www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-08-07 04:02:58 +03:00
Code Activity

Make the ssl expression parser thread-safe. It now requires bison instead of

Browse Source 
yacc.

Also change the make file magic so that the real source file name is
embedded in the debug info.

The generated files have been created with flex 2.5.35/bison 2.4.1. The two
'no previous prototype' warnings are supposed to be fixed with the next flex
version.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1002824 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Stefan Fritsch
2010-09-29 19:42:03 +00:00
parent 8dd0a17fa3
commit f9ba292bfa
13 changed files with 3690 additions and 2002 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -2,6 +2,9 @@
Changes with Apache 2.3.9
*) mod_ssl: Make the ssl expression parser thread-safe. It now requires
bison instead of yacc. [Stefan Fritsch]
*) mod_disk_cache: Change on-disk header file format to support the
link of the device/inode of the data file to the matching header
file, and to support the option of not writing a data file when

6
STATUS
View File

@@ -360,12 +360,6 @@ TODO ISSUES REMAINING IN MOD_SSL:
* Do we need SSL_set_read_ahead()?
* the ssl_expr api is NOT THREAD SAFE. race conditions exist:
-in ssl_expr_comp() if SSLRequire is used in .htaccess
(ssl_expr_info is global)
-is ssl_expr_eval() if there is an error
(ssl_expr_error is global)
* SSLRequire directive (parsing of) leaks memory
* Diffie-Hellman-Parameters for temporary keys are hardcoded in

18
modules/ssl/Makefile.in
View File

@@ -25,15 +25,13 @@ include $(top_srcdir)/build/special.mk
#
ssl_expr_scan.c: $(top_srcdir)/modules/ssl/ssl_expr_scan.l ssl_expr_parse.h
flex -Pssl_expr_yy -s -B $(top_srcdir)/modules/ssl/ssl_expr_scan.l
sed -e '/$$Header:/d' -e "s|\"`pwd`/|\"|g" <lex.ssl_expr_yy.c >ssl_expr_scan.c && rm -f lex.ssl_expr_yy.c
flex -Pssl_expr_yy -o ssl_expr_scan.c ssl_expr_scan.l
mv ssl_expr_scan.c ssl_expr_scan.c.tmp
sed -e "s|\"`pwd`/|\"|g" <ssl_expr_scan.c.tmp >ssl_expr_scan.c
rm -f ssl_expr_scan.c.tmp
ssl_expr_parse.c ssl_expr_parse.h: $(top_srcdir)/modules/ssl/ssl_expr_parse.y
yacc -d $(top_srcdir)/modules/ssl/ssl_expr_parse.y
sed -e 's;yy;ssl_expr_yy;g' \
-e "s|\"`pwd`/|\"|g" \
-e '/#if defined(c_plusplus) || defined(__cplusplus)/,/#endif/d' \
<y.tab.c >ssl_expr_parse.c && rm -f y.tab.c
sed -e 's;yy;ssl_expr_yy;g' \
<y.tab.h >ssl_expr_parse.h && rm -f y.tab.h
bison -pssl_expr_yy --defines=ssl_expr_parse.h -o ssl_expr_parse.c ssl_expr_parse.y
mv ssl_expr_parse.c ssl_expr_parse.c.tmp
sed -e "s|\"`pwd`/|\"|g" < ssl_expr_parse.c.tmp > ssl_expr_parse.c
rm -f ssl_expr_parse.c.tmp

6
modules/ssl/ssl_engine_config.c
View File

@@ -1149,10 +1149,10 @@ const char *ssl_cmd_SSLRequire(cmd_parms *cmd,
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
ssl_expr *expr;
ssl_require_t *require;
const char *errstring;
if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg))) {
return apr_pstrcat(cmd->pool, "SSLRequire: ",
ssl_expr_get_error(), NULL);
if (!(expr = ssl_expr_comp(cmd->pool, (char *)arg, &errstring))) {
return apr_pstrcat(cmd->pool, "SSLRequire: ", errstring, NULL);
}
require = apr_array_push(dc->aRequirement);

5
modules/ssl/ssl_engine_kernel.c
View File

@@ -899,13 +899,14 @@ int ssl_hook_Access(request_rec *r)
for (i = 0; i < requires->nelts; i++) {
ssl_require_t *req = &ssl_requires[i];
ok = ssl_expr_exec(r, req->mpExpr);
const char *errstring;
ok = ssl_expr_exec(r, req->mpExpr, &errstring);
if (ok < 0) {
cp = apr_psprintf(r->pool,
"Failed to execute "
"SSL requirement expression: %s",
ssl_expr_get_error());
errstring);
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
"access to %s failed, reason: %s",

49
modules/ssl/ssl_expr.c
View File

@@ -35,47 +35,50 @@
** _________________________________________________________________
*/
ssl_expr_info_type ssl_expr_info;
char *ssl_expr_error;
ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr)
ssl_expr *ssl_expr_comp(apr_pool_t *p, char *expr, const char **err)
{
ssl_expr_info.pool = p;
ssl_expr_info.inputbuf = expr;
ssl_expr_info.inputlen = strlen(expr);
ssl_expr_info.inputptr = ssl_expr_info.inputbuf;
ssl_expr_info.expr = FALSE;
ssl_expr_info_type context;
int rc;
ssl_expr_error = NULL;
if (ssl_expr_yyparse())
context.pool = p;
context.inputbuf = expr;
context.inputlen = strlen(expr);
context.inputptr = context.inputbuf;
context.expr = FALSE;
context.error = NULL;
ssl_expr_yylex_init(&context.scanner);
ssl_expr_yyset_extra(&context, context.scanner);
rc = ssl_expr_yyparse(&context);
ssl_expr_yylex_destroy(context.scanner);
*err = context.error;
if (rc)
return NULL;
return ssl_expr_info.expr;
return context.expr;
}
char *ssl_expr_get_error(void)
{
if (ssl_expr_error == NULL)
return "";
return ssl_expr_error;
}
ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2)
ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *a1, void *a2,
ssl_expr_info_type *context)
{
ssl_expr *node;
node = (ssl_expr *)apr_palloc(ssl_expr_info.pool, sizeof(ssl_expr));
node = (ssl_expr *)apr_palloc(context->pool, sizeof(ssl_expr));
node->node_op = op;
node->node_arg1 = (char *)a1;
node->node_arg2 = (char *)a2;
return node;
}
int ssl_expr_exec(request_rec *r, ssl_expr *expr)
int ssl_expr_exec(request_rec *r, ssl_expr *expr, const char **err)
{
BOOL rc;
rc = ssl_expr_eval(r, expr);
if (ssl_expr_error != NULL)
*err = NULL;
rc = ssl_expr_eval(r, expr, err);
if (*err != NULL)
return (-1);
else
return (rc ? 1 : 0);

27
modules/ssl/ssl_expr.h
View File

@@ -89,24 +89,21 @@ typedef struct {
int inputlen;
char *inputptr;
ssl_expr *expr;
void *scanner;
char *error;
} ssl_expr_info_type;
extern ssl_expr_info_type ssl_expr_info;
extern char *ssl_expr_error;
int ssl_expr_yyparse(ssl_expr_info_type *context);
int ssl_expr_yyerror(ssl_expr_info_type *context, char *errstring);
int ssl_expr_yylex_init(void **scanner);
int ssl_expr_yylex_destroy(void *scanner);
void ssl_expr_yyset_extra(ssl_expr_info_type *context, void *scanner);
#define yylval ssl_expr_yylval
#define yyerror ssl_expr_yyerror
#define yyinput ssl_expr_yyinput
extern int ssl_expr_yyparse(void);
extern int ssl_expr_yyerror(char *);
extern int ssl_expr_yylex(void);
extern ssl_expr *ssl_expr_comp(apr_pool_t *, char *);
extern int ssl_expr_exec(request_rec *, ssl_expr *);
extern char *ssl_expr_get_error(void);
extern ssl_expr *ssl_expr_make(ssl_expr_node_op, void *, void *);
extern BOOL ssl_expr_eval(request_rec *, ssl_expr *);
ssl_expr *ssl_expr_comp(apr_pool_t *p, char *exprstr, const char **err);
int ssl_expr_exec(request_rec *r, ssl_expr *expr, const char **err);
ssl_expr *ssl_expr_make(ssl_expr_node_op op, void *arg1, void *arg2,
ssl_expr_info_type *context);
BOOL ssl_expr_eval(request_rec *r, ssl_expr *expr, const char **err);
#endif /* __SSL_EXPR_H__ */
/** @} */

74
modules/ssl/ssl_expr_eval.c
View File

@@ -34,13 +34,14 @@
** _________________________________________________________________
*/
static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *);
static char *ssl_expr_eval_word(request_rec *, ssl_expr *);
static BOOL ssl_expr_eval_oid(request_rec *r, const char *word, const char *oidstr);
static char *ssl_expr_eval_func_file(request_rec *, char *);
static int ssl_expr_eval_strcmplex(char *, char *);
static BOOL ssl_expr_eval_comp(request_rec *, ssl_expr *, const char **err);
static char *ssl_expr_eval_word(request_rec *, ssl_expr *, const char **err);
static BOOL ssl_expr_eval_oid(request_rec *r, const char *word,
const char *oidstr, const char **err);
static char *ssl_expr_eval_func_file(request_rec *, char *, const char **err);
static int ssl_expr_eval_strcmplex(char *, char *, const char **err);
BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
BOOL ssl_expr_eval(request_rec *r, ssl_expr *node, const char **err)
{
switch (node->node_op) {
case op_True: {
@@ -51,67 +52,67 @@ BOOL ssl_expr_eval(request_rec *r, ssl_expr *node)
}
case op_Not: {
ssl_expr *e = (ssl_expr *)node->node_arg1;
return (!ssl_expr_eval(r, e));
return (!ssl_expr_eval(r, e, err));
}
case op_Or: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval(r, e1) || ssl_expr_eval(r, e2));
return (ssl_expr_eval(r, e1, err) || ssl_expr_eval(r, e2, err));
}
case op_And: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval(r, e1) && ssl_expr_eval(r, e2));
return (ssl_expr_eval(r, e1, err) && ssl_expr_eval(r, e2, err));
}
case op_Comp: {
ssl_expr *e = (ssl_expr *)node->node_arg1;
return ssl_expr_eval_comp(r, e);
return ssl_expr_eval_comp(r, e, err);
}
default: {
ssl_expr_error = "Internal evaluation error: Unknown expression node";
*err = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node, const char **err)
{
switch (node->node_op) {
case op_EQ: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) == 0);
return (strcmp(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err)) == 0);
}
case op_NE: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (strcmp(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) != 0);
return (strcmp(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err)) != 0);
}
case op_LT: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) < 0);
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err), err) < 0);
}
case op_LE: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) <= 0);
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err), err) <= 0);
}
case op_GT: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) > 0);
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err), err) > 0);
}
case op_GE: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1), ssl_expr_eval_word(r, e2)) >= 0);
return (ssl_expr_eval_strcmplex(ssl_expr_eval_word(r, e1, err), ssl_expr_eval_word(r, e2, err), err) >= 0);
}
case op_IN: {
ssl_expr *e1 = (ssl_expr *)node->node_arg1;
ssl_expr *e2 = (ssl_expr *)node->node_arg2;
ssl_expr *e3;
char *w1 = ssl_expr_eval_word(r, e1);
char *w1 = ssl_expr_eval_word(r, e1, err);
BOOL found = FALSE;
do {
ssl_expr_node_op op = e2->node_op;
@@ -119,15 +120,15 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
e2 = (ssl_expr *)e2->node_arg2;
if (op == op_PeerExtElement) {
char *w3 = ssl_expr_eval_word(r, e3);
char *w3 = ssl_expr_eval_word(r, e3, err);
found = ssl_expr_eval_oid(r, w1, w3);
found = ssl_expr_eval_oid(r, w1, w3, err);
/* There will be no more nodes on the list, so the result is authoritative */
break;
}
if (strcmp(w1, ssl_expr_eval_word(r, e3)) == 0) {
if (strcmp(w1, ssl_expr_eval_word(r, e3, err)) == 0) {
found = TRUE;
break;
}
@@ -142,7 +143,7 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
e1 = (ssl_expr *)node->node_arg1;
e2 = (ssl_expr *)node->node_arg2;
word = ssl_expr_eval_word(r, e1);
word = ssl_expr_eval_word(r, e1, err);
regex = (ap_regex_t *)(e2->node_arg1);
return (ap_regexec(regex, word, 0, NULL, 0) == 0);
}
@@ -154,18 +155,18 @@ static BOOL ssl_expr_eval_comp(request_rec *r, ssl_expr *node)
e1 = (ssl_expr *)node->node_arg1;
e2 = (ssl_expr *)node->node_arg2;
word = ssl_expr_eval_word(r, e1);
word = ssl_expr_eval_word(r, e1, err);
regex = (ap_regex_t *)(e2->node_arg1);
return !(ap_regexec(regex, word, 0, NULL, 0) == 0);
}
default: {
ssl_expr_error = "Internal evaluation error: Unknown expression node";
*err = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node, const char **err)
{
switch (node->node_op) {
case op_Digit: {
@@ -185,20 +186,21 @@ static char *ssl_expr_eval_word(request_rec *r, ssl_expr *node)
char *name = (char *)node->node_arg1;
ssl_expr *args = (ssl_expr *)node->node_arg2;
if (strEQ(name, "file"))
return ssl_expr_eval_func_file(r, (char *)(args->node_arg1));
return ssl_expr_eval_func_file(r, (char *)(args->node_arg1), err);
else {
ssl_expr_error = "Internal evaluation error: Unknown function name";
*err = "Internal evaluation error: Unknown function name";
return "";
}
}
default: {
ssl_expr_error = "Internal evaluation error: Unknown expression node";
*err = "Internal evaluation error: Unknown expression node";
return FALSE;
}
}
}
static BOOL ssl_expr_eval_oid(request_rec *r, const char *word, const char *oidstr)
static BOOL ssl_expr_eval_oid(request_rec *r, const char *word,
const char *oidstr, const char **err)
{
int j;
BOOL result = FALSE;
@@ -220,7 +222,7 @@ static BOOL ssl_expr_eval_oid(request_rec *r, const char *word, const char *oids
}
static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
static char *ssl_expr_eval_func_file(request_rec *r, char *filename, const char **err)
{
apr_file_t *fp;
char *buf;
@@ -230,12 +232,12 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
if (apr_file_open(&fp, filename, APR_READ|APR_BUFFERED,
APR_OS_DEFAULT, r->pool) != APR_SUCCESS) {
ssl_expr_error = "Cannot open file";
*err = "Cannot open file";
return "";
}
apr_file_info_get(&finfo, APR_FINFO_SIZE, fp);
if ((finfo.size + 1) != ((apr_size_t)finfo.size + 1)) {
ssl_expr_error = "Huge file cannot be read";
*err = "Huge file cannot be read";
apr_file_close(fp);
return "";
}
@@ -246,14 +248,14 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
}
else {
if ((buf = (char *)apr_palloc(r->pool, sizeof(char)*(len+1))) == NULL) {
ssl_expr_error = "Cannot allocate memory";
*err = "Cannot allocate memory";
apr_file_close(fp);
return "";
}
offset = 0;
apr_file_seek(fp, APR_SET, &offset);
if (apr_file_read(fp, buf, &len) != APR_SUCCESS) {
ssl_expr_error = "Cannot read from file";
*err = "Cannot read from file";
apr_file_close(fp);
return "";
}
@@ -264,7 +266,7 @@ static char *ssl_expr_eval_func_file(request_rec *r, char *filename)
}
/* a variant of strcmp(3) which works correctly also for number strings */
static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2)
static int ssl_expr_eval_strcmplex(char *cpNum1, char *cpNum2, const char **err)
{
int i, n1, n2;

2440
modules/ssl/ssl_expr_parse.c
View File

File diff suppressed because it is too large Load Diff

110
modules/ssl/ssl_expr_parse.h
View File

@@ -1,30 +1,90 @@
#ifndef YYERRCODE
#define YYERRCODE 256
/* A Bison parser, made by GNU Bison 2.4.1. */
/* Skeleton interface for Bison's Yacc-like parsers in C
Copyright (C) 1984, 1989, 1990, 2000, 2001, 2002, 2003, 2004, 2005, 2006
Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* As a special exception, you may create a larger work that contains
part or all of the Bison parser skeleton and distribute that work
under terms of your choice, so long as that work isn't itself a
parser generator using the skeleton or a modified version thereof
as a parser skeleton. Alternatively, if you modify or redistribute
the parser skeleton itself, you may (at your option) remove this
special exception, which will cause the skeleton and the resulting
Bison output files to be licensed under the GNU General Public
License without this special exception.
This special exception was added by the Free Software Foundation in
version 2.2 of Bison. */
/* Tokens. */
#ifndef YYTOKENTYPE
# define YYTOKENTYPE
/* Put the tokens into the symbol table, so that GDB and other debuggers
know about them. */
enum yytokentype {
T_TRUE = 258,
T_FALSE = 259,
T_DIGIT = 260,
T_ID = 261,
T_STRING = 262,
T_REGEX = 263,
T_REGEX_I = 264,
T_FUNC_FILE = 265,
T_OP_EQ = 266,
T_OP_NE = 267,
T_OP_LT = 268,
T_OP_LE = 269,
T_OP_GT = 270,
T_OP_GE = 271,
T_OP_REG = 272,
T_OP_NRE = 273,
T_OP_IN = 274,
T_OP_PEEREXTLIST = 275,
T_OP_OR = 276,
T_OP_AND = 277,
T_OP_NOT = 278
};
#endif
#define T_TRUE 257
#define T_FALSE 258
#define T_DIGIT 259
#define T_ID 260
#define T_STRING 261
#define T_REGEX 262
#define T_REGEX_I 263
#define T_FUNC_FILE 264
#define T_OP_EQ 265
#define T_OP_NE 266
#define T_OP_LT 267
#define T_OP_LE 268
#define T_OP_GT 269
#define T_OP_GE 270
#define T_OP_REG 271
#define T_OP_NRE 272
#define T_OP_IN 273
#define T_OP_PEEREXTLIST 274
#define T_OP_OR 275
#define T_OP_AND 276
#define T_OP_NOT 277
typedef union {
#if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED
typedef union YYSTYPE
{
/* Line 1676 of yacc.c */
#line 45 "ssl_expr_parse.y"
char *cpVal;
ssl_expr *exVal;
/* Line 1676 of yacc.c */
#line 82 "ssl_expr_parse.h"
} YYSTYPE;
extern YYSTYPE ssl_expr_yylval;
# define YYSTYPE_IS_TRIVIAL 1
# define yystype YYSTYPE /* obsolescent; will be withdrawn */
# define YYSTYPE_IS_DECLARED 1
#endif

79
modules/ssl/ssl_expr_parse.y
View File

@@ -32,6 +32,12 @@
** _________________________________________________________________
*/
%pure-parser
%defines
%error-verbose
%lex-param { void *yyscanner }
%parse-param { ssl_expr_info_type *context }
%{
#include "ssl_private.h"
%}
@@ -79,76 +85,85 @@
%type <exVal> wordlist
%type <exVal> word
%{
#include "ssl_expr.h"
#define yyscanner context->scanner
int ssl_expr_yyerror(ssl_expr_info_type *context, char *err);
int ssl_expr_yylex(YYSTYPE *lvalp, void *scanner);
%}
%%
root : expr { ssl_expr_info.expr = $1; }
root : expr { context->expr = $1; }
;
expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL); }
| T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL); }
| T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL); }
| expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3); }
| expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3); }
| comparison { $$ = ssl_expr_make(op_Comp, $1, NULL); }
expr : T_TRUE { $$ = ssl_expr_make(op_True, NULL, NULL, context); }
| T_FALSE { $$ = ssl_expr_make(op_False, NULL, NULL, context); }
| T_OP_NOT expr { $$ = ssl_expr_make(op_Not, $2, NULL, context); }
| expr T_OP_OR expr { $$ = ssl_expr_make(op_Or, $1, $3, context); }
| expr T_OP_AND expr { $$ = ssl_expr_make(op_And, $1, $3, context); }
| comparison { $$ = ssl_expr_make(op_Comp, $1, NULL, context); }
| '(' expr ')' { $$ = $2; }
;
comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3); }
| word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3); }
| word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3); }
| word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3); }
| word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3); }
| word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3); }
| word T_OP_IN wordlist { $$ = ssl_expr_make(op_IN, $1, $3); }
| word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3); }
| word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3); }
comparison: word T_OP_EQ word { $$ = ssl_expr_make(op_EQ, $1, $3, context); }
| word T_OP_NE word { $$ = ssl_expr_make(op_NE, $1, $3, context); }
| word T_OP_LT word { $$ = ssl_expr_make(op_LT, $1, $3, context); }
| word T_OP_LE word { $$ = ssl_expr_make(op_LE, $1, $3, context); }
| word T_OP_GT word { $$ = ssl_expr_make(op_GT, $1, $3, context); }
| word T_OP_GE word { $$ = ssl_expr_make(op_GE, $1, $3, context); }
| word T_OP_IN wordlist { $$ = ssl_expr_make(op_IN, $1, $3, context); }
| word T_OP_REG regex { $$ = ssl_expr_make(op_REG, $1, $3, context); }
| word T_OP_NRE regex { $$ = ssl_expr_make(op_NRE, $1, $3, context); }
;
wordlist : T_OP_PEEREXTLIST '(' word ')' { $$ = ssl_expr_make(op_PeerExtElement, $3, NULL); }
wordlist : T_OP_PEEREXTLIST '(' word ')' { $$ = ssl_expr_make(op_PeerExtElement, $3, NULL, context); }
| '{' words '}' { $$ = $2 ; }
;
words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL); }
| words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1); }
words : word { $$ = ssl_expr_make(op_ListElement, $1, NULL, context); }
| words ',' word { $$ = ssl_expr_make(op_ListElement, $3, $1, context); }
;
word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL); }
| T_STRING { $$ = ssl_expr_make(op_String, $1, NULL); }
| '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL); }
word : T_DIGIT { $$ = ssl_expr_make(op_Digit, $1, NULL, context); }
| T_STRING { $$ = ssl_expr_make(op_String, $1, NULL, context); }
| '%' '{' T_ID '}' { $$ = ssl_expr_make(op_Var, $3, NULL, context); }
| funccall { $$ = $1; }
;
regex : T_REGEX {
ap_regex_t *regex;
if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
if ((regex = ap_pregcomp(context->pool, $1,
AP_REG_EXTENDED|AP_REG_NOSUB)) == NULL) {
ssl_expr_error = "Failed to compile regular expression";
context->error = "Failed to compile regular expression";
YYERROR;
}
$$ = ssl_expr_make(op_Regex, regex, NULL);
$$ = ssl_expr_make(op_Regex, regex, NULL, context);
}
| T_REGEX_I {
ap_regex_t *regex;
if ((regex = ap_pregcomp(ssl_expr_info.pool, $1,
if ((regex = ap_pregcomp(context->pool, $1,
AP_REG_EXTENDED|AP_REG_NOSUB|AP_REG_ICASE)) == NULL) {
ssl_expr_error = "Failed to compile regular expression";
context->error = "Failed to compile regular expression";
YYERROR;
}
$$ = ssl_expr_make(op_Regex, regex, NULL);
$$ = ssl_expr_make(op_Regex, regex, NULL, context);
}
;
funccall : T_FUNC_FILE '(' T_STRING ')' {
ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL);
$$ = ssl_expr_make(op_Func, "file", args);
ssl_expr *args = ssl_expr_make(op_ListElement, $3, NULL, context);
$$ = ssl_expr_make(op_Func, "file", args, context);
}
;
%%
int yyerror(char *s)
int yyerror(ssl_expr_info_type *context, char *s)
{
ssl_expr_error = s;
context->error = s;
return 2;
}

1869
modules/ssl/ssl_expr_scan.c
View File

File diff suppressed because it is too large Load Diff

66
modules/ssl/ssl_expr_scan.l
View File

@@ -33,27 +33,43 @@
** _________________________________________________________________
*/
%pointer
%option batch
%option never-interactive
%option nodefault
%option noyywrap
%option reentrant
%option bison-bridge
%option warn
%option noinput nounput
%x str
%x regex regex_flags
%{
#include "ssl_private.h"
#include "ssl_expr_parse.h"
#define YY_NO_UNPUT 1
int yyinput(char *buf, int max_size);
#include "ssl_expr.h"
#undef YY_INPUT
#define YY_INPUT(buf,result,max_size) \
(result = yyinput(buf, max_size))
{ \
if ((result = MIN(max_size, yyextra->inputbuf \
+ yyextra->inputlen \
- yyextra->inputptr)) <= 0) \
{ \
result = YY_NULL; \
} \
else { \
memcpy(buf, yyextra->inputptr, result); \
yyextra->inputptr += result; \
} \
}
#define MAX_STR_LEN 2048
#define YY_EXTRA_TYPE ssl_expr_info_type*
%}
%pointer
/* %option stack */
%option never-interactive
%option noyywrap
%x str
%x regex regex_flags
%%
@@ -80,23 +96,23 @@ int yyinput(char *buf, int max_size);
<str>\" {
BEGIN(INITIAL);
*cpStr = NUL;
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caStr);
yylval->cpVal = apr_pstrdup(yyextra->pool, caStr);
return T_STRING;
}
<str>\n {
yyerror("Unterminated string");
ssl_expr_yyerror(yyextra, "Unterminated string");
}
<str>\\[0-7]{1,3} {
int result;
(void)sscanf(yytext+1, "%o", &result);
if (result > 0xff)
yyerror("Escape sequence out of bound");
ssl_expr_yyerror(yyextra, "Escape sequence out of bound");
else
*cpStr++ = result;
}
<str>\\[0-9]+ {
yyerror("Bad escape sequence");
ssl_expr_yyerror(yyextra, "Bad escape sequence");
}
<str>\\n { *cpStr++ = '\n'; }
<str>\\r { *cpStr++ = '\r'; }
@@ -133,18 +149,18 @@ int yyinput(char *buf, int max_size);
}
}
<regex_flags>i {
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
yylval->cpVal = apr_pstrdup(yyextra->pool, caRegex);
BEGIN(INITIAL);
return T_REGEX_I;
}
<regex_flags>.|\n {
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
yylval->cpVal = apr_pstrdup(yyextra->pool, caRegex);
yyless(0);
BEGIN(INITIAL);
return T_REGEX;
}
<regex_flags><<EOF>> {
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, caRegex);
yylval->cpVal = apr_pstrdup(yyextra->pool, caRegex);
BEGIN(INITIAL);
return T_REGEX;
}
@@ -190,7 +206,7 @@ int yyinput(char *buf, int max_size);
* Digits
*/
[0-9]+ {
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
yylval->cpVal = apr_pstrdup(yyextra->pool, yytext);
return T_DIGIT;
}
@@ -198,7 +214,7 @@ int yyinput(char *buf, int max_size);
* Identifiers
*/
[a-zA-Z][a-zA-Z0-9_:-]* {
yylval.cpVal = apr_pstrdup(ssl_expr_info.pool, yytext);
yylval->cpVal = apr_pstrdup(yyextra->pool, yytext);
return T_ID;
}
@@ -211,16 +227,4 @@ int yyinput(char *buf, int max_size);
%%
int yyinput(char *buf, int max_size)
{
int n;
if ((n = MIN(max_size, ssl_expr_info.inputbuf
+ ssl_expr_info.inputlen
- ssl_expr_info.inputptr)) <= 0)
return YY_NULL;
memcpy(buf, ssl_expr_info.inputptr, n);
ssl_expr_info.inputptr += n;
return n;
}