You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by wr...@apache.org on 2016/08/23 15:44:12 UTC
svn commit: r1757391 - in /httpd/httpd/branches/2.2.x: ./ CHANGES STATUS
include/http_core.h server/protocol.c
Author: wrowe
Date: Tue Aug 23 15:44:12 2016
New Revision: 1757391
URL: http://svn.apache.org/viewvc?rev=1757391&view=rev
Log:
Two more closely backports from 2.4.x for proper ErrorDocument behavior
Modified:
httpd/httpd/branches/2.2.x/ (props changed)
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/include/http_core.h
httpd/httpd/branches/2.2.x/server/protocol.c
Propchange: httpd/httpd/branches/2.2.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Aug 23 15:44:12 2016
@@ -1,2 +1,2 @@
/httpd/httpd/branches/2.4.x:1555538,1555559,1648845,1649003,1681034,1682929,1682939,1707123,1722573,1726087
-/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1172732,1200040,1200372,1200374,1213380,1213391,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352912,1363183,1363186,1366344,1367778,136
8131,1368396,1369568,1395225,1398066,1400700,1407004,1407088,1407528,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1597352,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621419,1621453,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1679470,1680895,1680900,1680942,1681037,1682923,1682937,
1684513,1684900,1685345,1685347,1685349-1685350,1687539,1687680,1688274,1688331,1688339-1688340,1688343,1688536,1688538,1697013,1697015,1706989,1722572,1723567,1726086,1745767,1748448,1753228
+/httpd/httpd/trunk:290940,395552,417988,451572,501364,583817,583830,611483,630858,639005,639010,647395,657354,657459,660461,660566,664330,678761,680082,681190,682369,683626,685112,686805,686809,687099,687754,693120,693392,693727-693728,696006,697093,706318,707163,708902,711421,713575,719357,720250,729316-729317,729586,732414,732504,732816,732832,733127,733134,733218-733219,734710,743589,755190,756671,756675,756678,756683,757741,761329,763394,764239,768535,769809,771587,771610,776325,777042,777091,778438-778439,778531,778942,780648,780655,780692,780697,780699,785457,785661,790587,803704,819480,823536,823563,834378,835046,891282,892678,900022,932791,942209,952823,953311,955966,979120,981084,992625,1026743,1031551,1040304,1040373,1058192,1070096,1082189,1082196,1090645,1100511,1102124,1172732,1185385,1200040,1200372,1200374,1213380,1213391,1222335,1223048,1231446,1244211,1294306,1299738,1300171,1301111,1308862,1327036,1327080,1328133,1328325-1328326,1345319,1348656,1349905,1352911-1352
912,1363183,1363186,1366344,1367778,1368131,1368396,1369568,1392347,1395225,1398066,1400700,1407004,1407088,1407528,1408402,1410681,1413732,1414094,1416889,1418752,1422234,1422253,1435178,1447426,1470940,1475878,1476604,1476621,1476642,1476644-1476645,1477530,1484852,1485409,1485668,1490994,1493330,1496429,1500323,1504276,1506714,1509872,1509875,1514215,1524192,1524770,1526168,1526189,1527291,1527295,1527925,1528718,1529559,1529988,1529991,1531505,1532816,1551685,1551714,1552227,1553204,1554276,1554281,1555240,1555555,1556428,1563420,1572092,1572198,1572543,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572911,1572967,1573224,1573229,1575400,1585090,1586745,1587594,1587639,1588851,1590509,1597352,1603156,1604353,1610207,1610311,1610491,1610501,1611165,1611169,1620932,1621419,1621453,1635762,1643537,1643543,1648840,1649001,1649043,1650310,1650320,1652929,1653997,1657897,1658765,1663647,1664205,1665215,1665218,1665625,1665721,1666363,1674056,1675533,1676654,1677462,1679182,1
679470,1680895,1680900,1680942,1681037,1682923,1682937,1684513,1684900,1685345,1685347,1685349-1685350,1687539,1687680,1688274,1688331,1688339-1688340,1688343,1688536,1688538,1697013,1697015,1706989,1722572,1723567,1726086,1745767,1748448,1753228
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1757391&r1=1757390&r2=1757391&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Aug 23 15:44:12 2016
@@ -4,6 +4,18 @@ Changes with Apache 2.2.32
*) core: CVE-2016-5387: Mitigate [f]cgi "httpoxy" issues.
[Dominic Scheirlinck <dominic vendhq.com>, Yann Ylavic]
+ *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
+ PR 57167 [Edward Lu <Chaosed0 gmail.com>]
+
+ *) core: ErrorDocument now works for requests without a Host header.
+ PR 48357. [Jeff Trawick]
+
+ *) core: Enforce LimitRequestFieldSize after multiple headers with the same
+ name have been merged. [Stefan Fritsch]
+
+ *) core: reject NULLs in request line or request headers.
+ PR 43039 [Nick Kew]
+
*) mod_ssl: Fix a possible memory leak on restart for custom [EC]DH params.
[Jan Kaluza, Yann Ylavic]
@@ -3371,3 +3383,9 @@ Changes with Apache 2.0.x and later:
*) http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=markup
+ *) core: Support custom ErrorDocuments for HTTP 501 and 414 status codes.
+ PR 57167 [Edward Lu <Chaosed0 gmail.com>]
+
+ *) core: ErrorDocument now works for requests without a Host header.
+ PR 48357. [Jeff Trawick]
+
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1757391&r1=1757390&r2=1757391&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue Aug 23 15:44:12 2016
@@ -193,6 +193,16 @@ PATCHES PROPOSED TO BACKPORT FROM TRUNK:
https://raw.githubusercontent.com/wrowe/patches/master/backport-2.2.x-r951900-r1178566-r1185385-r1188745-r1352911-r1433613.patch
+1: wrowe
+ *) core: ErrorDocument now works for requests without a Host header.
+ Support custom ErrorDocuments for HTTP 501 and 414 status codes.
+ PR: 48357, 57167
+ Submitted by: trawick, [Edward Lu <Chaosed0 gmail.com>]
+ http://svn.apache.org/r1392347
+ http://svn.apache.org/r1635762
+ Backport:
+ https://raw.githubusercontent.com/wrowe/patches/master/backport-2.2.x-r1392347-r1635762.patch
+ +1: wrowe
+
PATCHES/ISSUES THAT ARE STALLED
Modified: httpd/httpd/branches/2.2.x/include/http_core.h
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/include/http_core.h?rev=1757391&r1=1757390&r2=1757391&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/include/http_core.h (original)
+++ httpd/httpd/branches/2.2.x/include/http_core.h Tue Aug 23 15:44:12 2016
@@ -627,6 +627,11 @@ typedef struct {
#define AP_MERGE_TRAILERS_DISABLE 2
int merge_trailers;
+#define AP_HTTP09_UNSET 0
+#define AP_HTTP09_ENABLE 1
+#define AP_HTTP09_DISABLE 2
+ char http09_enable;
+
} core_server_config;
/* for AddOutputFiltersByType in core.c */
Modified: httpd/httpd/branches/2.2.x/server/protocol.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/protocol.c?rev=1757391&r1=1757390&r2=1757391&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/protocol.c (original)
+++ httpd/httpd/branches/2.2.x/server/protocol.c Tue Aug 23 15:44:12 2016
@@ -433,8 +433,13 @@ AP_DECLARE(apr_status_t) ap_rgetline_cor
}
}
}
-
*read = bytes_handled;
+
+ /* PR#43039: We shouldn't accept NULL bytes within the line */
+ if (strlen(*s) < bytes_handled - 1) {
+ return APR_EINVAL;
+ }
+
return APR_SUCCESS;
}
@@ -597,18 +602,27 @@ static int read_request_line(request_rec
* buffer before finding the end-of-line. This is only going to
* happen if it exceeds the configured limit for a request-line.
*/
- if (rv == APR_ENOSPC) {
+ if (APR_STATUS_IS_ENOSPC(rv)) {
r->status = HTTP_REQUEST_URI_TOO_LARGE;
}
else if (APR_STATUS_IS_TIMEUP(rv)) {
r->status = HTTP_REQUEST_TIME_OUT;
}
+ else if (APR_STATUS_IS_EINVAL(rv)) {
+ r->status = HTTP_BAD_REQUEST;
+ }
r->proto_num = HTTP_VERSION(1,0);
r->protocol = apr_pstrdup(r->pool, "HTTP/1.0");
return 0;
}
} while ((len <= 0) && (++num_blank_lines < max_blank_lines));
+#ifdef AP_DEBUG_THE_REQUEST
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ "Request received from client: %s",
+ ap_escape_logitem(r->pool, r->the_request));
+#endif
+
r->request_time = apr_time_now();
ll = r->the_request;
r->method = ap_getword_white(r->pool, &ll);
@@ -652,6 +666,25 @@ static int read_request_line(request_rec
return 1;
}
+static int table_do_fn_check_lengths(void *r_, const char *key,
+ const char *value)
+{
+ request_rec *r = r_;
+ if (value == NULL || r->server->limit_req_fieldsize >= strlen(value) )
+ return 1;
+
+ r->status = HTTP_BAD_REQUEST;
+ apr_table_setn(r->notes, "error-notes",
+ apr_pstrcat(r->pool, "Size of a request header field "
+ "after merging exceeds server limit.<br />"
+ "\n<pre>\n",
+ ap_escape_html(r->pool, key),
+ "</pre>\n", NULL));
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, "Request header exceeds "
+ "LimitRequestFieldSize after merging: %s", key);
+ return 0;
+}
+
/* get the length of the field name for logging, but no more than 80 bytes */
#define LOG_NAME_MAX_LEN 80
static int field_name_len(const char *field)
@@ -699,19 +732,29 @@ AP_DECLARE(void) ap_get_mime_headers_cor
* finding the end-of-line. This is only going to happen if it
* exceeds the configured limit for a field size.
*/
- if (rv == APR_ENOSPC && field) {
- /* ensure ap_escape_html will terminate correctly */
- field[len - 1] = '\0';
+ if (rv == APR_ENOSPC) {
+ const char *field_escaped;
+ if (field && len) {
+ /* ensure ap_escape_html will terminate correctly */
+ field[len - 1] = '\0';
+ field_escaped = ap_escape_html(r->pool, field);
+ }
+ else {
+ field_escaped = field = "";
+ }
+
apr_table_setn(r->notes, "error-notes",
apr_psprintf(r->pool,
"Size of a request header field "
"exceeds server limit.<br />\n"
- "<pre>\n%.*s\n</pre>/n",
- field_name_len(field),
- ap_escape_html(r->pool, field)));
+ "<pre>\n%.*s\n</pre>\n",
+ field_name_len(field_escaped),
+ field_escaped));
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
- "Request header exceeds LimitRequestFieldSize: "
- "%.*s", field_name_len(field), field);
+ "Request header exceeds LimitRequestFieldSize%s"
+ "%.*s",
+ *field ? ": " : "",
+ field_name_len(field), field);
}
return;
}
@@ -727,18 +770,21 @@ AP_DECLARE(void) ap_get_mime_headers_cor
apr_size_t fold_len = last_len + len + 1; /* trailing null */
if (fold_len >= (apr_size_t)(r->server->limit_req_fieldsize)) {
+ const char *field_escaped;
+
r->status = HTTP_BAD_REQUEST;
/* report what we have accumulated so far before the
* overflow (last_field) as the field with the problem
*/
+ field_escaped = ap_escape_html(r->pool, last_field);
apr_table_setn(r->notes, "error-notes",
apr_psprintf(r->pool,
"Size of a request header field "
"after folding "
"exceeds server limit.<br />\n"
"<pre>\n%.*s\n</pre>\n",
- field_name_len(last_field),
- ap_escape_html(r->pool, last_field)));
+ field_name_len(field_escaped),
+ field_escaped));
ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Request header exceeds LimitRequestFieldSize "
"after folding: %.*s",
@@ -768,6 +814,9 @@ AP_DECLARE(void) ap_get_mime_headers_cor
apr_table_setn(r->notes, "error-notes",
"The number of request header fields "
"exceeds this server's limit.");
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+ "Number of request headers exceeds "
+ "LimitRequestFields");
return;
}
@@ -781,7 +830,7 @@ AP_DECLARE(void) ap_get_mime_headers_cor
(int)LOG_NAME_MAX_LEN,
ap_escape_html(r->pool,
last_field)));
- ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"Request header field is missing ':' "
"separator: %.*s", (int)LOG_NAME_MAX_LEN,
last_field);
@@ -841,6 +890,9 @@ AP_DECLARE(void) ap_get_mime_headers_cor
* field-name, following RFC 2616, 4.2.
*/
apr_table_compress(r->headers_in, APR_OVERLAP_TABLES_MERGE);
+
+ /* enforce LimitRequestFieldSize for merged headers */
+ apr_table_do(table_do_fn_check_lengths, r, r->headers_in, NULL);
}
AP_DECLARE(void) ap_get_mime_headers(request_rec *r)
@@ -856,7 +908,7 @@ request_rec *ap_read_request(conn_rec *c
request_rec *r;
apr_pool_t *p;
const char *expect;
- int access_status;
+ int access_status = HTTP_OK;
apr_bucket_brigade *tmp_bb;
apr_socket_t *csd;
apr_interval_time_t cur_timeout;
@@ -908,12 +960,23 @@ request_rec *ap_read_request(conn_rec *c
/* Get the request... */
if (!read_request_line(r, tmp_bb)) {
- if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "request failed: URI too long (longer than %d)", r->server->limit_req_line);
- ap_send_error_response(r, 0);
+ if (r->status == HTTP_REQUEST_URI_TOO_LARGE
+ || r->status == HTTP_BAD_REQUEST) {
+ if (r->status == HTTP_REQUEST_URI_TOO_LARGE) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+ "request failed: client's request-line exceeds LimitRequestLine (longer than %d)",
+ r->server->limit_req_line);
+ }
+ else if (r->method == NULL) {
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+ "request failed: invalid characters in URI");
+ }
+ access_status = r->status;
+ r->status = HTTP_OK;
+ ap_die(access_status, r);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
+ r = NULL;
apr_brigade_destroy(tmp_bb);
return r;
}
@@ -946,7 +1009,7 @@ request_rec *ap_read_request(conn_rec *c
ap_get_mime_headers_core(r, tmp_bb);
if (r->status != HTTP_OK) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"request failed: error reading the headers");
ap_send_error_response(r, 0);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
@@ -993,7 +1056,7 @@ request_rec *ap_read_request(conn_rec *c
* headers! Have to dink things just to make sure the error message
* comes through...
*/
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"client sent invalid HTTP/0.9 request: HEAD %s",
r->uri);
r->header_only = 0;
@@ -1034,8 +1097,8 @@ request_rec *ap_read_request(conn_rec *c
* HTTP/1.1 mentions twice (S9, S14.23) that a request MUST contain
* a Host: header, and the server MUST respond with 400 if it doesn't.
*/
- r->status = HTTP_BAD_REQUEST;
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ access_status = HTTP_BAD_REQUEST;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"client sent HTTP/1.1 request without hostname "
"(see RFC2616 section 14.23): %s", r->uri);
}
@@ -1050,14 +1113,8 @@ request_rec *ap_read_request(conn_rec *c
ap_add_input_filter_handle(ap_http_input_filter_handle,
NULL, r, r->connection);
- if (r->status != HTTP_OK) {
- ap_send_error_response(r, 0);
- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
- ap_run_log_transaction(r);
- return r;
- }
-
- if ((access_status = ap_run_post_read_request(r))) {
+ if (access_status != HTTP_OK
+ || (access_status = ap_run_post_read_request(r))) {
ap_die(access_status, r);
ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
ap_run_log_transaction(r);
@@ -1257,7 +1314,7 @@ AP_DECLARE(int) ap_get_basic_auth_pw(req
if (strcasecmp(ap_getword(r->pool, &auth_line, ' '), "Basic")) {
/* Client tried to authenticate using wrong auth scheme */
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
"client used wrong authentication scheme: %s", r->uri);
ap_note_basic_auth_failure(r);
return HTTP_UNAUTHORIZED;