You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2004/03/08 18:40:39 UTC
cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c
jorton 2004/03/08 09:40:39
Modified: . Tag: APACHE_2_0_BRANCH CHANGES NWGNUmakefile STATUS
libhttpd.dsp
include Tag: APACHE_2_0_BRANCH http_connection.h
modules/ssl Tag: APACHE_2_0_BRANCH ssl_engine_io.c
server Tag: APACHE_2_0_BRANCH Makefile.in connection.c
core.c
Added: server Tag: APACHE_2_0_BRANCH eoc_bucket.c
Log:
Fix mod_ssl to issue SSL close_notify alerts before the connection is
closed by adding an EOC bucket type:
* include/http_connection.h: Declare eoc bucket interface.
* server/eoc_bucket.c: New file.
* server/Makefile.in, libhttpd.dsp: Build eoc_bucket.c.
* server/core.c (core_output_filter): Delete EOC bucket.
* server/connection.c (ap_flush_conn): Send an EOC bucket.
* modules/ssl/ssl_engine_io.c (ssl_io_filter_output): Shutdown
the SSL connection for an EOC bucket.
(bio_filter_out_write): Conditionally disable buffering.
PR: 27428
Submitted by: Madhusudan Mathihalli
Reviewed by: Madhusudan Mathihalli, Justin Erenkrantz, Joe Orton
(sneaking in fixes for libhttpd.dsp and NWGNUMakefile)
Revision Changes Path
No revision
No revision
1.988.2.249 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.248
retrieving revision 1.988.2.249
diff -w -d -u -r1.988.2.248 -r1.988.2.249
--- CHANGES 7 Mar 2004 22:03:15 -0000 1.988.2.248
+++ CHANGES 8 Mar 2004 17:40:33 -0000 1.988.2.249
@@ -1,5 +1,8 @@
Changes with Apache 2.0.49
+ *) mod_ssl: Send the Close Alert message to the peer before closing
+ the SSL session. PR 27428. [Madhusudan Mathihalli, Joe Orton]
+
*) SECURITY: CAN-2004-0113 (cve.mitre.org)
mod_ssl: Fix a memory leak in plain-HTTP-on-SSL-port handling.
PR 27106. [Joe Orton]
1.13.2.9 +1 -0 httpd-2.0/NWGNUmakefile
Index: NWGNUmakefile
===================================================================
RCS file: /home/cvs/httpd-2.0/NWGNUmakefile,v
retrieving revision 1.13.2.8
retrieving revision 1.13.2.9
diff -w -d -u -r1.13.2.8 -r1.13.2.9
--- NWGNUmakefile 21 Nov 2003 23:46:03 -0000 1.13.2.8
+++ NWGNUmakefile 8 Mar 2004 17:40:34 -0000 1.13.2.9
@@ -194,6 +194,7 @@
$(OBJDIR)/config.o \
$(OBJDIR)/connection.o \
$(OBJDIR)/core.o \
+ $(OBJDIR)/eoc_bucket.o \
$(OBJDIR)/error_bucket.o \
$(OBJDIR)/http_core.o \
$(OBJDIR)/http_protocol.o \
1.751.2.730 +1 -13 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.729
retrieving revision 1.751.2.730
diff -w -d -u -r1.751.2.729 -r1.751.2.730
--- STATUS 8 Mar 2004 16:40:42 -0000 1.751.2.729
+++ STATUS 8 Mar 2004 17:40:34 -0000 1.751.2.730
@@ -81,18 +81,6 @@
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/mpm/winnt/child.c?r1=1.29&r2=1.30
+1: stoddard, trawick, ake
- * mod_ssl: Send the Close Alert message to the peer before closing
- the SSL session.
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/include/http_connection.h?r1=1.59&r2=1.60
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.118&r2=1.119
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/Makefile.in?r1=1.91&r2=1.92
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/connection.c?r1=1.114&r2=1.116
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.261&r2=1.263
- http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/eoc_bucket.c (new file)
- PR: 27428
- +1: madhum, jerenkrantz, jorton
- (jorton: needs libhttpd.dsp change for Win32 too)
-
* mod_setenvif: remove support for remote_user variable which never
worked at all. PR 25725 (2.0 + 1.3)
modules/metadata/mod_setenvif.c: r1.50
1.51.2.10 +4 -0 httpd-2.0/libhttpd.dsp
Index: libhttpd.dsp
===================================================================
RCS file: /home/cvs/httpd-2.0/libhttpd.dsp,v
retrieving revision 1.51.2.9
retrieving revision 1.51.2.10
diff -w -d -u -r1.51.2.9 -r1.51.2.10
--- libhttpd.dsp 10 Oct 2003 16:08:47 -0000 1.51.2.9
+++ libhttpd.dsp 8 Mar 2004 17:40:34 -0000 1.51.2.10
@@ -401,6 +401,10 @@
# PROP Default_Filter ""
# Begin Source File
+SOURCE=.\server\eoc_bucket.c
+# End Source File
+# Begin Source File
+
SOURCE=.\server\error_bucket.c
# End Source File
# Begin Source File
No revision
No revision
1.54.2.5 +28 -0 httpd-2.0/include/http_connection.h
Index: http_connection.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/http_connection.h,v
retrieving revision 1.54.2.4
retrieving revision 1.54.2.5
diff -w -d -u -r1.54.2.4 -r1.54.2.5
--- http_connection.h 9 Feb 2004 20:54:34 -0000 1.54.2.4
+++ http_connection.h 8 Mar 2004 17:40:36 -0000 1.54.2.5
@@ -103,6 +103,34 @@
*/
AP_DECLARE_HOOK(int,process_connection,(conn_rec *c))
+/* End Of Connection (EOC) bucket */
+
+AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eoc;
+
+/**
+ * Determine if a bucket is an End Of Connection (EOC) bucket
+ * @param e The bucket to inspect
+ * @return true or false
+ */
+#define AP_BUCKET_IS_EOC(e) (e->type == &ap_bucket_type_eoc)
+
+/**
+ * Make the bucket passed in an End Of Connection (EOC) bucket
+ * @param b The bucket to make into an EOC bucket
+ * @return The new bucket, or NULL if allocation failed
+ * @deffunc apr_bucket *ap_bucket_eoc_make(apr_bucket *b)
+ */
+AP_DECLARE(apr_bucket *) ap_bucket_eoc_make(apr_bucket *b);
+
+/**
+ * Create a bucket referring to an End Of Connection (EOC). This indicates
+ * that the connection will be closed.
+ * @param list The freelist from which this bucket should be allocated
+ * @return The new bucket, or NULL if allocation failed
+ * @deffunc apr_bucket *ap_bucket_eoc_create(apr_bucket_alloc_t *list)
+ */
+AP_DECLARE(apr_bucket *) ap_bucket_eoc_create(apr_bucket_alloc_t *list);
+
#ifdef __cplusplus
}
#endif
No revision
No revision
1.100.2.13 +19 -1 httpd-2.0/modules/ssl/ssl_engine_io.c
Index: ssl_engine_io.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/ssl/ssl_engine_io.c,v
retrieving revision 1.100.2.12
retrieving revision 1.100.2.13
diff -w -d -u -r1.100.2.12 -r1.100.2.13
--- ssl_engine_io.c 7 Mar 2004 22:03:16 -0000 1.100.2.12
+++ ssl_engine_io.c 8 Mar 2004 17:40:36 -0000 1.100.2.13
@@ -100,6 +100,7 @@
BIO *pbioWrite;
ap_filter_t *pInputFilter;
ap_filter_t *pOutputFilter;
+ int nobuffer; /* non-zero to prevent buffering */
} ssl_filter_ctx_t;
typedef struct {
@@ -193,7 +194,8 @@
*/
BIO_clear_retry_flags(bio);
- if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer))) {
+ if (!outctx->length && (inl + outctx->blen < sizeof(outctx->buffer)) &&
+ !outctx->filter_ctx->nobuffer) {
/* the first two SSL_writes (of 1024 and 261 bytes)
* need to be in the same packet (vec[0].iov_base)
*/
@@ -1308,6 +1310,22 @@
*/
apr_bucket_delete(bucket);
}
+ }
+ else if (AP_BUCKET_IS_EOC(bucket)) {
+ /* The special "EOC" bucket means a shutdown is needed;
+ * - turn off buffering in bio_filter_out_write
+ * - issue the SSL_shutdown
+ */
+ filter_ctx->nobuffer = 1;
+ status = ssl_filter_io_shutdown(filter_ctx, f->c, 0);
+ if (status != APR_SUCCESS) {
+ ap_log_error(APLOG_MARK, APLOG_INFO, status, NULL,
+ "SSL filter error shutting down I/O");
+ }
+ if ((status = ap_pass_brigade(f->next, bb)) != APR_SUCCESS) {
+ return status;
+ }
+ break;
}
else {
/* filter output */
No revision
No revision
1.75.2.9 +2 -1 httpd-2.0/server/Makefile.in
Index: Makefile.in
===================================================================
RCS file: /home/cvs/httpd-2.0/server/Makefile.in,v
retrieving revision 1.75.2.8
retrieving revision 1.75.2.9
diff -w -d -u -r1.75.2.8 -r1.75.2.9
--- Makefile.in 12 Jan 2004 14:30:14 -0000 1.75.2.8
+++ Makefile.in 8 Mar 2004 17:40:37 -0000 1.75.2.9
@@ -14,7 +14,8 @@
rfc1413.c connection.c listen.c \
mpm_common.c util_charset.c util_debug.c util_xml.c \
util_filter.c exports.c buildmark.c \
- scoreboard.c error_bucket.c protocol.c core.c request.c provider.c
+ scoreboard.c error_bucket.c protocol.c core.c request.c provider.c \
+ eoc_bucket.c
TARGETS = delete-exports $(LTLIBRARY_NAME) $(CORE_IMPLIB_FILE) export_vars.h httpd.exp
1.106.2.7 +7 -0 httpd-2.0/server/connection.c
Index: connection.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/connection.c,v
retrieving revision 1.106.2.6
retrieving revision 1.106.2.7
diff -w -d -u -r1.106.2.6 -r1.106.2.7
--- connection.c 9 Feb 2004 20:59:45 -0000 1.106.2.6
+++ connection.c 8 Mar 2004 17:40:37 -0000 1.106.2.7
@@ -71,8 +71,15 @@
apr_bucket *b;
bb = apr_brigade_create(c->pool, c->bucket_alloc);
+
+ /* FLUSH bucket */
b = apr_bucket_flush_create(c->bucket_alloc);
APR_BRIGADE_INSERT_TAIL(bb, b);
+
+ /* End Of Connection bucket */
+ b = ap_bucket_eoc_create(c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, b);
+
ap_pass_brigade(c->output_filters, bb);
}
1.225.2.16 +4 -1 httpd-2.0/server/core.c
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.15
retrieving revision 1.225.2.16
diff -w -d -u -r1.225.2.15 -r1.225.2.16
--- core.c 26 Feb 2004 20:32:21 -0000 1.225.2.15
+++ core.c 8 Mar 2004 17:40:37 -0000 1.225.2.16
@@ -3857,7 +3857,10 @@
if (APR_BUCKET_IS_EOS(e)) {
break;
}
- if (APR_BUCKET_IS_FLUSH(e)) {
+ if (AP_BUCKET_IS_EOC(e)) {
+ apr_bucket_delete(e);
+ }
+ else if (APR_BUCKET_IS_FLUSH(e)) {
if (e != APR_BRIGADE_LAST(b)) {
more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
}
No revision
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.15
retrieving revision 1.225.2.16
diff -w -d -u -r1.225.2.15 -r1.225.2.16
--- core.c 26 Feb 2004 20:32:21 -0000 1.225.2.15
+++ core.c 8 Mar 2004 17:40:37 -0000 1.225.2.16
@@ -3857,7 +3857,10 @@
if (APR_BUCKET_IS_EOS(e)) {
break;
}
- if (APR_BUCKET_IS_FLUSH(e)) {
+ if (AP_BUCKET_IS_EOC(e)) {
+ apr_bucket_delete(e);
+ }
+ else if (APR_BUCKET_IS_FLUSH(e)) {
if (e != APR_BRIGADE_LAST(b)) {
more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
}
No revision
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.225.2.15
retrieving revision 1.225.2.16
diff -w -d -u -r1.225.2.15 -r1.225.2.16
--- core.c 26 Feb 2004 20:32:21 -0000 1.225.2.15
+++ core.c 8 Mar 2004 17:40:37 -0000 1.225.2.16
@@ -3857,7 +3857,10 @@
if (APR_BUCKET_IS_EOS(e)) {
break;
}
- if (APR_BUCKET_IS_FLUSH(e)) {
+ if (AP_BUCKET_IS_EOC(e)) {
+ apr_bucket_delete(e);
+ }
+ else if (APR_BUCKET_IS_FLUSH(e)) {
if (e != APR_BRIGADE_LAST(b)) {
more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
}
1.1.2.1 +0 -0 httpd-2.0/server/eoc_bucket.c
Index: eoc_bucket.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/eoc_bucket.c,v
retrieving revision 1.1
retrieving revision 1.1.2.1
diff -w -d -u -r1.1 -r1.1.2.1
Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c
core.c
Posted by Bill Stoddard <bi...@wstoddard.com>.
André Malo wrote:
> * Joe Orton <jo...@redhat.com> wrote:
>
>
>>On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote:
>>
>>>* jorton@apache.org wrote:
>>>
>>>
>>>> * include/http_connection.h: Declare eoc bucket interface.
>>>
>>>Shouldn't this be a minor MMN bump?
>>
>>I dunno, I don't really see the point in bumping the minor MMN more than
>>once between releases and it's already been bumped three times since
>>.48.
>>
>>In my mind an API is fixed in stone and supported only once it makes it
>>to a release tarball; anything in CVS is subject to change, removal etc.
>>So I'd say exactly one minor MMN bump is sufficient to differentiate the
>>new 2.0.49 API from the old 2.0.4[78] API. Maybe opinions differ...
>
>
> Hmm. Third party development doesn't only occur after a release. I find
> these bumps in addition to their compat function also very good as a
> documenting tool (so we should at least add a short description about the
> bucket thing to the last bump).
+1
Bill
Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c
Posted by Joe Orton <jo...@redhat.com>.
On Tue, Mar 09, 2004 at 07:38:48AM +0100, André Malo wrote:
> * Joe Orton <jo...@redhat.com> wrote:
>
> > On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote:
> > > * jorton@apache.org wrote:
> > >
> > > > * include/http_connection.h: Declare eoc bucket interface.
> > >
> > > Shouldn't this be a minor MMN bump?
> >
> > I dunno, I don't really see the point in bumping the minor MMN more than
> > once between releases and it's already been bumped three times since
> > .48.
> >
> > In my mind an API is fixed in stone and supported only once it makes it
> > to a release tarball; anything in CVS is subject to change, removal etc.
> > So I'd say exactly one minor MMN bump is sufficient to differentiate the
> > new 2.0.49 API from the old 2.0.4[78] API. Maybe opinions differ...
>
> Hmm. Third party development doesn't only occur after a release. I find
> these bumps in addition to their compat function also very good as a
> documenting tool (so we should at least add a short description about the
> bucket thing to the last bump).
No argument about docs...
> w.r.t. changes in CVS - we're in a stable branch. Nothing should be removed
> here after added (except Bugs ;-). If we start to work that way you
> described outside the development branch, then there's something
> really wrong.
Oh yes, I'm not trying to revise the backport policy :) Just making the
point that mistakes can happen: maybe someone commits the wrong file, a
backport merge gets typoed, a major issue comes up with a new API which
then needs to be reverted, etc.
That's why I'd say "it's in 2.0 CVS" should not necessarily imply "it's
a supported set-in-stone API" even though it probably (and hopefully)
always will.
joe
Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in
connection.c core.c
Posted by André Malo <nd...@perlig.de>.
* Joe Orton <jo...@redhat.com> wrote:
> On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote:
> > * jorton@apache.org wrote:
> >
> > > * include/http_connection.h: Declare eoc bucket interface.
> >
> > Shouldn't this be a minor MMN bump?
>
> I dunno, I don't really see the point in bumping the minor MMN more than
> once between releases and it's already been bumped three times since
> .48.
>
> In my mind an API is fixed in stone and supported only once it makes it
> to a release tarball; anything in CVS is subject to change, removal etc.
> So I'd say exactly one minor MMN bump is sufficient to differentiate the
> new 2.0.49 API from the old 2.0.4[78] API. Maybe opinions differ...
Hmm. Third party development doesn't only occur after a release. I find
these bumps in addition to their compat function also very good as a
documenting tool (so we should at least add a short description about the
bucket thing to the last bump).
w.r.t. changes in CVS - we're in a stable branch. Nothing should be removed
here after added (except Bugs ;-). If we start to work that way you
described outside the development branch, then there's something
really wrong.
IMHO, of course...
nd
Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in connection.c core.c
Posted by Joe Orton <jo...@redhat.com>.
On Mon, Mar 08, 2004 at 08:32:30PM +0100, André Malo wrote:
> * jorton@apache.org wrote:
>
> > * include/http_connection.h: Declare eoc bucket interface.
>
> Shouldn't this be a minor MMN bump?
I dunno, I don't really see the point in bumping the minor MMN more than
once between releases and it's already been bumped three times since
.48.
In my mind an API is fixed in stone and supported only once it makes it
to a release tarball; anything in CVS is subject to change, removal etc.
So I'd say exactly one minor MMN bump is sufficient to differentiate the
new 2.0.49 API from the old 2.0.4[78] API. Maybe opinions differ...
joe
Re: cvs commit: httpd-2.0/server eoc_bucket.c Makefile.in
connection.c core.c
Posted by André Malo <nd...@perlig.de>.
* jorton@apache.org wrote:
> * include/http_connection.h: Declare eoc bucket interface.
Shouldn't this be a minor MMN bump?
nd