You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/10/27 22:15:38 UTC

svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h include/util_varbuf.h modules/filters/mod_substitute.c server/util.c

Author: sf
Date: Thu Oct 27 20:15:36 2011
New Revision: 1189985

URL: http://svn.apache.org/viewvc?rev=1189985&view=rev
Log:
Improve handling of maxlen = APR_SIZE_MAX, noticed by Jim.
Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.

Modified:
    httpd/httpd/trunk/include/httpd.h
    httpd/httpd/trunk/include/util_varbuf.h
    httpd/httpd/trunk/modules/filters/mod_substitute.c
    httpd/httpd/trunk/server/util.c

Modified: httpd/httpd/trunk/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/httpd.h?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/include/httpd.h (original)
+++ httpd/httpd/trunk/include/httpd.h Thu Oct 27 20:15:36 2011
@@ -1799,7 +1799,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
  * @param source The string that was originally matched to the regex
  * @param nmatch the nmatch returned from ap_pregex
  * @param pmatch the pmatch array returned from ap_pregex
- * @param maxlen the maximum string length to return
+ * @param maxlen the maximum string length to return, 0 for unlimited
  * @return The substituted string, or NULL on error
  */
 AP_DECLARE(apr_status_t) ap_pregsub_ex(apr_pool_t *p, char **result,

Modified: httpd/httpd/trunk/include/util_varbuf.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/util_varbuf.h?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/include/util_varbuf.h (original)
+++ httpd/httpd/trunk/include/util_varbuf.h Thu Oct 27 20:15:36 2011
@@ -135,7 +135,7 @@ AP_DECLARE(char *) ap_varbuf_pdup(apr_po
  * @param source The string that was originally matched to the regex
  * @param nmatch the nmatch returned from ap_pregex
  * @param pmatch the pmatch array returned from ap_pregex
- * @param maxlen the maximum string length to append to vb
+ * @param maxlen the maximum string length to append to vb, 0 for unlimited
  * @return APR_SUCCESS if successful
  * @note Just like ap_pregsub(), this function does not copy the part of
  *       *source before the matching part (i.e. the first pmatch[0].rm_so

Modified: httpd/httpd/trunk/modules/filters/mod_substitute.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_substitute.c?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_substitute.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_substitute.c Thu Oct 27 20:15:36 2011
@@ -98,7 +98,6 @@ static void do_pattmatch(ap_filter_t *f,
     apr_size_t bytes;
     apr_size_t len;
     const char *buff;
-    const char *repl;
     struct ap_varbuf vb;
     apr_bucket *b;
     apr_bucket *tmp_b;
@@ -135,6 +134,7 @@ static void do_pattmatch(ap_filter_t *f,
                 int have_match = 0;
                 vb.strlen = 0;
                 if (script->pattern) {
+                    const char *repl;
                     while ((repl = apr_strmatch(script->pattern, buff, bytes)))
                     {
                         have_match = 1;
@@ -187,6 +187,7 @@ static void do_pattmatch(ap_filter_t *f,
                 else if (script->regexp) {
                     int left = bytes;
                     const char *pos = buff;
+                    char *repl;
                     while (!ap_regexec_len(script->regexp, pos, left,
                                        AP_MAX_REG_MATCH, regm, 0)) {
                         have_match = 1;
@@ -196,12 +197,11 @@ static void do_pattmatch(ap_filter_t *f,
                                 ap_varbuf_strmemcat(&vb, pos, regm[0].rm_so);
                             /* add replacement string */
                             ap_varbuf_regsub(&vb, script->replacement, pos,
-                                             AP_MAX_REG_MATCH, regm,
-                                             APR_SIZE_MAX);
+                                             AP_MAX_REG_MATCH, regm, 0);
                         }
                         else {
-                            repl = ap_pregsub(pool, script->replacement, pos,
-                                              AP_MAX_REG_MATCH, regm);
+                            ap_pregsub_ex(pool, &repl, script->replacement, pos,
+                                              AP_MAX_REG_MATCH, regm, 0);
                             len = (apr_size_t) (regm[0].rm_eo - regm[0].rm_so);
                             SEDRMPATBCKT(b, regm[0].rm_so, tmp_b, len);
                             tmp_b = apr_bucket_transient_create(repl,

Modified: httpd/httpd/trunk/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util.c (original)
+++ httpd/httpd/trunk/server/util.c Thu Oct 27 20:15:36 2011
@@ -386,7 +386,7 @@ static apr_status_t regsub_core(apr_pool
         return APR_EINVAL;
     if (!nmatch || nmatch>AP_MAX_REG_MATCH) {
         len = strlen(src);
-        if (maxlen > 0 && len > maxlen)
+        if (maxlen > 0 && len >= maxlen)
             return APR_ENOMEM;
         if (!vb) {
             *result = apr_pstrmemdup(p, src, len);
@@ -416,7 +416,7 @@ static apr_status_t regsub_core(apr_pool
 
     }
 
-    if (len > maxlen && maxlen > 0)
+    if (len >= maxlen && maxlen > 0)
         return APR_ENOMEM;
 
     if (!vb) {

Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h include/util_varbuf.h modules/filters/mod_substitute.c server/util.c

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 11/3/2011 1:29 AM, Stefan Fritsch wrote:
> 
>> Not acceptable.  Choose a bound.  unlimited is not acceptable.
> 
> What can a content filter do to handle the error? Does returning AP_FILTER_ERROR do any
> good? The headers may have been sent already.

I'd suggest a top bound of 1MB, if the admin configures mod_substitute
such that they approach it, /shrug.  If they surpass it... obviously
some noise at [error] level and yes, it seems we would need to abort.

Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h include/util_varbuf.h modules/filters/mod_substitute.c server/util.c

Posted by Stefan Fritsch <sf...@sfritsch.de>.

> On 10/27/2011 3:15 PM, sf@apache.org wrote:
>> Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.
>
> Uhm... wha?

This was not intended as a final solution. Besides, one case already had 
unlimited (but using argument APR_SIZE_MAX instead of 0).

> Not acceptable.  Choose a bound.  unlimited is not acceptable.
>
> Yes, that is a veto.

What can a content filter do to handle the error? Does returning 
AP_FILTER_ERROR do any good? The headers may have been sent already.

Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h include/util_varbuf.h modules/filters/mod_substitute.c server/util.c

Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.

On 10/27/2011 3:15 PM, sf@apache.org wrote:
> Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.

Uhm... wha?

Not acceptable.  Choose a bound.  unlimited is not acceptable.

Yes, that is a veto.