www/apache
1
0
Fork 0
mirror of https://github.com/apache/httpd.git synced 2025-11-14 01:22:37 +03:00
Code Activity
26,419 Commits 62 Branches 304 Tags
1755dc97033f4c7129f1f8c9380510517c7005a4
Commit Graph

269 Commits

Author SHA1 Message Date
Jean-Frederic Clere
383bae1ebc if Transfer-Encoding is not "identity" ignore Content-Length. 
otherwise ajp-proxy hangs when Transfer-Encoding is "chunked".


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@191175 13f79535-47bb-0310-9956-ffa450edef68
 2005-06-17 16:47:43 +00:00
Paul Querna
357706a870 If a request contains both a T-E and C-L, remove the C-L, stopping some HTTP Request Smuggling attacks exploited when using HTTPD as a forward or reverse proxy. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@191005 13f79535-47bb-0310-9956-ffa450edef68
 2005-06-16 21:34:08 +00:00
Joe Orton
b90c24d243 * server/protocol.c (read_request_line): Revert addition of error 
message which triggers every time dummy_connection() is used to wake
up a child.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@170433 13f79535-47bb-0310-9956-ffa450edef68
 2005-05-16 19:36:04 +00:00
Jeff Trawick
7ae218a5bf Support the suppress-error-charset setting, as with Apache 1.3.x. 
With Apache 1.3.x, it is a bit simpler as the request does
not go through ap_make_content_type().

Modules can set custom error responses but not be able to
set the charset, so they have to code the charset in the
html.  Thus, it is useful to preserve 1.3.x behavior exactly.

PR: 26467


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@170354 13f79535-47bb-0310-9956-ffa450edef68
 2005-05-16 10:41:42 +00:00
Greg Ames
6eabfd6c6a use a more general but slightly slower test for a body. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@160573 13f79535-47bb-0310-9956-ffa450edef68
 2005-04-08 18:07:33 +00:00
Greg Ames
2b3ad91040 clone_headers_no_body: remove all entity headers in addition to the 
Transfer-Encoding header when creating a GET subrequest



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@159410 13f79535-47bb-0310-9956-ffa450edef68
 2005-03-29 18:24:46 +00:00
Greg Ames
235fd33d8f don't propagate input headers describing a body to a subrequest. this can cause a 
back end server to hang in a read for a body which no longer exists.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@158798 13f79535-47bb-0310-9956-ffa450edef68
 2005-03-23 16:36:45 +00:00
Justin Erenkrantz
905cdf9f0b Update copyright year to 2005 and standardize on current copyright owner line. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@151408 13f79535-47bb-0310-9956-ffa450edef68
 2005-02-04 20:28:49 +00:00
William A. Rowe Jr
6b27462b2f limit_req_fieldsize is signed, correct a signedness error using 
a cast since it's not possible to have a negative limit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@124283 13f79535-47bb-0310-9956-ffa450edef68
 2005-01-05 22:21:56 +00:00
William A. Rowe Jr
d962fcfc8b FINALLY Correct ap_http_method()! It is NOT a method, it's a SCHEME! 
Bumped mmn, and ap module cookie, for this function rename.

  It's not a deprecation, as ap_http_method would be a lovely function
  name sometime in the future: to determine what the function name implies.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@123882 13f79535-47bb-0310-9956-ffa450edef68
 2005-01-02 05:33:44 +00:00
Bradley Nicholes
694a529c09 Revert patch r104923. This patch doesn't actually fix bug 18757 and 
breaks TLS upgrade functionality.  Also, removing the content length for
HEAD requests is being handled in ap_http_header_filter().


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@110141 13f79535-47bb-0310-9956-ffa450edef68
 2004-12-07 19:04:22 +00:00
Joe Orton
4ddf48af17 Fix for memory consumption DoS, CVE CAN-2004-0942: 
* server/protocol.c (ap_rgetline_core): Don't trim trailing whitespace
from the buffer here.
(ap_get_mime_headers_core): Trim trailing whitespace here, after
reading a complete field including continuation lines.  Also simplify
code to remove whitespace between field-name and colon.

Reviewed by: Andr�� Malo, Bill Stoddard


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105680 13f79535-47bb-0310-9956-ffa450edef68
 2004-11-04 14:50:31 +00:00
Paul Querna
01148487b7 Use a more descriptive error message, and make it an INFO insteead of NOTICE. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105593 13f79535-47bb-0310-9956-ffa450edef68
 2004-10-25 15:59:43 +00:00
Nick Kew
d1c714c4f9 PR: 31875 
Fix URI parsing bug in case of a leading double-slash


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105586 13f79535-47bb-0310-9956-ffa450edef68
 2004-10-25 10:24:17 +00:00
Paul Querna
35e0b8cd51 This will put some messages in the error log when some people try a lame 
DoS by just opening a socket, and never sending any data.

Ivan suggested such a change about a month ago, to match the 1.3 behavoir.

Today I helped OSU's Admins figure out that someone was trying this 'attack'
against their mirror server.  The server status just showed hundreds of
Apache Children stuck in Reading.  This will at least hint to the admins
where the problem is by telling them about it in the error log.

Inspired by: Rici Lake, Ivan Ristic <ivanr webkreator.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105583 13f79535-47bb-0310-9956-ffa450edef68
 2004-10-25 06:40:08 +00:00
Roy T. Fielding
c76dd4ecef veto and revert win64 patch: 64bit changes must percolate from the 
bottom (APR/system) up -- we can't give the client a 64bit API and
then cast it to 32bits internally without introducing security holes
on other platforms.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105572 13f79535-47bb-0310-9956-ffa450edef68
 2004-10-23 22:39:53 +00:00
Allan K. Edwards
6c775f9a3c WIN64: API changes to clean up Windows 64bit compile warnings 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105545 13f79535-47bb-0310-9956-ffa450edef68
 2004-10-22 15:22:05 +00:00
Joe Orton
2b26d10798 * server/protocol.c (ap_rgetline_core): Never NUL terminate at 
(*s)[-1] for caller-supplied *s.

Submitted by: Rici Lake <ricilake speedy.com.pe>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105231 13f79535-47bb-0310-9956-ffa450edef68
 2004-09-21 21:07:23 +00:00
Joe Orton
d05865b144 * server/protocol.c (ap_rgetline_core): Fix off-by-one. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105113 13f79535-47bb-0310-9956-ffa450edef68
 2004-09-13 15:34:59 +00:00
Nick Kew
cf9053ecbd Fix for Bug 18757 (sending bogus content-length of zero in no-body requests) 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104923 13f79535-47bb-0310-9956-ffa450edef68
 2004-09-01 12:24:48 +00:00
William A. Rowe Jr
ef0c43088f Fix signedness emit. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104639 13f79535-47bb-0310-9956-ffa450edef68
 2004-08-12 17:48:35 +00:00
Jeff Trawick
46ff3a2fdc CAN-2004-0493 - memory exhaustion denial of service 
Reviewed by:	jerenkrantz


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104059 13f79535-47bb-0310-9956-ffa450edef68
 2004-06-28 23:53:52 +00:00
Greg Ames
e9b7d5fefe ap_rgetline_core: insure that the output string is null terminated 
when exiting with APR_ENOSPC

Submitted by: Tsurutani Naoki <turutani scphys.kyoto-u.ac.jp>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103482 13f79535-47bb-0310-9956-ffa450edef68
 2004-04-22 22:38:03 +00:00
André Malo
3cec2db307 ap_set_sub_req_protocol and ap_finalize_sub_req_protocol are now 
exported on Win32 as well

PR: 28523
Submitted by: Edward Rudd <eddie omegaware.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@103474 13f79535-47bb-0310-9956-ffa450edef68
 2004-04-21 21:57:19 +00:00
Paul J. Reder
38d03c5274 *) Remove compile-time length limit on request strings. Length is 
now enforced solely with the LimitRequestLine config directive.
    [Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102840 13f79535-47bb-0310-9956-ffa450edef68
 2004-03-01 21:40:44 +00:00
André Malo
eeb57c17ad fix name of The Apache Software Foundation 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102619 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-09 20:40:53 +00:00
André Malo
e88fcf3c64 fix copyright dates according to the first check in 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102589 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-08 13:58:22 +00:00
André Malo
4f02cb1e18 apply Apache License, Version 2.0 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102525 13f79535-47bb-0310-9956-ffa450edef68
 2004-02-06 22:58:42 +00:00
Joe Orton
d78bd01cc6 * server/protocol.c (ap_rgetline_core): Fix folding if header is 
continued over more than two lines.

PR: 19405 (affects proxy only)


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102414 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-26 21:09:12 +00:00
Joe Orton
f5aa5e9081 * server/protocol.c (ap_rgetline_core): Re-indent function after being 
skewed by CAN-2003-0132 fix: no functional change.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102413 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-26 20:58:12 +00:00
André Malo
fb07607180 update license to 2004. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102135 13f79535-47bb-0310-9956-ffa450edef68
 2004-01-01 13:26:26 +00:00
Cliff Woolley
aaf0424e2b get rid of _FOREACH 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101788 13f79535-47bb-0310-9956-ffa450edef68
 2003-11-16 02:09:14 +00:00
Jeff Trawick
0c3c5b7145 Set the scoreboard state to indicate logging prior to running 
logging hooks so that server-status will show 'L' for hung loggers
instead of 'W'.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101517 13f79535-47bb-0310-9956-ffa450edef68
 2003-10-22 16:45:53 +00:00
Jeff Trawick
45384da23b tag the pools created for requests and subrequests 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101441 13f79535-47bb-0310-9956-ffa450edef68
 2003-10-13 23:43:00 +00:00
Jeff Trawick
468445ace2 zap an incorrect comment that remained from 1.3 days 
Submitted by:	Aryeh Katz
Reviewed by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@101211 13f79535-47bb-0310-9956-ffa450edef68
 2003-09-10 12:12:18 +00:00
Jeff Trawick
ad2c145ec1 minor style changes 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100562 13f79535-47bb-0310-9956-ffa450edef68
 2003-07-12 13:03:39 +00:00
Joe Orton
b03404a6cb Update comment after removal of tmp_headers in r1.132. 
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100550 13f79535-47bb-0310-9956-ffa450edef68
 2003-07-11 11:00:38 +00:00
Paul J. Reder
0cab3cd57a Update the header token parsing code to allow LWS between the token word 
and the ':' seperator.  [PR 16520]
[submitted: Kris Verbeeck <kris.verbeeck@advalvas.be> and
            Nicel KM <mnicel@yahoo.com>]
[Reviewed: <coad@measurement-factory.com> and
           Paul J. Reder]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100492 13f79535-47bb-0310-9956-ffa450edef68
 2003-07-08 21:21:13 +00:00
Brian Pane
cb820d48b8 Eliminate creation of a temporary table in ap_get_mime_headers_core() 
Submitted by:	Joe Schaefer <joe+gmane@sunstarsys.com>
Reviewed by:	Brian Pane


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@100334 13f79535-47bb-0310-9956-ffa450edef68
 2003-06-22 22:08:53 +00:00
Jeff Trawick
013339e87d fix some discrepancies between format strings and arguments, 
resolving some warnings on 64-bit systems


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99374 13f79535-47bb-0310-9956-ffa450edef68
 2003-04-15 22:47:58 +00:00
Brian Pane
68bf0bebe1 Simplify and shorten the code path for scanning request headers 
Reviewed by:	Greg Ames, Bill Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99109 13f79535-47bb-0310-9956-ffa450edef68
 2003-03-29 16:32:22 +00:00
Greg Ames
a38bd025fc ap_rgetline_core: set the number of bytes read & copied into the caller's 
buffer when returning APR_ENOSPC.  This prevents seg faults in
ap_get_mime_headers_core in an error path which handles headers that are too
long.

Submitted by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99079 13f79535-47bb-0310-9956-ffa450edef68
 2003-03-27 20:34:56 +00:00
Greg Ames
335a2bffee ap_get_mime_headers_core: allocate space for the trailing null when there 
are folded headers. PR 18170 [Peter Mayne <PeterMayne@SPAM_SUX.ap.spherion.com>]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99057 13f79535-47bb-0310-9956-ffa450edef68
 2003-03-24 16:39:25 +00:00
André Malo
742af25096 finished that boring job: 
update license to 2003.

Happy New Year! ;-))


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98573 13f79535-47bb-0310-9956-ffa450edef68
 2003-02-03 17:53:28 +00:00
Greg Ames
f7befb0703 ap_get_mime_headers: combine some error paths to remove a conditional 
branch from the mainline path.

It might be worthwhile to move all the getline error handling into a
separate function and be a little more i-cache friendly.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97879 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-11 22:30:37 +00:00
Greg Ames
2be5ade5dc ap_get_mime_headers: whoops - need to insure that we use a configured 
field size limit if there is one


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97875 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-11 22:09:40 +00:00
Greg Ames
4c7042aa3e ap_get_mime_headers: tighten up the null termination of header line which is 
too long.  getline can return a smaller length that what it actually read in
that case.

The check for len > limit_fieldsize isn't needed, but we do need to insure
that getline actually allocated a buffer (and set len) in the case where
the first socket input buffer is already bigger than the limit.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97863 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-11 21:03:58 +00:00
Greg Ames
fab2e40c2e prevent a potential seg fault in ap_escape_html if a header field is too 
long.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97832 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-10 02:56:26 +00:00
Justin Erenkrantz
eaa472517d Move the check of the Expect request header field after the hook 
for ap_post_read_request, since that is the only opportunity for
modules to handle Expect extensions.

Obtained from: apache-1.3


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97765 13f79535-47bb-0310-9956-ffa450edef68
 2002-12-03 08:38:45 +00:00
Jeff Trawick
8bc57d1e1e bucket length parameter is apr_size_t, which isn't always signed, 
so be careful when comparing with the special value -1

Submitted by:	Allan Edwards <ake@us.ibm.com>
Reviewed by:	Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97569 13f79535-47bb-0310-9956-ffa450edef68
 2002-11-19 19:32:38 +00:00