You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by hu...@apache.org on 2014/03/13 13:55:53 UTC
svn commit: r1577145 - in /httpd/httpd/branches/2.4.x: CHANGES
modules/lua/mod_lua.c
Author: humbedooh
Date: Thu Mar 13 12:55:53 2014
New Revision: 1577145
URL: http://svn.apache.org/r1577145
Log:
mod_lua: Add a fixups hook that checks if the original request is intended
for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
LuaMapHandler directive in certain cases by changing the URI before the map
handler code executes [Daniel Gruno].
Modified:
httpd/httpd/branches/2.4.x/CHANGES
httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c
Modified: httpd/httpd/branches/2.4.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1577145&r1=1577144&r2=1577145&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Thu Mar 13 12:55:53 2014
@@ -6,6 +6,11 @@ Changes with Apache 2.4.9
would cause a crash in SSL_get_certificate for servers where the
certificate hadn't been sent. [Stephen Henson]
+ *) mod_lua: Add a fixups hook that checks if the original request is intended
+ for LuaMapHandler. This fixes a bug where FallbackResource invalidates the
+ LuaMapHandler directive in certain cases by changing the URI before the map
+ handler code executes [Daniel Gruno].
+
Changes with Apache 2.4.8
*) SECURITY: CVE-2014-0098 (cve.mitre.org)
Modified: httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c?rev=1577145&r1=1577144&r2=1577145&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c (original)
+++ httpd/httpd/branches/2.4.x/modules/lua/mod_lua.c Thu Mar 13 12:55:53 2014
@@ -709,6 +709,29 @@ static int lua_request_rec_hook_harness(
return DECLINED;
}
+static int lua_map_handler_fixups(request_rec *r)
+{
+ /* If there is no handler set yet, this might be a LuaMapHandler request */
+ if (r->handler == NULL) {
+ int n = 0;
+ ap_regmatch_t match[10];
+ const ap_lua_dir_cfg *cfg = ap_get_module_config(r->per_dir_config,
+ &lua_module);
+ for (n = 0; n < cfg->mapped_handlers->nelts; n++) {
+ ap_lua_mapped_handler_spec *hook_spec =
+ ((ap_lua_mapped_handler_spec **) cfg->mapped_handlers->elts)[n];
+
+ if (hook_spec == NULL) {
+ continue;
+ }
+ if (!ap_regexec(hook_spec->uri_pattern, r->uri, 10, match, 0)) {
+ r->handler = apr_pstrdup(r->pool, "lua-map-handler");
+ return OK;
+ }
+ }
+ }
+ return DECLINED;
+}
static int lua_map_handler(request_rec *r)
{
@@ -2032,6 +2055,8 @@ static void lua_register_hooks(apr_pool_
APR_OPTIONAL_HOOK(ap_lua, lua_request, lua_request_hook, NULL, NULL,
APR_HOOK_REALLY_FIRST);
ap_hook_handler(lua_map_handler, NULL, NULL, AP_LUA_HOOK_FIRST);
+ /* Hook this right before FallbackResource kicks in */
+ ap_hook_fixups(lua_map_handler_fixups, NULL, NULL, AP_LUA_HOOK_LAST-2);
#if APR_HAS_THREADS
ap_hook_child_init(ap_lua_init_mutex, NULL, NULL, APR_HOOK_MIDDLE);
#endif