summaryrefslogtreecommitdiff
path: root/server/protocol.c
Commit message (Collapse)AuthorAgeFilesLines
* fail on bad headerEric Covener2023-01-101-0/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1906539 13f79535-47bb-0310-9956-ffa450edef68
* handle large writes in ap_rputsEric Covener2022-06-011-0/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1901500 13f79535-47bb-0310-9956-ffa450edef68
* Merge PR 311:Stefan Eissing2022-04-131-418/+257
| | | | | | | | | | | | | | | | *) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific input filter to separate the handling for HTTP requests from the handling of HTTP/1.x request parsing and checks. A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections before a request is being read. It generates either a REQUEST meta bucket on success or an ERROR bucket with the proposed response status. The core connection processing, relying on ap_read_request(), now expects a REQUEST or ERROR bucket from the input filters and is agnostic to specific HTTP versions and how they bring requests into the server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899799 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specificStefan Eissing2022-04-071-39/+19
| | | | | | | | | | | | | | filter to send responses through the output filter chain. Specifically: the HTTP_HEADER output filter and ap_send_interim_response() create a RESPONSE bucket and no longer are concerned with HTTP/1.x serialization. A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x bytes when dealing with a RESPONSE bucket. That filter installs itself on the pre_read_request hook when the connection has protocol 'http/1.1'. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899648 13f79535-47bb-0310-9956-ffa450edef68
* *) core/mod_http/mod_http2:Stefan Eissing2022-04-041-0/+53
| | | | | | | | | | | | | | | | | | | - adds new meta bucket types REQUEST, RESPONSE and HEADERS to the API. - adds a new method for setting standard response headers Date and Server - adds helper methods for formatting parts of HTTP/1.x, like headers and end chunks for use in non-core parts of the server, e.g. mod_proxy - splits the HTTP_IN filter into a "generic HTTP" and "specific HTTP/1.x" filter. The latter one named HTTP1_BODY_IN. - Uses HTTP1_BODY_IN only for requests with HTTP version <= 1.1 - Removes the chunked input simulation from mod_http2 - adds body_indeterminate flag to request_rec that indicates that a request body may be present and needs to be read/discarded. This replaces logic that thinks without Content-Length and Transfer-Encoding, no request body can exist. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1899547 13f79535-47bb-0310-9956-ffa450edef68
* core: Simpler connection close logic if discarding the request body fails.Yann Ylavic2022-03-071-20/+8
| | | | | | | | | If ap_discard_request_body() sets AP_CONN_CLOSE by itself it simplifies and allows to consolidate end_output_stream() and error_output_stream(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898683 13f79535-47bb-0310-9956-ffa450edef68
* http: Enforce that fully qualified uri-paths not to be forward-proxiedYann Ylavic2021-12-131-1/+22
| | | | | | | | | | | | have an http(s) scheme, and that the ones to be forward proxied have a hostname, per HTTP specifications. The early checks avoid failing the request later on and thus save cycles for those invalid cases. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895921 13f79535-47bb-0310-9956-ffa450edef68
* Revert spurious commit r1895340.Yann Ylavic2021-11-251-19/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895341 13f79535-47bb-0310-9956-ffa450edef68
* Trigger ci.Yann Ylavic2021-11-251-1/+19
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895340 13f79535-47bb-0310-9956-ffa450edef68
* core: Follow up to r1893030: Use special address for invalid r->method.Yann Ylavic2021-09-071-2/+4
| | | | | | | | read_request_line() failure was cought by ap_parse_request() with r->method being NULL, so have a .rodata pointer to "-" instead. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893044 13f79535-47bb-0310-9956-ffa450edef68
* core: Initialize the request fields on read failure to avoid NULLs.Yann Ylavic2021-09-071-0/+5
| | | | | | | | | | * server/protocol.c(read_request_line): Set r->method_number to M_INVALID and r->{method,uri,unparsed_uri} to "-" when read fails, ap_parse_request_line() will never be called. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893030 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1893026, will re-commit with minimal changes to ease backport.Yann Ylavic2021-09-071-7/+2
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893028 13f79535-47bb-0310-9956-ffa450edef68
* core: Initialize the request fields on read failure to avoid NULLs.Yann Ylavic2021-09-071-2/+7
| | | | | | | | | | * server/protocol.c(read_request_line): Set r->method_number to M_INVALID and r->{method,uri,unparsed_uri} to "-" when read fails, ap_parse_request_line() will never be called. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893026 13f79535-47bb-0310-9956-ffa450edef68
* core: Set r->request_time before any logging, mod_unique_id needs it.Yann Ylavic2021-09-071-1/+3
| | | | | | | | | | | * server/protocol.c(read_request_line): Move r->request_time initialization before first APLOG_TRACE5, ap_log_rerror() may run the generate_log_id hooks and call mod_unique_id with no timestamp initialized (zero). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1893001 13f79535-47bb-0310-9956-ffa450edef68
* server/protocol.c: remove old hooks links that had been moved to server/ssl.cStefan Eissing2021-04-131-5/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888729 13f79535-47bb-0310-9956-ffa450edef68
* *) core: provide ap_ssl_* functions in new http_ssl.h header file.Stefan Eissing2021-03-261-103/+0
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1888083 13f79535-47bb-0310-9956-ffa450edef68
* Make sure that conn->keepalive is NOT reset after being set in ↵Jean-Frederic Clere2021-03-241-0/+1
| | | | | | ap_read_request(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887999 13f79535-47bb-0310-9956-ffa450edef68
* Changed ap_ssl_answer_challenge() and its hook to provide PEM data forStefan Eissing2021-03-031-4/+4
| | | | | | | | | | | certificate and key instead of file names. Added support for this in mod_ssl and verified with a local mod_md version that uses it. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887151 13f79535-47bb-0310-9956-ffa450edef68
* Adding more ap_ssl_* functions and hooks to the core server.Stefan Eissing2021-03-021-0/+36
| | | | | | | | | | | | | | | | | | - ap_ssl_add_cert_files() to enable other modules like mod_md to provide certificate and keys for an SSL module like mod_ssl. - ap_ssl_add_fallback_cert_files() to enable other modules like mod_md to provide a fallback certificate in case no 'proper' certificate is available for an SSL module like mod_ssl. - ap_ssl_answer_challenge() to enable other modules like mod_md to provide a certificate as used in the RFC 8555 'tls-alpn-01' challenge for the ACME protocol for an SSL module like mod_ssl. - Hooks for 'ssl_add_cert_files', 'ssl_add_fallback_cert_files' and 'ssl_answer_challenge' where modules like mod_md can provide providers to the above mentioned functions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887085 13f79535-47bb-0310-9956-ffa450edef68
* *) core: Adding SSL related inquiry functions to the server API.Stefan Eissing2021-02-231-0/+72
| | | | | | | | | | | | | | | | | | | | | | | These function are always available, even when no module providing SSL is loaded. They provide their own "shadowing" implementation for the optional functions of similar name that mod_ssl and impersonators of mod_ssl provide. This enables loading of several SSL providing modules when all but one of them registers itself into the new hooks. Two old-style SSL modules will not work, as they replace the others optional functions with their own. Modules using the old-style optional functions will continue to work as core supplies its own versions of those. The following has been added so far: - ap_ssl_conn_is_ssl() to query if a connection is using SSL. - ap_ssl_var_lookup() to query SSL related variables for a server/connection/request. - Hooks for 'ssl_conn_is_ssl' and 'ssl_var_lookup' where modules providing SSL can install their own value supplying functions. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1886840 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1877955: don't reuse the connection for mixed C-L / T-E requestsYann Ylavic2020-06-301-3/+10
| | | | | | | | | | | | | Disable keepalive on the connection if we received both Content-Length and chunked Transfer-Encoding in the request, to avoid confusion with front intermediaries and potential further request/response splitting. This is what we do already for mod_proxy backend connections in the same case. While at it, replace draft httpbis links with final RFC7230's. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879373 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1877955: always validate the Content-LengthYann Ylavic2020-06-301-11/+13
| | | | | | | even if it is to be ignored because of RFC7230 section 3.3.3 requirements. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879369 13f79535-47bb-0310-9956-ffa450edef68
* Validate request-target per RFC 7230 section 5.3.Yann Ylavic2020-06-221-2/+17
| | | | | | | | | | | RFC 7230 requires that the request-line URI be absolute, besides "CONNECT authority-form" and "OPTIONS asterisk-form". Enforce it in ap_parse_request_line(). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879078 13f79535-47bb-0310-9956-ffa450edef68
* Add a space to be consistent with surrounding code and to synch with 2.4.xChristophe Jaillet2020-06-191-1/+1
| | | | | | [skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1879007 13f79535-47bb-0310-9956-ffa450edef68
* * Revert r1878939, r1878938, r1878936, the changes toRuediger Pluem2020-06-191-14/+2
| | | | | | | | | | modules/http2/h2_request.c and CHANGES of r1878926 and r1878708 as a result of https://lists.apache.org/thread.html/red499ac4750b88e5943c25abb86434c59dfff4d4f386ffc53742755d%40%3Cdev.httpd.apache.org%3E and https://lists.apache.org/thread.html/ra79eee019e2357703b0ea81153458a29817b58ce92e3605949eee1fe%40%3Cdev.httpd.apache.org%3E git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878985 13f79535-47bb-0310-9956-ffa450edef68
* * Have the HTTP 0.9 / 1.1 processing code reject requests forRuediger Pluem2020-06-101-2/+14
| | | | | | | HTTP >= 2.0 with a HTTP Version Not Support status code. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1878708 13f79535-47bb-0310-9956-ffa450edef68
* core, protocol: reject invalid Content-Length ASAP.Yann Ylavic2020-05-201-1/+12
| | | | | | | | | Don't let invalid invalid Content-Length header go beyond ap_read_request() and protocol validation. The check in ap_http_filter() is still useful if some modules mangles the header, but it's too late for the usual case. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877955 13f79535-47bb-0310-9956-ffa450edef68
* core: follow up to r1876664: allow ErrorDocument to read body when applicableYann Ylavic2020-04-211-35/+40
| | | | | | | | | | | | | | | | | | | | | Unless ap_read_request() failed to read the request line or header, or Transfer-Encoding is invalid, we can still provide the request body to custom error handlers (ErrorDocument) that ask it (e.g. internal redirects to CGI). So this commit splits early failure path (previously die_early label) in two, die_unusable_input and die_before_hooks, where the latter preserves input filters (including HTTP_IN). Also, the code to apply the connection timeout and r->per_dir_config from the server is now in a new apply_server_config() helper since it's used multiple times. Note that apr_socket_timeout_set() is a noop if the new timeout is the same as the one already in place, so there is no need to cache the old timeout nor use apr_socket_timeout_get(). Likewise, r->server is initially set to c->base_server so apply_server_config() is overall a noop when no change is needed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876784 13f79535-47bb-0310-9956-ffa450edef68
* core, h2: common ap_parse_request_line() and ap_check_request_header() code.Yann Ylavic2020-04-171-79/+97
| | | | | | | | | Extract parsing/validation code from read_request_line() and ap_read_request() into ap_parse_request_line() and ap_check_request_header() helpers such that mod_http2 can validate its HTTP/1 request with the same/configured policy. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876674 13f79535-47bb-0310-9956-ffa450edef68
* core, h2: send EOR for early HTTP request failure.Yann Ylavic2020-04-171-60/+82
| | | | | | | | | | | | | | The core output filters depend on EOR being sent at some point for correct accounting of setaside limits and lifetime. Rework ap_read_request() early failure (including in post_read_request() hooks) so that it always sends the EOR after ap_die(). Apply the same scheme in h2_request_create_rec() which is the HTTP/2 to HTTP/1 counterpart. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1876664 13f79535-47bb-0310-9956-ffa450edef68
* Fix spelling errors found by codespell. [skip ci]Mike Rumph2020-02-131-1/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873985 13f79535-47bb-0310-9956-ffa450edef68
* factor out TE=chunked checkingEric Covener2020-02-071-2/+1
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873748 13f79535-47bb-0310-9956-ffa450edef68
* PR63669: handle APR_BADARG return from ap_rgetlineEric Covener2020-01-311-0/+3
| | | | | | | | Submitted By: Giovanni Bechis <giovanni paclan.it> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1873394 13f79535-47bb-0310-9956-ffa450edef68
* Revert r1869222, wrong files committed.Yann Ylavic2019-10-311-128/+93
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869223 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: follow up to r1869216.Yann Ylavic2019-10-311-93/+128
| | | | | | | | | | | Let's call stream_reqbody() for all rb_methods, no RB_SPOOL_CL special case. This both simplifies code and allows to keep EOS into the input_brigade until it's sent, and thus detect whether we already fetched the whole body if/when proxy_http_handler() re-enters for different balancer members. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1869222 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: Fix 100-continue deadlock for spooled request bodies. PR 63855.Yann Ylavic2019-10-181-4/+11
| | | | | | | | | | | | Send "100 Continue", if needed, before fetching/blocking on the request body in spool_reqbody_cl(), otherwise mod_proxy and the client can wait for each other, leading to a request timeout (408). While at it, make so that ap_send_interim_response() uses the default status line if none is set in r->status_line. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868576 13f79535-47bb-0310-9956-ffa450edef68
* Fix a typo in a message.Christophe Jaillet2019-10-051-1/+1
| | | | | | | Reported and fixed by Christian Bartolomäus (bartolin gmx.de) PR 63806 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1868016 13f79535-47bb-0310-9956-ffa450edef68
* Fix a signed/unsigned comparison that can never match.Christophe Jaillet2019-08-101-2/+2
| | | | | | | | (+ add a missing space to improve formating) Spotted by gcc 9.1 and -Wextra git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864865 13f79535-47bb-0310-9956-ffa450edef68
* Fix a shadow (and useless) variable.Christophe Jaillet2018-10-191-5/+3
| | | | | | Fix a cppcheck warning and a style issue. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1844352 13f79535-47bb-0310-9956-ffa450edef68
* * server/protocol.c (ap_rvputs): Call va_end before returning in theJoe Orton2018-10-051-0/+1
| | | | | | | | error case, as required by C89/POSIX stdarg.h - Coverity warns for this. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1842919 13f79535-47bb-0310-9956-ffa450edef68
* add idsEric Covener2018-08-151-3/+3
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838079 13f79535-47bb-0310-9956-ffa450edef68
* Add StrictHostCheck Eric Covener2018-08-141-2/+19
| | | | | | | | | | | .. to allow ucnonfigured hostnames to be rejected. The checks happen during NVH mapping and checks that the mapped VH itself has the host as a name or alias. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838055 13f79535-47bb-0310-9956-ffa450edef68
* http: Enforce consistently no response body with both 204 and 304 statuses.Yann Ylavic2018-07-301-1/+1
| | | | | | | | | | Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and use it where some special treatment is needed when no body is expected. Some of those places handled 204 only. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837056 13f79535-47bb-0310-9956-ffa450edef68
* mod_proxy_http: forward 100-continue.Yann Ylavic2018-07-241-14/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Handle end-to-end 100-continue, according to RFC 7231, such that the client request body is not read/forwarded (according to its "Expect:" header) until the backend wants to receive it (with interim 100 continue response), or never forwarded if the backend provides a (non-interim) response and doesn't need the client body at all. This is achieved by filling the header_brigade in ap_proxy_http_prefetch() and letting ap_proxy_http_request() determine whether it should forward that brigade only (with the "Expect: 100-continue" specified by the client or added according to "ping=" configuration), or forward the whole body for the usual case (as before). When 100-continue expectation is in place, the body is actually forwarded by ap_proxy_http_process_response() when/if a "100 continue" response is sent by the backend, otherwise the body is discarded; a future enhancement could make so that in a balancer configuration, the body could be forwarded to another balancer member depending on the status/error from the backend. So stream_reqbody_cl() and stream_reqbody_chunked() functions are adapted to be called by either ap_proxy_http_request() or ap_proxy_http_process_response(), while spool_reqbody_cl() still spools the body in ap_proxy_http_prefetch() thus before the backend is connected/reused to avoid inactivity on the connection for the prefetch time (the prefetched body is also forwarded according to the 100-continue expectation, though). Also, since the brigades and other runtime objects now need to be shared by the ap_proxy_http_*() functions chain, a proxy_http_req_t struct/context is created from the start and passed to them as (the single) argument. This is also a good candidate for a future async baton, if we wanted to let the MPM event wait for connection data for us at any stage and be called back ;) Finally, ap_send_interim_response() is modified to correcly handle 100 continue responses once, and take care of clearing r->expecting_100 only for them. PR 60330. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836588 13f79535-47bb-0310-9956-ffa450edef68
* PR62368: Print the unparsed URI in AH03454Eric Covener2018-05-171-1/+1
| | | | | | | | | | | | | ... to include r->args and get otherwise get as close to possible to what came in over the wire. Submitted By: Hank Ibell <hwibell gmail.com> Committed By: covener git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1831772 13f79535-47bb-0310-9956-ffa450edef68
* Axe ap_rgetline_core(), not used anymore.Yann Ylavic2018-04-221-18/+7
| | | | git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829790 13f79535-47bb-0310-9956-ffa450edef68
* Follow up to r1829659, ap_[f]getline() EBCDIC awareness.Yann Ylavic2018-04-221-9/+24
| | | | | | | | | | | | Rename ap_fgetline_impl() to ap_fgetline_core(), and do missing EBCDIC translation in ap_fgetline(). Also restore EBCDIC translation for ap_getline(), as noted by Ruediger this was changed (unexpectedly) in r1829659. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829789 13f79535-47bb-0310-9956-ffa450edef68
* http: add ap_fgetline() and AP_GETLINE_NONBLOCK flag.Yann Ylavic2018-04-201-24/+51
| | | | | | | | | | | | | | | | It allows to read a line directly from an input filter, in blocking mode or not. Since no request_rec is needed, a pool may be given. Existing ap_[r]getline() function are now based off ap_fgetline() by calling: ap_fgetline(s, n, read, r->proto_input_filters, flags, bb, r->pool); Will follow up with a new ap_get_mime_headers_*() flavor which can be used by any filter that needs non-blocking and not necessarily has a request_rec (e.g. ap_http_filter() to read proxied response trailers). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829659 13f79535-47bb-0310-9956-ffa450edef68
* core: forward flags to recursive/folding call to ap_rgetline_core().Yann Ylavic2018-04-201-2/+2
| | | | | | | | We still need them when folding, other than AP_GETLINE_FOLD itself of course. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829645 13f79535-47bb-0310-9956-ffa450edef68
* core: Add and handle AP_GETLINE_NOSPC_EOL flag in ap_rgetline_core().Yann Ylavic2018-04-191-23/+79
| | | | | | | | | | | This tells the ap_getline() family of functions to consume the end of line when the buffer is exhausted. PR 62198. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1829557 13f79535-47bb-0310-9956-ffa450edef68
View Lorry Controller Status