- Jul 14, 2014
-
-
Eric Covener authored
*) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes filling up the scoreboard and eventually hanging the server. [Rainer Jung, Eric Covener, Yann Ylavic] Submitted By: rjung, covener, ylavic Reviewed By: trawick, jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610512 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
*) SECURITY: CVE-2014-0118 (cve.mitre.org) mod_deflate: The DEFLATE input filter (inflates request bodies) now limits the length and compression ratio of inflated request bodies to avoid denial of sevice via highly compressed bodies. See directives DeflateInflateLimitRequestBody, DeflateInflateRatioLimit, and DeflateInflateRatioBurst. Thanks to Giancarlo Pellegrino and Davide Balzarotti for reporting the issue. Submitted By: ylavic, covener Reviewed By: jorton, covener, jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610503 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling, which could lead to a heap buffer overflow. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this. * include/scoreboard.h: Add ap_copy_scoreboard_worker. * server/scoreboard.c (ap_copy_scoreboard_worker): New function. * modules/generators/mod_status.c (status_handler): Use it. * modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise. Reviewed by: trawick, jorton, covener, jim Submitted by: jorton, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610499 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
This issue affected httpd versions 2.4.5 and 2.4.6 only. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610495 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
Extend the scope of SSLSessionCacheTimeout to sessions resumed by TLS session resumption (RFC 5077). Submitted by: rjung Reviewed by: rjung, ylavic, jorton git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610399 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_deflate: Don't fail when asked to flush inflated data to the user-agent and that coincides with the end of stream ("Zlib error flushing inflate buffer"). PR 56196. Submitted By: [Christoph Fausak <christoph.fausak glueckkanja com>] Committed By: ylavic mod_deflate: follows up r1572896. Be safe from successive or post end-of-stream flush buckets. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610397 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
PR54587: LDAP connections used for authn were not respecting LDAPConnectionPoolTimeout due to confusion over what "bound" means. Added some LDAP trace at TRACE5 to track how LDAP connections are reused and rebound. make LDAPConnectionPoolTTL more conservative, use r->request_time rather than end-of-request time, and only update it after a round-trip with the LDAP server rather than every time we check back into the pool. Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610396 13f79535-47bb-0310-9956-ffa450edef68
-
Rainer Jung authored
Forward local IP address as a custom request attribute like we already do for the remote port. Both were forgotten in the original AJP 13 spec but are needed by the Servlet spec. Until now, Tomcat simply returns for getLocalAddr() the same as for getLocalName(). The next round of Tomcat releases will look for the optional new request attribute. See also Tomcat BZ 56661. Submitted by: rjung Reviewed by: trawick, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610340 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
core: Include any error notes set by modules in the canned error response for 403 errors. Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610328 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_ssl: Set an error note for requests rejected due to SSLStrictSNIVHostCheck Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610327 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
SNI errors. Submitted by: trawick Reviewed by: minfrin, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610326 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 12, 2014
-
-
Jeff Trawick authored
mod_ssl: Fix tmp DH parameter leak, adjust selection to prefer larger keys and support up to 8192-bit keys. Submitted by: rpluem, jorton Reviewed by: ylavic, kbrand git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610014 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
Fix PR 56480: PROPFIND walker doesn't encode hrefs properly Reverts r1529559 partially (specifically the dav_xml_escape_uri) bit. Reverts r1531505 entirely. * modules/dav/main/mod_dav.c (dav_xml_escape_uri): Revert the piece of r1529559 that removes the URI escaping from this function. * modules/dav/main/props.c (dav_do_prop_subreq): Escape the URI before doing a sub request with it. This resolves some properties like getcontenttype from failing to be returned for files that contain characters that require encoding in their path. * modules/dav/main/mod_dav.h (dav_resource): Note the inconsistency in the documentation. * modules/dav/fs/repos.c (dav_fs_get_resource): Don't use the unparsed_uri to set the uri field of the resource. This is the correct fix for the double encoding in mod_dav_fs that led to the dav_xml_escape_uri() change and r1531505. (dav_fs_walker, dav_fs_append_uri): Revert r1531505 changes. Submitted by: breser Reviewed by: ylavic, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1610013 13f79535-47bb-0310-9956-ffa450edef68
-
- Jul 08, 2014
-
-
Jeff Trawick authored
Follow up to r1527220/r1588852: Implement better error checking/reporting around notification of abrupt parent process termination. It is likely that something bad is happening here based on these user reports: https://www.apachelounge.com/viewtopic.php?p=27848 http://mail-archives.apache.org/mod_mbox/httpd-users/201406.mbox/%3CCAC%2BRZnuwLD%2BJnoy2TYO8oeAWt6bFLMa%3DEhfDf9hS3cuuGUHXAw%40mail.gmail.com%3E w-up to r1606368: HANDLE is PVOID which is void * (fix format string) Submitted by: trawick Reviewed by: covener, gsmith git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608907 13f79535-47bb-0310-9956-ffa450edef68
-
Joe Orton authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608780 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy: When ping/pong is configured for a worker, don't send or forward "100 Continue" (interim) response to the client if it does not expect one. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608762 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_ssl: send OCSP request's nonce according to SSLOCSPUseRequestNonce on/off. PR 56233. mod_ssl: follow up to r1583191. New SSLOCSPUseRequestNonce directive's manual and CHANGES. Non functional code changes (modssl_ctx_t's field ocsp_use_request_nonce grouped with other OCSP ones, nested if turned to a single AND condition). Remove SSLOCSPUseRequestNonce OpenSSL-0.9.7 requirement (0.9.8 already required by httpd-2.4) and set availability to 2.5-dev until further notice. mod_ssl: follow up to r1583191. Use type BOOL for modssl_ctx_t's field ocsp_use_request_nonce. Suggested by: kbrand. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1608758 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 26, 2014
-
-
Jeff Trawick authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605642 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_proxy_fcgi: Fix occasional high CPU when handling request bodies. Submitted by: trawick Reviewed by: covener, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605639 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 25, 2014
-
-
Eric Covener authored
* event MPM: fix a race where a worker looks at a conn_rec after it might be in use by another thread or may have been freed and re-allocated. Submitted By: Edward Lu git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605619 13f79535-47bb-0310-9956-ffa450edef68
-
Eric Covener authored
authnzldap: support "none" as a filter to suppress using a search filter, which is required by some mainframe security products serving native registry over LDAP. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1605618 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 21, 2014
-
-
Yann Ylavic authored
mod_deflate: fix decompression of files larger than 4GB. According to RFC1952, Input SIZE (compLen) contains the size of the original input data modulo 2^32. PR: 56062 Submitted by: Lukas Bezdicka git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604460 13f79535-47bb-0310-9956-ffa450edef68
-
Yann Ylavic authored
Merge r1572655, r1572663, r1572668, r1572669, r1572670, r1572671, r1573224, r1586745, r1587594, r1587639, r1590509 from trunk. Commit 1 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib header buffering in the inflate output filter : - add the new deflate_ctx_t fields needed to re-enter the Zlib header parsing, - introduce the new consume_zlib_flags() function to parse/consume the ZLib flags (will be used by the other filters too), - use it to handle incomplete header in the output filter (deflate). This alone fixes PR 55666, but the issue remains for PR 46146 (inflate/deflate input filters), hence the following patches. Commit 2 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib header buffering in the inflate input filter : - loop until all the header is received, - handle non blocking reads returning empty brigade, - fix a double ap_get_brigade() when an EOS brigade is encountered while reading the header, - in that case and no data was received so far, don't return an error but SUCCESS with the EOS, otherwise fail, - don't remove the Content-Length and Content-MD5 headers until some data is read. Still does not handle Zlib flags for now, next commits. Commit 3 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib validation bytes buffering (CRC + length) in the inflate input filter : - use validation_buffer and validation_length as state, - loop until all the bytes are received. Commit 4 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle non blocking reads which would block in the inflate input filter (not an error). Commit 5 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Handle Zlib flags in the inflate input filter as in the output filter, using consume_zlib_flags(). Commit 6 on 6 to fix reentrance (incomplete Zlib header or validation bytes) in mod_deflate's output and input filters. PR 46146 (patches from duplicated PR 55666) Ignore empty buckets and split buckets longer than INT_MAX (since zlib uses 32-bit ints only) in all filters. mod_deflate: when consuming zlibs flags, APR_INCOMPLETE implies no more bytes available. mod_deflate: update empty log tags. mod_deflate: Delay INFLATE input filter's self removal until all the buffered buckets are out (including EOS). PR 46146. mod_deflate: Don't return gzip-ed data when reading FLUSH bucket in INFLATE input filter, forward the FLUSH but keep reading should EOS/more follow (should not happen, but mod_deflate won't fix it). mod_deflate: follow up to r1587639. Don't break the looped brigade when moving the FLUSH bucket to the returned bb and continue reading. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604458 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
mod_proxy: Allow reverse-proxy to be set via explicit handler. Submitted by: ryo takatsuki <ryotakatsuki gmail com> Reviewed by: ylavic, jim, mrumph git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604378 13f79535-47bb-0310-9956-ffa450edef68
-
Jeff Trawick authored
ab: support custom HTTP method with -m argument. PR: 56604 Submitted by: Roman Jurkov <winfinit gmail.com> Reviewed by: ylavic, trawick, covener (r1601680 and r1601700 not reflected in mergeinfo due to a collision with an unrelated trunk change) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604373 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604340 13f79535-47bb-0310-9956-ffa450edef68
-
Daniel Gruno authored
- IVM changed to use shm - More verbose error logging (no functional change) - Miscellaneous refactoring that was in trunk but not in 2.4.x (no functional change as such) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1604339 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 17, 2014
-
-
Jim Jagielski authored
core: avoid a double apr_time_now() call on the first succeeding read. * Correctly escape user provided data. PR: 56532 Submitted by: Maksymilian <max cert.cx> Reviewed by: rpluem Save a few bytes of memory. This can be done in temp_pool. Fix layout don't pass uninitialized rv passed to ap_log_rerror() (rv wasn't interesting / follow an existing example) stop throwing away a pointer on the heap (clang scan-build) add the URI to DEBUG message 00765 (and drop an exclamation point): Cache provider's store_body failed! Doxygen fix + reorg to match how other header files are built Submitted by: ylavic, rpluem, jailletc36, jailletc36, trawick, covener, jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1603141 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 10, 2014
-
-
Jeff Trawick authored
mod_proxy_fcgi: Support iobuffersize parameter. Submitted by: trawick Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1601749 13f79535-47bb-0310-9956-ffa450edef68
-
- Jun 03, 2014
-
-
Yann Ylavic authored
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599597 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Merge r1546730, r1583008, r1571369, r1552130, r1578760, r1592615, r1592632, r1595321, r1550302, r1550307, r1585435 from trunk: fix whitespace in a debug message s/comment/self-documenting/ normalize an ugly construct which somehow manages to return the correct value This is annoying to see in a casual "LogLevel debug foo:traceX ..." Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. Follow-up to r1592529: Define default port for "scgi" schemes (as chosen by mod_proxy_scgi) in a common location. Suggested by: jailletc36 fix Doxygen markup error Submitted by: jailletc36 Tweak a AP_DEBUG_ASSERT condition. Valid index to use 'req_header_var_names' are 0...6 mod_auth_form: Add a debug message when the fields on a form are not recognised. mod_auth_form: Make the trace logging consistent through the notes, session and form authentication steps. mod_auth_form: update empty log tags. Submitted by: trawick, covener, jailletc36, trawick, trawick, jailletc36, minfrin, minfrin, ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1599501 13f79535-47bb-0310-9956-ffa450edef68
-
- May 30, 2014
-
-
Jim Jagielski authored
mod_proxy_wstunnel: Fix the use of SSL connections with the "wss:" scheme. PR55320. Submitted by: Alex Liu <alex.leo.ca gmail.com> Committed by: ylavic Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1598603 13f79535-47bb-0310-9956-ffa450edef68
-
- May 19, 2014
-
-
Jim Jagielski authored
mod_socache_shmcb: Correct counting of expirations for status display. Expirations happening during retrieval were not counted. Submitted by: rjung Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595918 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_cache: Retry unconditional request with the full URL (including the query-string) when the origin server's 304 response does not match the conditions used to revalidate the stale entry. http://www.mail-archive.com/dev@httpd.apache.org/msg59884.html Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1595917 13f79535-47bb-0310-9956-ffa450edef68
-
- May 14, 2014
-
-
Jeff Trawick authored
mod_alias: Stop setting CONTEXT_PREFIX and CONTEXT_DOCUMENT environment variables as a result of AliasMatch. Submitted by: covener Reviewed by: jim, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1594539 13f79535-47bb-0310-9956-ffa450edef68
-
- May 07, 2014
-
-
Jim Jagielski authored
mod_proxy_scgi: Support Unix sockets. ap_proxy_port_of_scheme(): Support default SCGI port (4000). Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593004 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
programs, and implement a special merging algorithm for SSLCertificate[Key]File to emulate the behavior in versions <= 2.4.7 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593003 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
Fix errors with CacheLock on Windows: cache_util.c(757): (OS 80)The file exists. : [client 127.0.0.1:63889] AH00784: Attempt to obtain a cache lock for stale cached URL failed, revalidating entry anyway: Submitted by: covener Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1593000 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_expires: don't add Expires header to error responses (4xx/5xx), be they generated or forwarded. PR 55669. Follow up to r1584430. Submitted by: ylavic Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592999 13f79535-47bb-0310-9956-ffa450edef68
-
Jim Jagielski authored
mod_proxy_fcgi: Don't segfault when failing to connect to the backend. now understood why users haven't reported the segfault (yet) when mod_proxy_fcgi can't connect to the application Submitted by: trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1592998 13f79535-47bb-0310-9956-ffa450edef68
-