| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
Can lead to unintended/confusing sharing between
multiple servers started by the same ID.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777923 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777594 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
the line just before.
So this is safe to use the 'apr_table_setn' variant in order to save a few bytes of memory.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777593 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1777354 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Submitted By: Hank Ibell <hwibell gmail.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1776459 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
We are already checking an even narrower set of characters
just below.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775664 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
*) mod_proxy_fcgi, mod_fcgid: Fix crashes in ap_fcgi_encoded_env_len() when
modules add empty environment variables to the request. PR60275.
[<alex2grad AT gmail.com>]
Submitted By: <alex2grad AT gmail.com>]
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775487 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
on zOS, isascii() really means 7 bit ascii, but our strings
are in ebcdic for 99.95% of the lifetime of the server.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775199 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1775196 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
are already or about to be closed.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774541 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
On graceful shutdown/restart, kill kept-alive connections before poll()ing
again, avoiding to wait for their "normal" timers (before being woken up)
when they remain the last handled connections.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774538 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774535 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
process exit.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1774525 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
ovector will be created to accept greater than nmatch elements for processing.
Allocate enough elts in all circumstances for pcre2api.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773882 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes the needless assignment of re_erroffset in the conf pool
by the worker threads; such mistakes break the shared copy-on-write pages of
memory that should have remained common between all httpd worker processes.
Two de-optimizations are inherent in this patch, the former ovector-on-stack
opportunity is lost unless implemented as a new general context. Safer that
we either create a new general context using pool allocation, or recycle a
per pool or per thread match_data buffer of some arbitrary 10 elts or so.
Submitted by: wrowe, Petr Pisar <ppisar@redhat.com>
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773454 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
illegible protocol args to be rejected, irrespective of the strict toggle as
we expect this to occur with a garbage raw SP embedded in the request URI.
Simplifies the code using the protocol 0.9 sentinal to set up an http/1.0
error response.
String duplication of r1773158 is uninteresting, httpd-2.x has a const protocol
member.
Submitted by: rpluem, wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1773159 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770869 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
line, but in the strict mode prioritize excessive space testing over bad
space testing (which is captured later) and make both more efficient
(at this test ll[0] is already whitespace or \0 char). Also correct a comment.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770867 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
from jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770768 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Allow to use all slots up to ServerLimit. This makes 'scoreboard full'
errors much less likely.
And if ther is a situation where the scoreboard is full, don't make any
more processes finish gracefully due to reduced load until some old
processes have terminated. Otherwise, the situation would get worse once
the load increases again.
ap_daemon_limit is renamed to the more descriptive active_server_limit,
to make sure that all its uses are taken care of.
PR 53555
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770752 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
The behavior for terminate == 1 was documented but not implemented. Do
that now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1770750 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and simplify now that there isn't a log-only mode.
I believe this logic to be busted. Given this request;
GET http://distant-host.com/ HTTP/1.1
Host: proxy-host
we would now fail to evaluate the proxy-host virtual host rules.
This seems like a breaking change to our config. mod_proxy already
follows this rule of RFC7230 section 5.4;
When a proxy receives a request with an absolute-form of
request-target, the proxy MUST ignore the received Host header field
(if any) and instead replace it with the host information of the
request-target. A proxy that forwards such a request MUST generate a
new Host field-value based on the received request-target rather than
forward the received Host field-value.
Section 5.5 of RFC7230 has this to say;
Once the effective request URI has been constructed, an origin server
needs to decide whether or not to provide service for that URI via
the connection in which the request was received. For example, the
request might have been misdirected, deliberately or accidentally,
such that the information within a received request-target or Host
header field differs from the host or port upon which the connection
has been made. If the connection is from a trusted gateway, that
inconsistency might be expected; otherwise, it might indicate an
attempt to bypass security filters, trick the server into delivering
non-public content, or poison a cache. See Section 9 for security
considerations regarding message routing.
Section 5.3.1 states;
To allow for transition to the absolute-form for all requests in some
future version of HTTP, a server MUST accept the absolute-form in
requests, even though HTTP/1.1 clients will only send them in
requests to proxies.
It seems to me we should simply trust the Host: header and dump this whole
mess. If we want to reject requests in absolute form after the proxy modules
have had a chance to accept them, that wouldn't be a bad solution.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769965 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It allows a non httpd config file to be used as a marker directly in
httpd.conf without hiding logic in a script in front of apachectl
to do test -f and pass extra -D's.
This is something we've had in IBM's httpd distro for a little bit and
hadn't remembered to share. I've seen some questions/config files come
up in a few places lately that would benefit from this as an option.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769718 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function casts can cause hard-to-debug corruption issues if a
declaration is accidentally changed to be incompatible. Luckily, most of
the function casts for apr_table_do() calls are unnecessary. Remove
them, and adjust the signatures for helpers that weren't taking void* as
the first argument.
The remaining helper that requires a cast is http_filter.c's
form_header_field(), which is probably where many of these casts were
copy-pasted from. I have left it as-is: it has other direct callers
besides apr_table_do(), and it's already documented with warnings not to
change the function signature.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1769192 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
the same PID (e.g. in container). PR 60261.
Proposed by: Val <valentin.bremond gmail.com>
Reviewed by: ylavic
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1766160 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
no application for this yet in httpd, so hold off adding this function when
we backport the enhancements. ap_scan_http_token was entirely sufficient.
If the community wants this new function, we can add it when backporting
work is complete.
This patch, and the earlier patches Friday actually demanded an mmn major
bump due to struct member changes. In any final backport, new members must
be added to the end of the struct to retain an mmn minor designation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1765451 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.
Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.
Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.
Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762743 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
We still need to kill kept-alive connections in normal/expiry processing if
the workers are busy or dying.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762742 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
apr_pollset_wakeup(), when implemented, to signal the listener according to the
next timers or timeout queues expiry (updated at insert and maintenance time).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762718 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762707 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762702 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
| |
We don't need external locking since it's created with APR_POLLSET_THREADSAFE,
hence reduce those sections to the lowest cycles possible.
A spinlock may be interesting instead of the mutex now, we won't block and the
TO_QUEUE_*() and process_timeout_queue() operations are fast...
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762701 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
and move TO_QUEUE_*() macros to functions.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762580 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
| |
Set timestamp before enqueing the timer on resume.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1762570 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
| |
are transmitted unencoded, per RFC3986 section 3.3 grammer. Correct httpd's
behavior to not encode ';' in proxied URI's or Location: response headers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1760444 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758313 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
MSDN documentation states that
Any unused members of [an OVERLAPPED] structure should always be
initialized to zero before the structure is used in a function call.
Otherwise, the function may fail and return ERROR_INVALID_PARAMETER.
Prior to this patch, the internal state left over from previous
overlapped I/O was passed into the next call. It's unclear what effect
this might have, if any. (I have not personally witnessed an
ERROR_INVALID_PARAMETER myself.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758310 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
Further follow-up to the previous commit: now that we no longer patch a
network bucket into the brigade, we can revert to calling
ap_process_connection() directly instead of duplicating its logic.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758309 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
Follow-up to the prior commit: without an incoming data buffer, the
custom network bucket code is now orphaned and we can remove it
entirely. This has the added benefit that we are no longer using the
internal OVERLAPPED.Pointer field, which is discouraged by the MSDN
docs.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758308 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'data' AcceptFilter optimization instructs Windows to wait until
data is received on a connection before completing the AcceptEx
operation. Unfortunately, it seems this isn't performed atomically --
AcceptEx "partially" accepts the incoming connection during the wait for
data, leaving all other incoming connections in the accept queue. This
opens the server to a denial of service.
Since the fix for this requires a substantial rearchitecture (likely
involving multiple outstanding calls to AcceptEx), disable the 'data'
filter for now and replace it with 'connect', which uses the AcceptEx
interface but does not wait for data.
Users running prior releases of httpd on Windows should explicitly move
to a 'connect' AcceptFilter in their configurations if they are
currently using the default 'data' filter.
Many thanks to mludha, Arthur Ramsey, Paul Spangler, and many others for
their assistance in tracking down and diagnosing this issue.
PR: 59970
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758307 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758305 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
created by overloading 'int fold' (1 or 0) as 'int flags', with the same
value 1 for AP_GETLINE_FOLD (which httpd doesn't use), and a new value
2 for AP_GETLINE_CRLF
Enforce CRLF when HttpProtocolOptions Strict is in force.
Correctly introduces a new t/TEST fail.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758304 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
based on the fact that bad whitespace shall not be permitted
or corrected in any operating mode, while preserving the
ability to extract bad method/uri/proto for later reporting
and diagnostics.
This change causes badwhitespace in the request line or any
request field line to always fail, and not honor the setting
of the HttpProtocolOptions Unsafe option. Mult SP characters
or trailing SP characters in the request line are still
permitted in Unsafe mode.
Adjusted several error message emits to match these changes.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758263 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
| |
This choice is unanimous, although StrictURI (a different RFC) still hasn't
found absolute concensus.
An ap_mmn bump will follow (major, this removes a struct elt)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1758226 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
| |
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757924 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
| |
Drop the second reporting of HEAD over HTTP/0.9 requests, we short-circuit
this early now in read_request_line() when presented anything other than
the sole "GET" method permitted by spec.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757921 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
| |
level, no louder. This patch intentionally dodges the Limit* constrained tests
since administrators may shoot themselves in the foot, or be confronted with
impossibly long cookie values, etc.
Adjust the documentation to match.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757920 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the admins about Last-Modified header violations rather than trying
to interpret datestrings (like the ones not in GMT).
I also added explicit comments to summarize the current assumptions,
so it will be easier for somebody in the future to modify the code.
The following use cases are covered:
1) (F)CGI backend sends a Last-Modified header not in GMT and considered in the future by httpd (like now() in the EU/Paris timezone)
2) (F)CGI backend sends a Last-Modified header not in GMT and not considered in the future by httpd (like now() + 2 hours in the PST timezone)
3) (F)CGI backend sends a Last-Modified header in GMT but with a datetime in the future
Suggestions and opinion are really welcome.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757818 13f79535-47bb-0310-9956-ffa450edef68
|
|
|
|
|
|
|
|
| |
(matching the test for the Method <> URI)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1757593 13f79535-47bb-0310-9956-ffa450edef68
|