- Jul 15, 2014
-
-
Eric Covener authored
character as the first character in a 2/3 character pattern. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610707 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610686 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
proxy configuration, a remote attacker could send a carefully crafted request which could crash a server process, resulting in denial of service. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this issue. * server/util.c (ap_parse_token_list_strict): New function. * modules/proxy/proxy_util.c (find_conn_headers): Use it here. * modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Send a 400 for a malformed Connection header. Submitted by: Edward Lu, breser, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610674 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
service in the WinNT MPM used in all Windows installations. Workaround: AcceptFilter <protocol> {none|connect} Submitted by: trawick Reviewed by: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610652 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 14, 2014
-
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610518 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. [Rainer Jung, Eric Covener, Yann Ylavic] Submitted By: rjung, covener, ylavic Reviewed By: trawick, jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610509 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue. Submitted By: ylavic, covener Reviewed By: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610501 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this. * include/scoreboard.h: Add ap_copy_scoreboard_worker. * server/scoreboard.c (ap_copy_scoreboard_worker): New function. * modules/generators/mod_status.c (status_handler): Use it. * modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise. Reviewed by: trawick, jorton, covener, jim Submitted by: jorton, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610491 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
Cases where 'loc' doesn't have any ':' or is starting with ':' are already handled by 'ap_ir_url()' Calling 'apr_isascii()' seems useless. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610383 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610366 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
Save a few cycles by calling 'apr_isalnum' instead of 'apr_isalpha' and 'apr_isdigit'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610353 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610341 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610339 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610329 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 13, 2014
-
-
Rainer Jung authored
Followup to r1604466. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610323 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
resumed by TLS session resumption (RFC 5077). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610311 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610310 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
like we already do for the remote port. Both were forgotten in the original AJP 13 spec but are needed by the Servlet spec. Until now, Tomcat simply returns for getLocalAddr() the same as for getLocalName(). The next round of Tomcat releases will look for the optional new request attribute. See also Tomcat BZ 56661. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610207 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 12, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610015 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
response for 403 errors. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609938 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
This allows custom error documents to include the specific reason for denying access to the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609936 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
if these checks detect a problem, the checks shouldn't return an error again when processing an ErrorDocument redirect for the original problem. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609914 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 11, 2014
-
-
Jan Kaluža authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609709 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609688 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
and ProxyMatch section to distinguish between normal workers and workers with regex substitutions in the name. Implement handling of such workers in ap_proxy_get_worker(). PR 43513 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609680 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 09, 2014
-
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609114 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609113 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1609101 13f79535-47bb-0310-9956-ffa450edef68
-
Christophe Jaillet authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608999 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 08, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608785 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608766 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608744 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608721 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
drop the support for "Listen systemd" and use standard Listen syntax instead. This allows using the same configuration file with or without socket activation and allows setting protocol when using socket activation. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608703 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608694 13f79535-47bb-0310-9956-ffa450edef68
-
Jan Kaluža authored
activation, fix addrlen in getsockname() call. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608686 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 06, 2014
-
-
Jeff Trawick authored
is found or no vhost matches. Log one when no name is provided by the client. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608284 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
Arrange for backend LDAP connections to be returned to the pool by a fixup hook rather than staying locked until the end of (a potentially slow) request. Add a little more trace4 to the authnz_ldap side of LDAP connection obtain/release. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608202 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 05, 2014
-
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608010 13f79535-47bb-0310-9956-ffa450edef68
-
Lucien Gentis authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1608008 13f79535-47bb-0310-9956-ffa450edef68
-