You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2011/10/27 22:15:38 UTC
svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h
include/util_varbuf.h modules/filters/mod_substitute.c server/util.c
Author: sf
Date: Thu Oct 27 20:15:36 2011
New Revision: 1189985
URL: http://svn.apache.org/viewvc?rev=1189985&view=rev
Log:
Improve handling of maxlen = APR_SIZE_MAX, noticed by Jim.
Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.
Modified:
httpd/httpd/trunk/include/httpd.h
httpd/httpd/trunk/include/util_varbuf.h
httpd/httpd/trunk/modules/filters/mod_substitute.c
httpd/httpd/trunk/server/util.c
Modified: httpd/httpd/trunk/include/httpd.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/httpd.h?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/include/httpd.h (original)
+++ httpd/httpd/trunk/include/httpd.h Thu Oct 27 20:15:36 2011
@@ -1799,7 +1799,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t
* @param source The string that was originally matched to the regex
* @param nmatch the nmatch returned from ap_pregex
* @param pmatch the pmatch array returned from ap_pregex
- * @param maxlen the maximum string length to return
+ * @param maxlen the maximum string length to return, 0 for unlimited
* @return The substituted string, or NULL on error
*/
AP_DECLARE(apr_status_t) ap_pregsub_ex(apr_pool_t *p, char **result,
Modified: httpd/httpd/trunk/include/util_varbuf.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/include/util_varbuf.h?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/include/util_varbuf.h (original)
+++ httpd/httpd/trunk/include/util_varbuf.h Thu Oct 27 20:15:36 2011
@@ -135,7 +135,7 @@ AP_DECLARE(char *) ap_varbuf_pdup(apr_po
* @param source The string that was originally matched to the regex
* @param nmatch the nmatch returned from ap_pregex
* @param pmatch the pmatch array returned from ap_pregex
- * @param maxlen the maximum string length to append to vb
+ * @param maxlen the maximum string length to append to vb, 0 for unlimited
* @return APR_SUCCESS if successful
* @note Just like ap_pregsub(), this function does not copy the part of
* *source before the matching part (i.e. the first pmatch[0].rm_so
Modified: httpd/httpd/trunk/modules/filters/mod_substitute.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_substitute.c?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/filters/mod_substitute.c (original)
+++ httpd/httpd/trunk/modules/filters/mod_substitute.c Thu Oct 27 20:15:36 2011
@@ -98,7 +98,6 @@ static void do_pattmatch(ap_filter_t *f,
apr_size_t bytes;
apr_size_t len;
const char *buff;
- const char *repl;
struct ap_varbuf vb;
apr_bucket *b;
apr_bucket *tmp_b;
@@ -135,6 +134,7 @@ static void do_pattmatch(ap_filter_t *f,
int have_match = 0;
vb.strlen = 0;
if (script->pattern) {
+ const char *repl;
while ((repl = apr_strmatch(script->pattern, buff, bytes)))
{
have_match = 1;
@@ -187,6 +187,7 @@ static void do_pattmatch(ap_filter_t *f,
else if (script->regexp) {
int left = bytes;
const char *pos = buff;
+ char *repl;
while (!ap_regexec_len(script->regexp, pos, left,
AP_MAX_REG_MATCH, regm, 0)) {
have_match = 1;
@@ -196,12 +197,11 @@ static void do_pattmatch(ap_filter_t *f,
ap_varbuf_strmemcat(&vb, pos, regm[0].rm_so);
/* add replacement string */
ap_varbuf_regsub(&vb, script->replacement, pos,
- AP_MAX_REG_MATCH, regm,
- APR_SIZE_MAX);
+ AP_MAX_REG_MATCH, regm, 0);
}
else {
- repl = ap_pregsub(pool, script->replacement, pos,
- AP_MAX_REG_MATCH, regm);
+ ap_pregsub_ex(pool, &repl, script->replacement, pos,
+ AP_MAX_REG_MATCH, regm, 0);
len = (apr_size_t) (regm[0].rm_eo - regm[0].rm_so);
SEDRMPATBCKT(b, regm[0].rm_so, tmp_b, len);
tmp_b = apr_bucket_transient_create(repl,
Modified: httpd/httpd/trunk/server/util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/util.c?rev=1189985&r1=1189984&r2=1189985&view=diff
==============================================================================
--- httpd/httpd/trunk/server/util.c (original)
+++ httpd/httpd/trunk/server/util.c Thu Oct 27 20:15:36 2011
@@ -386,7 +386,7 @@ static apr_status_t regsub_core(apr_pool
return APR_EINVAL;
if (!nmatch || nmatch>AP_MAX_REG_MATCH) {
len = strlen(src);
- if (maxlen > 0 && len > maxlen)
+ if (maxlen > 0 && len >= maxlen)
return APR_ENOMEM;
if (!vb) {
*result = apr_pstrmemdup(p, src, len);
@@ -416,7 +416,7 @@ static apr_status_t regsub_core(apr_pool
}
- if (len > maxlen && maxlen > 0)
+ if (len >= maxlen && maxlen > 0)
return APR_ENOMEM;
if (!vb) {
Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h
include/util_varbuf.h modules/filters/mod_substitute.c server/util.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 11/3/2011 1:29 AM, Stefan Fritsch wrote:
>
>> Not acceptable. Choose a bound. unlimited is not acceptable.
>
> What can a content filter do to handle the error? Does returning AP_FILTER_ERROR do any
> good? The headers may have been sent already.
I'd suggest a top bound of 1MB, if the admin configures mod_substitute
such that they approach it, /shrug. If they surpass it... obviously
some noise at [error] level and yes, it seems we would need to abort.
Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h
include/util_varbuf.h modules/filters/mod_substitute.c server/util.c
Posted by Stefan Fritsch <sf...@sfritsch.de>.
> On 10/27/2011 3:15 PM, sf@apache.org wrote:
>> Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.
>
> Uhm... wha?
This was not intended as a final solution. Besides, one case already had
unlimited (but using argument APR_SIZE_MAX instead of 0).
> Not acceptable. Choose a bound. unlimited is not acceptable.
>
> Yes, that is a veto.
What can a content filter do to handle the error? Does returning
AP_FILTER_ERROR do any good? The headers may have been sent already.
Re: svn commit: r1189985 - in /httpd/httpd/trunk: include/httpd.h
include/util_varbuf.h modules/filters/mod_substitute.c server/util.c
Posted by "William A. Rowe Jr." <wr...@rowe-clan.net>.
On 10/27/2011 3:15 PM, sf@apache.org wrote:
> Use apr_pregsub_ex() and maxlen = 0 for unlimited in mod_substitute.
Uhm... wha?
Not acceptable. Choose a bound. unlimited is not acceptable.
Yes, that is a veto.