delta/apache/httpd.git/server/util.c, branch 2.4.17-protocols-changes github.com: apache/httpd.git Follow up to r1705672. 2015-09-28T22:00:12+00:00 Yann Ylavic ylavic@apache.org 2015-09-28T22:00:12+00:00 c8dc4e3b7edbffb07ddd447c81555a0fd080b6a5 Backport changes that somehow missed the backport process. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705784 13f79535-47bb-0310-9956-ffa450edef68 
Backport changes that somehow missed the backport process.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705784 13f79535-47bb-0310-9956-ffa450edef68
Merge r1697855, r1697339, r1696428, r1696266, r1696264, r1695874, r1695727, r1692516, r1692486, r1610674, r1685069, r1693918, r1698116, r1698133, r1694950, r1700968, r1701005, r1701145, r1701178 from trunk: 2015-09-28T12:31:37+00:00 Jim Jagielski jim@apache.org 2015-09-28T12:31:37+00:00 7475aa0909975f8491de64bb08d9793c6e503ae2 adding ap_get_protocol(c) which safeguards against NULL returns, for use instead of direct calling ap_run_protocol_get changed Protocols to let vhosts override servers, removed old H2Engine example from readme creating ap_array_index in util, forwarding scheme into request processing, enabling SSL vars only when scheme is not http:, delayed connection creation until task worker assignment removed unnecessary lingering_close and sbh update on end of protocol upgrade handling introducing ap_array_index in util, used in protocol and mod_h2 fixes existing protocol missing in selection if not explicitly proposed new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed preference selection and config merging removed accidental code new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2 SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy configuration, a remote attacker could send a carefully crafted request which could crash a server process, resulting in denial of service. Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting this issue. * server/util.c (ap_parse_token_list_strict): New function. * modules/proxy/proxy_util.c (find_conn_headers): Use it here. * modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response): Send a 400 for a malformed Connection header. Submitted by: Edward Lu, breser, covener http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code for clients requesting a hostname on a reused connection whose SNI (from the TLS handshake) does not match. PR 5802. This allows HTTP/2 clients to fall back to a new connection as per: https://tools.ietf.org/html/rfc7540#section-9.1.2 Proposed by: Stefan Eissing <stefan eissing.org> Reviewed by: ylavic c89 Allowing protocol_propose hooks to be called with offers=NULL, clarifying semantics as proposed by chaosed0@gmail.com giving ap_array_index a start parameter, adding ap_array_contains ap_process_request needs exportation for use in mod_h2 on Windows final final change to the new ap_array_str_* functions after review changed Protocols default to http/1.1 only, updated documentation, changed ap_select_protocol() to return NULL when no protocol could be agreed upon mod_ssl: fix compiler warning (bad cast). improvements in ap_select_protocol(), supplied by yann ylavic Submitted by: icing, jorton, ylavic, covener, icing, icing, gsmith, icing, icing, ylavic, icing Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705672 13f79535-47bb-0310-9956-ffa450edef68 
adding ap_get_protocol(c) which safeguards against NULL returns, for use instead of direct calling ap_run_protocol_get

changed Protocols to let vhosts override servers, removed old H2Engine example from readme

creating ap_array_index in util, forwarding scheme into request processing, enabling SSL vars only when scheme is not http:, delayed connection creation until task worker assignment

removed unnecessary lingering_close and sbh update on end of protocol upgrade handling

introducing ap_array_index in util, used in protocol and mod_h2

fixes existing protocol missing in selection if not explicitly proposed

new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed preference selection and config merging

removed accidental code

new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2

SECURITY (CVE-2014-0117): Fix a crash in mod_proxy.  In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.

Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.

* server/util.c (ap_parse_token_list_strict): New function.

* modules/proxy/proxy_util.c (find_conn_headers): Use it here.

* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
  Send a 400 for a malformed Connection header.

Submitted by: Edward Lu, breser, covener


http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code
for clients requesting a hostname on a reused connection whose SNI (from the
TLS handshake) does not match.
PR 5802.

This allows HTTP/2 clients to fall back to a new connection as per:
https://tools.ietf.org/html/rfc7540#section-9.1.2

Proposed by: Stefan Eissing <stefan eissing.org>
Reviewed by: ylavic


c89


Allowing protocol_propose hooks to be called with offers=NULL, clarifying semantics as proposed by chaosed0@gmail.com

giving ap_array_index a start parameter, adding ap_array_contains

ap_process_request needs exportation for use in mod_h2 on Windows


final final change to the new ap_array_str_* functions after review

changed Protocols default to http/1.1 only, updated documentation, changed ap_select_protocol() to return NULL when no protocol could be agreed upon

mod_ssl: fix compiler warning (bad cast).

improvements in ap_select_protocol(), supplied by yann ylavic
Submitted by: icing, jorton, ylavic, covener, icing, icing, gsmith, icing, icing, ylavic, icing
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705672 13f79535-47bb-0310-9956-ffa450edef68
core, modules: Avoid error response/document handling by the core if some 2015-05-29T20:07:15+00:00 William A. Rowe Jr wrowe@apache.org 2015-05-29T20:07:15+00:00 f88e3ce367f922464421d05f41b246e25c7fb63a handler or input filter already did it while reading the request (causing a double response body). Submitted by: ylavic Backports: r1482522 (partial, ap_map_http_request_error() things only!), r1529988, r1529991, r1643537, r1643543, r1657897, r1665625, r1665721, r1674056 Reviewed by: ylavic, minfrin, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682544 13f79535-47bb-0310-9956-ffa450edef68 
handler or input filter already did it while reading the request (causing
a double response body).

Submitted by: ylavic
Backports: r1482522 (partial, ap_map_http_request_error() things only!),
           r1529988, r1529991, r1643537, r1643543, r1657897, r1665625, 
           r1665721, r1674056
Reviewed by: ylavic, minfrin, wrowe




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1682544 13f79535-47bb-0310-9956-ffa450edef68
Merge r1648394 from trunk: 2015-01-14T13:20:49+00:00 Eric Covener covener@apache.org 2015-01-14T13:20:49+00:00 44309cd8e225eb7865a0c612fc738c5c393f81f1 Configuration files with long lines and continuation characters are not read properly. PR 55910. Submitted By: Manuel Mausz <manuel-as mausz.at> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651653 13f79535-47bb-0310-9956-ffa450edef68 
Configuration files with long lines and continuation characters
are not read properly. PR 55910. 

Submitted By: Manuel Mausz <manuel-as mausz.at>
Committed By: covener




git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651653 13f79535-47bb-0310-9956-ffa450edef68
Merge r1597642, r1608999, r1605207, r1610366, r1610353, r1611871 from trunk: 2014-09-05T14:19:29+00:00 Jim Jagielski jim@apache.org 2014-09-05T14:19:29+00:00 a6d3d7c9c8d4dfe56a7f662180bb34110b8a2a29 Rename module name in doxygen + partly revert r832442 which skipped doxygen doc generation for 'mod_watchdog.h' s/apr_pstrndup/apr_pstrmemdup/ to save a few cycles Use ap_remove_input_filter_byhandle instead of duplicating the code. Remove some 'register' in variable declaration. Remove some 'register' in variable declaration. Save a few cycles by calling 'apr_isalnum' instead of 'apr_isalpha' and 'apr_isdigit'. Do not use deprecated define. No change in generated code because MODULE_MAGIC_NUMBER is defined as: #define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1622705 13f79535-47bb-0310-9956-ffa450edef68 
Rename module name in doxygen + partly revert r832442 which skipped doxygen doc generation for 'mod_watchdog.h'

s/apr_pstrndup/apr_pstrmemdup/ to save a few cycles

Use ap_remove_input_filter_byhandle instead of duplicating the code.

Remove some 'register' in variable declaration.

Remove some 'register' in variable declaration.
Save a few cycles by calling 'apr_isalnum' instead of 'apr_isalpha' and 'apr_isdigit'.

Do not use deprecated define.

No change in generated code because MODULE_MAGIC_NUMBER is defined as:
   #define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1622705 13f79535-47bb-0310-9956-ffa450edef68
Merge r1487528, r1563379, r1563381, r1565711 from trunk: 2014-02-19T12:43:58+00:00 Jim Jagielski jim@apache.org 2014-02-19T12:43:58+00:00 868ee46fc9108e42b8bbf154a7aea4df4b9d5f93 * server/protocol.c (r_flush): Use int return type as per declaration of apr_vformatter(); no functional change. Use %pm in order to save 8k of stack in 'ap_pcfg_strerror' s/apr_pstrndup/apr_pstrmemdup/ when applicable follow-up to r1096569: remove unnecessary total_modules calculation Submitted by: jorton, jailletc36, jailletc36, trawick Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569726 13f79535-47bb-0310-9956-ffa450edef68 
* server/protocol.c (r_flush): Use int return type as per declaration
  of apr_vformatter(); no functional change.


Use %pm in order to save 8k of stack in 'ap_pcfg_strerror'

s/apr_pstrndup/apr_pstrmemdup/ when applicable

follow-up to r1096569:

remove unnecessary total_modules calculation

Submitted by: jorton, jailletc36, jailletc36, trawick
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1569726 13f79535-47bb-0310-9956-ffa450edef68
core: Add the ability to do explicit matching on weak and strong ETags 2013-05-28T21:17:53+00:00 Graham Leggett minfrin@apache.org 2013-05-28T21:17:53+00:00 d5688b382fd477045204fa089f8a84965bb2c8d9 as per RFC2616 Section 13.3.3. trunk patch: http://svn.apache.org/r1479528 Submitted by: minfrin Reviewed by: jim, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1487123 13f79535-47bb-0310-9956-ffa450edef68 
as per RFC2616 Section 13.3.3.

trunk patch: http://svn.apache.org/r1479528

Submitted by: minfrin
Reviewed by: jim, wrowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1487123 13f79535-47bb-0310-9956-ffa450edef68
core: speed up (for common cases) and reduce memory usage of ap_escape_logitem 2013-05-23T14:17:56+00:00 Graham Leggett minfrin@apache.org 2013-05-23T14:17:56+00:00 e794edc5db956540942746b7185d2a7d0da11829 This should save 70-100 bytes in the request pool for a default config. trunk patch: http://svn.apache.org/r1485409 Submitted by: jailletc36 Reviewed by: jim, covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1485723 13f79535-47bb-0310-9956-ffa450edef68 
This should save 70-100 bytes in the request pool for a default config.

trunk patch: http://svn.apache.org/r1485409
Submitted by: jailletc36
Reviewed by: jim, covener


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1485723 13f79535-47bb-0310-9956-ffa450edef68
mod_authnz_ldap: Allow using exec: callouts like SSLPassphraseDialog 2013-04-27T23:14:11+00:00 Graham Leggett minfrin@apache.org 2013-04-27T23:14:11+00:00 5a16ee712db2c19d99b778e7f734e008045c258c for AuthLDAPBindPassword. trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478 http://svn.apache.org/viewvc?view=revision&revision=1467523 http://svn.apache.org/viewvc?view=revision&revision=1467792 2.4.x patch: http://people.apache.org/~druggeri/patches/AuthLDAPBindPasswordExec-2.4.patch (20130119 - updated to include minor mmn bump) (20130412 - updated to not use static var - thx, wrowe) Submitted by: druggeri Reviewed by: jim, minfrin git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1476694 13f79535-47bb-0310-9956-ffa450edef68 
for AuthLDAPBindPassword.

trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1433478
             http://svn.apache.org/viewvc?view=revision&revision=1467523
             http://svn.apache.org/viewvc?view=revision&revision=1467792
2.4.x patch: http://people.apache.org/~druggeri/patches/AuthLDAPBindPasswordExec-2.4.patch
             (20130119 - updated to include minor mmn bump)
             (20130412 - updated to not use static var - thx, wrowe)

Submitted by: druggeri
Reviewed by: jim, minfrin


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1476694 13f79535-47bb-0310-9956-ffa450edef68
Merge r1452128 from trunk: 2013-04-15T12:42:00+00:00 Jim Jagielski jim@apache.org 2013-04-15T12:42:00+00:00 9cfbdb0e6f441ad4621c563de78bd42e4abb9afd Remove useless tests. Turn if (*x && apr_isspace(*x)) into if (apr_isspace(*x)) Submitted by: jailletc36 Reviewed/backported by: jim git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1467980 13f79535-47bb-0310-9956-ffa450edef68 
Remove useless tests.

Turn
   if (*x && apr_isspace(*x))
into
   if (apr_isspace(*x))
Submitted by: jailletc36
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1467980 13f79535-47bb-0310-9956-ffa450edef68