www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2026-01-06 09:01:14 +03:00
Code Activity
27,297 Commits 62 Branches 306 Tags
098a3d64cdc4243b8bc0b2a69dd157b852cf464e
Commit Graph

337 Commits

Author SHA1 Message Date
Jan Kaluža
eca303e318 * mod_lua: fix compilation with lua-5.3 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1668827 13f79535-47bb-0310-9956-ffa450edef68
 2015-03-24 09:13:12 +00:00
Eric Covener
6c0cf71485 followup to r1657261 whitespace only -- reindent body of while loop. 
(no change under svn diff -x-w)



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657263 13f79535-47bb-0310-9956-ffa450edef68
 2015-02-04 14:52:50 +00:00
Eric Covener
78eb3b9235 *) SECURITY: CVE-2015-0228 (cve.mitre.org) 
mod_lua: A maliciously crafted websockets PING after a script
     calls r:wsupgrade() can cause a child process crash.
     [Edward Lu <Chaosed0 gmail.com>]

Discovered by Guido Vranken <guidovranken gmail.com>

Submitted by: Edward Lu
Committed by: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657261 13f79535-47bb-0310-9956-ffa450edef68
 2015-02-04 14:44:23 +00:00
Eric Covener
8f40799093 Fix bit-shifting of websockets frame fields that would yield wrong opcodes 
when the FIN bit was set.  Results in PING not being recognized
by mod_lua.  PR57524

Submitted By: Edward Lu
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1657256 13f79535-47bb-0310-9956-ffa450edef68
 2015-02-04 14:33:51 +00:00
Guenter Knauf
53e7998820 Enable to build mod_lua against Lua 5.3. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1652886 13f79535-47bb-0310-9956-ffa450edef68
 2015-01-19 00:35:25 +00:00
Daniel Gruno
918199724a now it's actually fixed (The URL) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643272 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 13:33:10 +00:00
Daniel Gruno
08a314456f fixed it! 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643271 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 13:32:00 +00:00
Daniel Gruno
3d61019b90 another blank commit... 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643269 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 13:29:37 +00:00
Daniel Gruno
4d26c4006b another blank change, ignore. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643265 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 13:08:16 +00:00
Daniel Gruno
320ddfecdb more blank changes to set up viewvc, ignore. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643263 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 13:02:10 +00:00
Daniel Gruno
8916eba91a blank change to test commit mail URL is properly working. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643258 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 12:49:23 +00:00
Daniel Gruno
e27d5d9480 testing eu <-> us sync 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643147 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 01:28:25 +00:00
Daniel Gruno
d28e6f8a30 more noise again 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643146 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 01:06:05 +00:00
Daniel Gruno
3d429ab1e3 more tests 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643142 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 00:40:04 +00:00
Daniel Gruno
c66f9774c9 bit more noise... (still testing) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643141 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-05 00:22:44 +00:00
Daniel Gruno
2c70fbc07c more tests 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643137 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-04 23:58:51 +00:00
Daniel Gruno
f4dfabcd1b trying eu svn... 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643130 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-04 23:51:16 +00:00
Daniel Gruno
ff8c2ca60b More dead birds in the sky...is it summer already? 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643129 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-04 23:48:28 +00:00
Daniel Gruno
a0f2ddbea4 Is it a bird? Is it a plane? Is it a giant flying pony??! 
No, it's simply mod_lua >_>
(also, ignore this, we're just testing whether commits work)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1643127 13f79535-47bb-0310-9956-ffa450edef68
 2014-12-04 20:29:16 +00:00
Eric Covener
38535f55b1 *) SECURITY: CVE-2014-8109 (cve.mitre.org) 
mod_lua: Fix handling of the Require line when a LuaAuthzProvider is
     used in multiple Require directives with different arguments.
     PR57204 [Edward Lu <Chaosed0 gmail.com>]

Submitted By: Edward Lu
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1642499 13f79535-47bb-0310-9956-ffa450edef68
 2014-11-30 01:41:26 +00:00
Daniel Gruno
8216b3d0b4 mod_lua: Initial attempt at passing on the configuration tree to Lua. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1641661 13f79535-47bb-0310-9956-ffa450edef68
 2014-11-25 18:04:00 +00:00
Rainer Jung
118e19314d Switch from lua_objlen() to Lua 5.2 preferred 
lua_rawlen(). Define lua_rawlen() in terms of
lua_objlen() when building against older Lua.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1612552 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-22 11:57:06 +00:00
Christophe Jaillet
56d0c25725 Add missing APLOGNO. 
Refactor some lines to keep APLOGNO on the same line as ap_log_error, when applicable.
Split lines longer than 80.
Improve alignment.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1612068 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-20 09:32:58 +00:00
Daniel Gruno
2c676c90ee mod_lua: Don't quote values in cookies; Make IE happy again [#56734] 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1611741 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-18 18:12:12 +00:00
Joe Orton
b2605d20c4 SECURITY (CVE-2014-0226): Fix a race condition in scoreboard handling, 
which could lead to a heap buffer overflow.  Thanks to Marek Kroemeke
working with HP's Zero Day Initiative for reporting this.

* include/scoreboard.h: Add ap_copy_scoreboard_worker.

* server/scoreboard.c (ap_copy_scoreboard_worker): New function.

* modules/generators/mod_status.c (status_handler): Use it.

* modules/lua/lua_request.c (lua_ap_scoreboard_worker): Likewise.

Reviewed by: trawick, jorton, covener, jim
Submitted by: jorton, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1610491 13f79535-47bb-0310-9956-ffa450edef68
 2014-07-14 19:26:00 +00:00
Ben Reser
ccb1c5181a mod_lua: Remove dead code left over from the old code cache. 
The code that used this was commented out in r721594, then removed entirely in
r728497, and finally a commit was made intending to remove the last traces of
the code cache in r1200513, but this initialization lived on anyway.

* modules/lua/mod_lua.c
  (create_server_config): Remove unused empty hash and rwlock for hash.

* modules/lua/mod_lua.h
  (ap_lua_server_cfg): Remove unneeded hash and rwlock entries.

Found by: Bert Huijben <rhuijben{_at_}collab.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1606836 13f79535-47bb-0310-9956-ffa450edef68
 2014-06-30 16:54:27 +00:00
Jeff Trawick
303f962ea6 Follow up to r1604336: Comment out hooks whose only references are 
now commented out, fixing a "-Wunused-function" warning


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1604631 13f79535-47bb-0310-9956-ffa450edef68
 2014-06-22 18:14:31 +00:00
Daniel Gruno
0ac4c9dc26 Revert early|late argument for LuaHookCheckUserID as it does not work right now. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1604336 13f79535-47bb-0310-9956-ffa450edef68
 2014-06-21 10:36:56 +00:00
Jeff Trawick
06189fe5af back to c89 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1588989 13f79535-47bb-0310-9956-ffa450edef68
 2014-04-21 21:31:42 +00:00
Daniel Gruno
3a7ef57c8d mod_lua: stop complaining 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1588807 13f79535-47bb-0310-9956-ffa450edef68
 2014-04-20 17:56:10 +00:00
Daniel Gruno
e1f073ca56 mod_lua: Use binary strstr for finding endpoints of a multipart object. (How did this EVER work?! *sigh*) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1588761 13f79535-47bb-0310-9956-ffa450edef68
 2014-04-20 13:58:13 +00:00
Daniel Gruno
b6899453ab Add a note on t->r checking, as per Rüdiger's email. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582881 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-28 20:43:15 +00:00
Daniel Gruno
29e243b1fb mod_lua: Since c->notes is the only place where r will be NULL, we don't need to check a second time, since we'll never meddle with tables named 'notes' 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582877 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-28 20:33:08 +00:00
Daniel Gruno
d38e1b6e83 mod_lua: Redesign the table construction/access mechanism, so we pass on a struct with the request_rec, the table pointer and the table name instead of just the table pointer. This allows us to use the request_rec for logging/editing purposes, as well as inform the user which exact table in the request_rec was modified. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582858 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-28 18:38:41 +00:00
Daniel Gruno
8ae663bc78 mod_lua: Prevent HTTP Response Splitting by not allowing tables in the request_rec to be set with values containing newlines. This is a semi-ugly hack, but it will have to do until we find another way of setting these values. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582262 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-27 11:20:03 +00:00
Daniel Gruno
2514105ae4 mod_lua: escape key/value pairs when setting cookies to prevent header splitting with tainted cookies. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582253 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-27 10:58:35 +00:00
Daniel Gruno
8ad00113ae mod_lua: Reformat and escape script error output. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1582247 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-27 10:44:43 +00:00
Daniel Gruno
266b5a6438 fix message number 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1578882 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-18 13:40:03 +00:00
Daniel Gruno
8ae204c9b0 mod_lua: Actually check whether interpreting the base structure of a file works or not, don't just assume it works. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1578870 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-18 13:32:36 +00:00
Daniel Gruno
31ad0e2d6b mod_lua: be a bit more verbose in error logging. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1578825 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-18 11:26:04 +00:00
Daniel Gruno
82e4ee75b0 mod_lua: Add a fixups hook that checks if the original request is intended for LuaMapHandler. This fixes a bug where FallbackResource invalidates the LuaMapHandler directive in certain cases by changing the URI before the map handler code executes. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1576981 13f79535-47bb-0310-9956-ffa450edef68
 2014-03-12 22:56:44 +00:00
Daniel Gruno
9dcfbbf7d4 this wasn't supposed to be a pointer, thanks Yann! 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572748 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-27 21:56:59 +00:00
Daniel Gruno
78f93a7569 Remove bad line that snuck into the commit 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572704 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-27 19:11:54 +00:00
Daniel Gruno
760d584e2b mod_lua: Only read up to whatever the user defines as max size when using r:parsebody() - if content length is greater, return an error. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1572703 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-27 19:10:55 +00:00
Daniel Gruno
dde9e0effa Allow mod_lua to supply a database result with named rows instead of only numeric indexes. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1570528 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-21 11:10:10 +00:00
Daniel Gruno
c92f2cf0ad mod_lua: Add r:wspeek for checking if data is available to be read. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1570208 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-20 14:46:38 +00:00
Daniel Gruno
e3b43089d8 mod_lua: Slight null-check fix on setcookie. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1570156 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-20 11:47:47 +00:00
Daniel Gruno
1d91506913 use err_headers_out for setting cookies instead of headers_out, so they persist on non-2xx/3xx statuses (Thanks to Joe Schaefer for this) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1567434 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-11 22:51:20 +00:00
Daniel Gruno
5ed3e10473 mod_lua: Upgrade r:setcookie to accept a table of arguments, and add domain, path and HttpOnly to the list of options available for setting. PR 56128 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1567430 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-11 22:45:32 +00:00
Eric Covener
92be81f133 mod_lua: Fix r:setcookie() to add, rather than replace, 
the Set-Cookie header. PR56105

Submitted By: Kevin J Walters <kjw ms com>, Edward Lu <Chaosed0 gmail com>
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1567221 13f79535-47bb-0310-9956-ffa450edef68
 2014-02-11 16:57:07 +00:00