Fix processing of the TRACE method. Previously we passed bogus

parms to form_header_field() and it overlaid some vhost structures,
resulting in a segfault in check_hostalias().
[Greg Ames, Jeff Trawick]

Note: Not being familiar with the TRACE method I compared the 2.0
output with 1.3.9 output.  The only difference is that with 2.0 we
get a Content-Length header field.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@89138 13f79535-47bb-0310-9956-ffa450edef68

CHANGES

@@ -1,4 +1,10 @@
 Changes with Apache 2.0.18-dev
+
+  *) Fix processing of the TRACE method.  Previously we passed bogus
+     parms to form_header_field() and it overlaid some vhost structures,
+     resulting in a segfault in check_hostalias(). 
+     [Greg Ames, Jeff Trawick]
+
   *) Win32: Add support for reliable piped logs. If the logging process
      goes down, Apache will automatically restart it. This function has 
      been part of Apache on Unix/Linux/BSD since the early v1.3 releases.

STATUS

@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:						-*-text-*-
-Last modified at [$Date: 2001/05/17 15:22:09 $]
+Last modified at [$Date: 2001/05/17 18:04:15 $]
 
 Release:
 
@@ -22,43 +22,6 @@ DAEDALUS 2.0 PROBLEMS:
     * mod_cgid and suexec have a problem co-existing.  suexec sees a null
       command string sometimes.
 
-    * core dump from 20010422
-
-      /usr/local/apache2b/corefiles/httpd.core.3
-      #0  0x806724c in check_hostalias (r=0x81fd03c) at vhost.c:891
-      #1  0x8067489 in ap_update_vhost_from_headers (r=0x81fd03c) at vhost.c:978
-      #2  0x806fa92 in ap_read_request (conn=0x81450fc) at protocol.c:946
-      #3  0x805a168 in ap_process_http_connection (c=0x81450fc) at http_core.c:274
-      #4  0x806bc60 in ap_run_process_connection (c=0x81450fc) at connection.c:82
-      #5  0x806be84 in ap_process_connection (c=0x81450fc) at connection.c:216
-      #6  0x805fbba in child_main (child_num_arg=65) at prefork.c:807
-      #7  0x805fd20 in make_child (s=0x80c64fc, slot=65) at prefork.c:880
-      #8  0x805ffec in perform_idle_server_maintenance () at prefork.c:1021
-      #9  0x80603d1 in ap_mpm_run (_pconf=0x80c600c, plog=0x80f300c, s=0x80c64fc) at prefork.c:1191
-      #10 0x80660cd in main (argc=1, argv=0xbfbffdac) at main.c:425
-      #11 0x8059bf9 in _start () 
-
-      The input data (received in one read from TCP layer):
-
-      GET /images/apache_sub.gif HTTP/1.1
-      Accept: */*
-      Referer: http://search.apache.org/index.cgi
-      Accept-Language: en-us
-      Accept-Encoding: gzip, deflate
-      If-Modified-Since: Sat, 02 Dec 1995 21:26:28 GMT
-      If-None-Match: "29e60e-17c3-66972900"
-      User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)
-      Host: www.apache.org
-      Connection: Keep-Alive
-
-      But Greg added a trap to look for such problems right after they occur and
-      we now have a corefile showing the bad request:
-
-      TRACE / HTTP/1.0
-      Max-Forwards: 0
-
-      The list getting trashed is default_list->names.
-
     * core dump from 20010418
 
       /usr/local/apache2b/corefiles/httpd.core.2

modules/http/http_protocol.c

@@ -940,6 +940,8 @@ static char *make_allow(request_rec *r)
 AP_DECLARE(int) ap_send_http_trace(request_rec *r)
 {
     int rv;
+    apr_bucket_brigade *b;
+    header_struct h;
 
     /* Get the original request */
     while (r->prev)
@@ -952,11 +954,14 @@ AP_DECLARE(int) ap_send_http_trace(request_rec *r)
 
     /* Now we recreate the request, and echo it back */
 
-    ap_rvputs(r, r->the_request, CRLF, NULL);
-
+    b = apr_brigade_create(r->pool);
+    apr_brigade_putstrs(b, NULL, NULL, r->the_request, CRLF, NULL);
+    h.pool = r->pool;
+    h.bb = b;
     apr_table_do((int (*) (void *, const char *, const char *))
-                form_header_field, (void *) r, r->headers_in, NULL);
-    ap_rputs(CRLF, r);
+                form_header_field, (void *) &h, r->headers_in, NULL);
+    apr_brigade_puts(b, NULL, NULL, CRLF);
+    ap_pass_brigade(r->output_filters, b);
 
     return OK;
 }