You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/11/26 09:36:28 UTC
svn commit: r1870454 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c
modules/slotmem/mod_slotmem_shm.c
Author: icing
Date: Tue Nov 26 09:36:28 2019
New Revision: 1870454
URL: http://svn.apache.org/viewvc?rev=1870454&view=rev
Log:
*) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
always `on`, irregardless of configuration. Found and reported by
<Ar...@united-security-providers.ch> and
<Ma...@united-security-providers.ch>. [Stefan Eissing]
*) mod_http2: Multiple field length violations in the same request no longer cause
several log entries to be written. [@mkauf]
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/http2/h2_config.c
httpd/httpd/trunk/modules/http2/h2_h2.c
httpd/httpd/trunk/modules/http2/h2_stream.c
httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1870454&r1=1870453&r2=1870454&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Nov 26 09:36:28 2019
@@ -1,6 +1,15 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
+ ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
+ always `on`, irregardless of configuration. Found and reported by
+ <Ar...@united-security-providers.ch> and
+ <Ma...@united-security-providers.ch>. [Stefan Eissing]
+
+ *) mod_http2: Multiple field length violations in the same request no longer cause
+ several log entries to be written. [@mkauf]
+
*) mod_md: v2.2.4 from github, Fixes a compile time issue with OpenSSL 1.0.2 in
the new OCSP code. Skips port checks for domain server_rec selection when "tls-alpn-01"
is configured explicitly (related to #133). [@mkauf, Stefan Eissing]
Modified: httpd/httpd/trunk/modules/http2/h2_config.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_config.c?rev=1870454&r1=1870453&r2=1870454&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_config.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_config.c Tue Nov 26 09:36:28 2019
@@ -269,8 +269,7 @@ static apr_int64_t h2_srv_config_geti64(
case H2_CONF_UPGRADE:
return H2_CONFIG_GET(conf, &defconf, h2_upgrade);
case H2_CONF_DIRECT:
- return 1;
- /*return H2_CONFIG_GET(conf, &defconf, h2_direct);*/
+ return H2_CONFIG_GET(conf, &defconf, h2_direct);
case H2_CONF_TLS_WARMUP_SIZE:
return H2_CONFIG_GET(conf, &defconf, tls_warmup_size);
case H2_CONF_TLS_COOLDOWN_SECS:
Modified: httpd/httpd/trunk/modules/http2/h2_h2.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_h2.c?rev=1870454&r1=1870453&r2=1870454&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_h2.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_h2.c Tue Nov 26 09:36:28 2019
@@ -542,7 +542,7 @@ int h2_allows_h2_upgrade(request_rec *r)
* Register various hooks
*/
static const char* const mod_ssl[] = { "mod_ssl.c", NULL};
-static const char* const mod_reqtimeout[] = { "mod_reqtimeout.c", NULL};
+static const char* const mod_reqtimeout[] = { "mod_ssl.c", "mod_reqtimeout.c", NULL};
void h2_h2_register_hooks(void)
{
@@ -553,7 +553,7 @@ void h2_h2_register_hooks(void)
* a chance to take over before it.
*/
ap_hook_process_connection(h2_h2_process_conn,
- mod_ssl, mod_reqtimeout, APR_HOOK_LAST);
+ mod_reqtimeout, NULL, APR_HOOK_LAST);
/* One last chance to properly say goodbye if we have not done so
* already. */
Modified: httpd/httpd/trunk/modules/http2/h2_stream.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_stream.c?rev=1870454&r1=1870453&r2=1870454&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/http2/h2_stream.c (original)
+++ httpd/httpd/trunk/modules/http2/h2_stream.c Tue Nov 26 09:36:28 2019
@@ -696,19 +696,23 @@ apr_status_t h2_stream_add_header(h2_str
if (name[0] == ':') {
if ((vlen) > session->s->limit_req_line) {
/* pseudo header: approximation of request line size check */
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
- H2_STRM_LOG(APLOGNO(10178), stream,
- "Request pseudo header exceeds "
- "LimitRequestFieldSize: %s"), name);
+ if (!h2_stream_is_ready(stream)) {
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+ H2_STRM_LOG(APLOGNO(10178), stream,
+ "Request pseudo header exceeds "
+ "LimitRequestFieldSize: %s"), name);
+ }
error = HTTP_REQUEST_URI_TOO_LARGE;
}
}
else if ((nlen + 2 + vlen) > session->s->limit_req_fieldsize) {
/* header too long */
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
- H2_STRM_LOG(APLOGNO(10180), stream,"Request header exceeds "
- "LimitRequestFieldSize: %.*s"),
- (int)H2MIN(nlen, 80), name);
+ if (!h2_stream_is_ready(stream)) {
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+ H2_STRM_LOG(APLOGNO(10180), stream,"Request header exceeds "
+ "LimitRequestFieldSize: %.*s"),
+ (int)H2MIN(nlen, 80), name);
+ }
error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
}
@@ -720,9 +724,11 @@ apr_status_t h2_stream_add_header(h2_str
h2_stream_rst(stream, H2_ERR_ENHANCE_YOUR_CALM);
return APR_ECONNRESET;
}
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
- H2_STRM_LOG(APLOGNO(10181), stream, "Number of request headers "
- "exceeds LimitRequestFields"));
+ if (!h2_stream_is_ready(stream)) {
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, session->c,
+ H2_STRM_LOG(APLOGNO(10181), stream, "Number of request headers "
+ "exceeds LimitRequestFields"));
+ }
error = HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE;
}
@@ -782,10 +788,12 @@ apr_status_t h2_stream_end_headers(h2_st
ctx.failed_key = NULL;
apr_table_do(table_check_val_len, &ctx, stream->request->headers, NULL);
if (ctx.failed_key) {
- ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, stream->session->c,
- H2_STRM_LOG(APLOGNO(10190), stream,"Request header exceeds "
- "LimitRequestFieldSize: %.*s"),
- (int)H2MIN(strlen(ctx.failed_key), 80), ctx.failed_key);
+ if (!h2_stream_is_ready(stream)) {
+ ap_log_cerror(APLOG_MARK, APLOG_INFO, 0, stream->session->c,
+ H2_STRM_LOG(APLOGNO(), stream,"Request header exceeds "
+ "LimitRequestFieldSize: %.*s"),
+ (int)H2MIN(strlen(ctx.failed_key), 80), ctx.failed_key);
+ }
set_error_response(stream, HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
/* keep on returning APR_SUCCESS, so that we send a HTTP response and
* do not RST the stream. */
Modified: httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c?rev=1870454&r1=1870453&r2=1870454&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c (original)
+++ httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c Tue Nov 26 09:36:28 2019
@@ -21,6 +21,7 @@
* otherwise.
*/
+#include <assert.h>
#include "ap_slotmem.h"
#include "httpd.h"
@@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
else {
apr_shm_remove(fname, pool);
rv = apr_shm_create(&shm, size, fname, gpool);
+ assert(rv == APR_SUCCESS);
}
}
else {
Re: svn commit: r1870454 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c
modules/slotmem/mod_slotmem_shm.c
Posted by Ruediger Pluem <rp...@apache.org>.
Looks good.
Regards
Rüdiger
On 11/27/2019 12:23 PM, Stefan Eissing wrote:
> Hope it is reverted properly with r1870499 - in meetings today, ;-(
>
> Stefan Eissing
>
> <green/>bytes GmbH
> Hafenweg 16
> 48155 Münster
> www.greenbytes.de
>
>> Am 27.11.2019 um 09:24 schrieb Stefan Eissing <st...@greenbytes.de>:
>>
>>> Am 27.11.2019 um 08:16 schrieb Ruediger Pluem <rp...@apache.org>:
>>>
>>>
>>>
>>> On 11/26/2019 10:36 AM, icing@apache.org wrote:
>>>> Author: icing
>>>> Date: Tue Nov 26 09:36:28 2019
>>>> New Revision: 1870454
>>>>
>>>> URL: http://svn.apache.org/viewvc?rev=1870454&view=rev
>>>> Log:
>>>> *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
>>>> ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
>>>> always `on`, irregardless of configuration. Found and reported by
>>>> <Ar...@united-security-providers.ch> and
>>>> <Ma...@united-security-providers.ch>. [Stefan Eissing]
>>>>
>>>> *) mod_http2: Multiple field length violations in the same request no longer cause
>>>> several log entries to be written. [@mkauf]
>>>>
>>>>
>>>> Modified:
>>>> httpd/httpd/trunk/CHANGES
>>>> httpd/httpd/trunk/modules/http2/h2_config.c
>>>> httpd/httpd/trunk/modules/http2/h2_h2.c
>>>> httpd/httpd/trunk/modules/http2/h2_stream.c
>>>> httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>>>>
>>>
>>>> Modified: httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>>>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c?rev=1870454&r1=1870453&r2=1870454&view=diff
>>>> ==============================================================================
>>>> --- httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c (original)
>>>> +++ httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c Tue Nov 26 09:36:28 2019
>>>> @@ -21,6 +21,7 @@
>>>> * otherwise.
>>>> */
>>>>
>>>> +#include <assert.h>
>>>> #include "ap_slotmem.h"
>>>>
>>>> #include "httpd.h"
>>>> @@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
>>>> else {
>>>> apr_shm_remove(fname, pool);
>>>> rv = apr_shm_create(&shm, size, fname, gpool);
>>>> + assert(rv == APR_SUCCESS);
>>>> }
>>>> }
>>>> else {
>>>>
>>>
>>> How is the above related to the change? Or was this an accidental commit?
>>
>> Oops. Was debugging MacOS Catalina's default 8 shared segmemts limit...
>>
>>
>
>
Re: svn commit: r1870454 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c
modules/slotmem/mod_slotmem_shm.c
Posted by Stefan Eissing <st...@greenbytes.de>.
Hope it is reverted properly with r1870499 - in meetings today, ;-(
Stefan Eissing
<green/>bytes GmbH
Hafenweg 16
48155 Münster
www.greenbytes.de
> Am 27.11.2019 um 09:24 schrieb Stefan Eissing <st...@greenbytes.de>:
>
>> Am 27.11.2019 um 08:16 schrieb Ruediger Pluem <rp...@apache.org>:
>>
>>
>>
>> On 11/26/2019 10:36 AM, icing@apache.org wrote:
>>> Author: icing
>>> Date: Tue Nov 26 09:36:28 2019
>>> New Revision: 1870454
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1870454&view=rev
>>> Log:
>>> *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
>>> ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
>>> always `on`, irregardless of configuration. Found and reported by
>>> <Ar...@united-security-providers.ch> and
>>> <Ma...@united-security-providers.ch>. [Stefan Eissing]
>>>
>>> *) mod_http2: Multiple field length violations in the same request no longer cause
>>> several log entries to be written. [@mkauf]
>>>
>>>
>>> Modified:
>>> httpd/httpd/trunk/CHANGES
>>> httpd/httpd/trunk/modules/http2/h2_config.c
>>> httpd/httpd/trunk/modules/http2/h2_h2.c
>>> httpd/httpd/trunk/modules/http2/h2_stream.c
>>> httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>>>
>>
>>> Modified: httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c?rev=1870454&r1=1870453&r2=1870454&view=diff
>>> ==============================================================================
>>> --- httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c (original)
>>> +++ httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c Tue Nov 26 09:36:28 2019
>>> @@ -21,6 +21,7 @@
>>> * otherwise.
>>> */
>>>
>>> +#include <assert.h>
>>> #include "ap_slotmem.h"
>>>
>>> #include "httpd.h"
>>> @@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
>>> else {
>>> apr_shm_remove(fname, pool);
>>> rv = apr_shm_create(&shm, size, fname, gpool);
>>> + assert(rv == APR_SUCCESS);
>>> }
>>> }
>>> else {
>>>
>>
>> How is the above related to the change? Or was this an accidental commit?
>
> Oops. Was debugging MacOS Catalina's default 8 shared segmemts limit...
>
>
Re: svn commit: r1870454 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c
modules/slotmem/mod_slotmem_shm.c
Posted by Stefan Eissing <st...@greenbytes.de>.
> Am 27.11.2019 um 08:16 schrieb Ruediger Pluem <rp...@apache.org>:
>
>
>
> On 11/26/2019 10:36 AM, icing@apache.org wrote:
>> Author: icing
>> Date: Tue Nov 26 09:36:28 2019
>> New Revision: 1870454
>>
>> URL: http://svn.apache.org/viewvc?rev=1870454&view=rev
>> Log:
>> *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
>> ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
>> always `on`, irregardless of configuration. Found and reported by
>> <Ar...@united-security-providers.ch> and
>> <Ma...@united-security-providers.ch>. [Stefan Eissing]
>>
>> *) mod_http2: Multiple field length violations in the same request no longer cause
>> several log entries to be written. [@mkauf]
>>
>>
>> Modified:
>> httpd/httpd/trunk/CHANGES
>> httpd/httpd/trunk/modules/http2/h2_config.c
>> httpd/httpd/trunk/modules/http2/h2_h2.c
>> httpd/httpd/trunk/modules/http2/h2_stream.c
>> httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>>
>
>> Modified: httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c?rev=1870454&r1=1870453&r2=1870454&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c (original)
>> +++ httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c Tue Nov 26 09:36:28 2019
>> @@ -21,6 +21,7 @@
>> * otherwise.
>> */
>>
>> +#include <assert.h>
>> #include "ap_slotmem.h"
>>
>> #include "httpd.h"
>> @@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
>> else {
>> apr_shm_remove(fname, pool);
>> rv = apr_shm_create(&shm, size, fname, gpool);
>> + assert(rv == APR_SUCCESS);
>> }
>> }
>> else {
>>
>
> How is the above related to the change? Or was this an accidental commit?
Oops. Was debugging MacOS Catalina's default 8 shared segmemts limit...
Re: svn commit: r1870454 - in /httpd/httpd/trunk: CHANGES
modules/http2/h2_config.c modules/http2/h2_h2.c modules/http2/h2_stream.c
modules/slotmem/mod_slotmem_shm.c
Posted by Ruediger Pluem <rp...@apache.org>.
On 11/26/2019 10:36 AM, icing@apache.org wrote:
> Author: icing
> Date: Tue Nov 26 09:36:28 2019
> New Revision: 1870454
>
> URL: http://svn.apache.org/viewvc?rev=1870454&view=rev
> Log:
> *) mod_http2: Fixed interaction with mod_reqtimeout. A loaded mod_http2 was disabling the
> ssl handshake timeouts. Also, fixed a mistake of the last version that made `H2Direct`
> always `on`, irregardless of configuration. Found and reported by
> <Ar...@united-security-providers.ch> and
> <Ma...@united-security-providers.ch>. [Stefan Eissing]
>
> *) mod_http2: Multiple field length violations in the same request no longer cause
> several log entries to be written. [@mkauf]
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/http2/h2_config.c
> httpd/httpd/trunk/modules/http2/h2_h2.c
> httpd/httpd/trunk/modules/http2/h2_stream.c
> httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
>
> Modified: httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c?rev=1870454&r1=1870453&r2=1870454&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c (original)
> +++ httpd/httpd/trunk/modules/slotmem/mod_slotmem_shm.c Tue Nov 26 09:36:28 2019
> @@ -21,6 +21,7 @@
> * otherwise.
> */
>
> +#include <assert.h>
> #include "ap_slotmem.h"
>
> #include "httpd.h"
> @@ -400,6 +401,7 @@ static apr_status_t slotmem_create(ap_sl
> else {
> apr_shm_remove(fname, pool);
> rv = apr_shm_create(&shm, size, fname, gpool);
> + assert(rv == APR_SUCCESS);
> }
> }
> else {
>
How is the above related to the change? Or was this an accidental commit?
Regards
Rüdiger