least allow for compiled-in settings... For purposes of < 2.2.21 patching,
this would be my interpretation, using the same -Define as in the soon to be
released versions. Comments?
> Modified: httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c?rev=1164894&r1=1164893&r2=1164894&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c (original)
> +++ httpd/httpd/branches/2.2.x/modules/http/byterange_filter.c Sat Sep 3 17:42:56 2011
> @@ -55,6 +55,10 @@
> #include <unistd.h>
> #endif
>
> +#ifndef DEFAULT_MAX_RANGES
> +#define DEFAULT_MAX_RANGES 200
> +#endif
> +
> static int ap_set_byterange(request_rec *r, apr_off_t clength,
> apr_array_header_t **indexes);
>
> @@ -290,7 +294,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
> num_ranges = ap_set_byterange(r, clength, &indexes);
>
> /* We have nothing to do, get out of the way. */
> - if (num_ranges == 0) {
> + if (num_ranges == 0 || (DEFAULT_MAX_RANGES > 0 && num_ranges > DEFAULT_MAX_RANGES)) {
> r->status = original_status;
> ap_remove_output_filter(f);
> return ap_pass_brigade(f->next, bb);
>