You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rb...@apache.org on 2001/08/27 08:00:51 UTC
cvs commit: httpd-2.0/server util_filter.c
rbb 01/08/26 23:00:51
Modified: . CHANGES
include util_filter.h
modules/ssl mod_ssl.c ssl_engine_io.c
server util_filter.c
Log:
Allow mod_ssl to send back an error message if an HTTP request is sent
over an HTTPS connection. This also adds an ap_remove_input_filter
function, which should be used to remove the SSL input filter in this
case, as soon as this code is stressed a bit more.
For right now, we are sending the same message that we used to send in
mod_ssl for Apache 1.3.
Revision Changes Path
1.333 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.332
retrieving revision 1.333
diff -u -r1.332 -r1.333
--- CHANGES 2001/08/27 04:29:09 1.332
+++ CHANGES 2001/08/27 06:00:51 1.333
@@ -1,5 +1,8 @@
Changes with Apache 2.0.25-dev
+ *) Add a function ap_remove_input_filter. This is to match
+ up with ap_remove_output_filter. [Ryan Bloom]
+
*) Clean up location_walk, so that this step performs a minimum
amount of redundant effort (it must be run twice, but it will no
longer reparse all <Location > blocks when the request uri
1.58 +8 -0 httpd-2.0/include/util_filter.h
Index: util_filter.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/util_filter.h,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- util_filter.h 2001/08/07 16:19:02 1.57
+++ util_filter.h 2001/08/27 06:00:51 1.58
@@ -351,6 +351,14 @@
request_rec *r, conn_rec *c);
/**
+ * Remove an input filter from either the request or connection stack
+ * it is associated with.
+ * @param f The filter to remove
+ */
+
+AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f);
+
+/**
* Remove an output filter from either the request or connection stack
* it is associated with.
* @param f The filter to remove
1.29 +28 -25 httpd-2.0/modules/ssl/mod_ssl.c
Index: mod_ssl.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/mod_ssl.c,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- mod_ssl.c 2001/08/24 18:06:47 1.28
+++ mod_ssl.c 2001/08/27 06:00:51 1.29
@@ -73,6 +73,8 @@
AP_INIT_##args("SSL"#name, ssl_cmd_SSL##name, NULL, OR_##type, desc),
#define AP_END_CMD { NULL }
+#define HTTP_ON_HTTPS_PORT "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n"
+
static const command_rec ssl_config_cmds[] = {
/*
@@ -374,36 +376,36 @@
* instead provide a faked one in order to continue the internal
* Apache processing.
*
- */
-
-#if 0 /* XXX */
- /*
- * Still need to be ported to Apache 2.0 style
*/
- char ca[2];
- int rv;
-
+ apr_bucket *e;
+ const char *str;
+ apr_size_t len;
/* log the situation */
ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
- /* first: skip the remaining bytes of the request line */
- do {
- do {
- rv = read(fb->fd, ca, 1);
- } while (rv == -1 && errno == EINTR);
- } while (rv > 0 && ca[0] != '\012' /*LF*/);
-
- /* second: fake the request line */
- fb->inbase = ap_palloc(fb->pool, fb->bufsiz);
- ap_cpystrn((char *)fb->inbase, "GET /mod_ssl:error:HTTP-request HTTP/1.0\r\n",
- fb->bufsiz);
- fb->inptr = fb->inbase;
- fb->incnt = strlen((char *)fb->inptr);
-#else
- ssl_log(c->base_server, SSL_LOG_ERROR|SSL_ADD_SSLERR,
- "SSL handshake failed: HTTP spoken on HTTPS port");
-#endif
+
+ /* fake the request line */
+ e = apr_bucket_immortal_create(HTTP_ON_HTTPS_PORT,
+ strlen(HTTP_ON_HTTPS_PORT));
+ APR_BRIGADE_INSERT_HEAD(pRec->pbbPendingInput, e);
+
+ APR_BRIGADE_FOREACH(e, pRec->pbbInput) {
+ apr_bucket_read(e, &str, &len, APR_BLOCK_READ);
+ if (len) {
+ APR_BUCKET_REMOVE(e);
+ APR_BRIGADE_INSERT_TAIL(pRec->pbbPendingInput, e);
+ if ((strcmp(str, "\r\n") == 0) ||
+ (ap_strstr_c(str, "\r\n\r\n"))) {
+ break;
+ }
+ }
+ }
+ e = APR_BRIGADE_LAST(pRec->pbbInput);
+ APR_BUCKET_REMOVE(e);
+
+ ap_remove_output_filter(pRec->pOutputFilter);
+ return HTTP_BAD_REQUEST;
}
else if (ssl_util_getmodconfig_ssl(pRec->pssl, "ssl::handshake::timeout")
== (void *)TRUE) {
@@ -536,6 +538,7 @@
ap_hook_fixups (ssl_hook_Fixup, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_access_checker(ssl_hook_Access, NULL,NULL, APR_HOOK_MIDDLE);
ap_hook_auth_checker (ssl_hook_Auth, NULL,NULL, APR_HOOK_MIDDLE);
+ ap_hook_post_read_request(ssl_hook_ReadReq, NULL,NULL, APR_HOOK_MIDDLE);
ssl_var_register();
}
1.35 +3 -0 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -r1.34 -r1.35
--- ssl_engine_io.c 2001/08/24 18:06:47 1.34
+++ ssl_engine_io.c 2001/08/27 06:00:51 1.35
@@ -283,6 +283,9 @@
/* if this is the case, ssl connection has been shutdown
* and pRec->pssl has been freed
*/
+ if (ret == HTTP_BAD_REQUEST) {
+ return APR_SUCCESS;
+ }
return ret;
}
1.63 +20 -11 httpd-2.0/server/util_filter.c
Index: util_filter.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/util_filter.c,v
retrieving revision 1.62
retrieving revision 1.63
diff -u -r1.62 -r1.63
--- util_filter.c 2001/08/07 16:19:03 1.62
+++ util_filter.c 2001/08/27 06:00:51 1.63
@@ -176,13 +176,12 @@
r ? &r->output_filters : NULL, &c->output_filters);
}
-AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f)
+static void remove_any_filter(ap_filter_t *f, ap_filter_t **r_filt,
+ ap_filter_t **c_filt)
{
- ap_filter_t *curr;
-
- curr = f->r ? f->r->output_filters : f->c->output_filters;
+ ap_filter_t **curr = r_filt ? r_filt : c_filt;
- if (curr == f) {
+ if ((*curr) == f) {
if (f->r) {
f->r->output_filters = f->r->output_filters->next;
}
@@ -192,13 +191,23 @@
return;
}
- while (curr->next != f) {
- curr = curr->next;
- if (curr == NULL) {
- return;
- }
+ while ((*curr) && (*curr)->next != f) {
+ (*curr) = (*curr)->next;
+ }
+ if ((*curr) == NULL) {
+ return;
}
- curr->next = f->next;
+ (*curr)->next = f->next;
+}
+
+AP_DECLARE(void) ap_remove_input_filter(ap_filter_t *f)
+{
+ return remove_any_filter(f, f->r ? &f->r->input_filters : NULL, &f->c->input_filters);
+}
+
+AP_DECLARE(void) ap_remove_output_filter(ap_filter_t *f)
+{
+ return remove_any_filter(f, f->r ? &f->r->output_filters : NULL, &f->c->output_filters);
}
/*
Re: cvs commit: httpd-2.0/server util_filter.c
Posted by Jeff Trawick <tr...@attglobal.net>.
Sebastian Bergmann <sb...@sebastian-bergmann.de> writes:
> rbb@apache.org wrote:
> > rbb 01/08/26 23:00:51
> >
> > Modified: . CHANGES
> > include util_filter.h
> > modules/ssl mod_ssl.c ssl_engine_io.c
> > server util_filter.c
>
> util_filter.c
> httpd-2.0\server\util_filter.c(205) :
> warning C4098: 'ap_remove_input_filter' :
> 'void' function returns a value
> httpd-2.0\server\util_filter.c(210) :
> warning C4098: 'ap_remove_output_filter' :
> 'void' function returns a value
fixed
(it was sort of cute though; I thought I had seen it all)
--
Jeff Trawick | trawick@attglobal.net | PGP public key at web site:
http://www.geocities.com/SiliconValley/Park/9289/
Born in Roswell... married an alien...
Re: cvs commit: httpd-2.0/server util_filter.c
Posted by Sebastian Bergmann <sb...@sebastian-bergmann.de>.
rbb@apache.org wrote:
> rbb 01/08/26 23:00:51
>
> Modified: . CHANGES
> include util_filter.h
> modules/ssl mod_ssl.c ssl_engine_io.c
> server util_filter.c
util_filter.c
httpd-2.0\server\util_filter.c(205) :
warning C4098: 'ap_remove_input_filter' :
'void' function returns a value
httpd-2.0\server\util_filter.c(210) :
warning C4098: 'ap_remove_output_filter' :
'void' function returns a value
--
Sebastian Bergmann Measure Traffic & Usability
http://sebastian-bergmann.de/ http://phpOpenTracker.de/