diff options
Diffstat (limited to 'server')
| -rw-r--r-- | server/main.c | 14 | ||||
| -rw-r--r-- | server/protocol.c | 48 | ||||
| -rw-r--r-- | server/scoreboard.c | 6 | ||||
| -rw-r--r-- | server/util.c | 9 |
4 files changed, 61 insertions, 16 deletions
diff --git a/server/main.c b/server/main.c index 04ed6c78..224a10ef 100644 --- a/server/main.c +++ b/server/main.c @@ -633,6 +633,7 @@ int main(int argc, const char * const argv[]) if (!server_conf) { destroy_and_exit_process(process, 1); } + /* sort hooks here to make sure pre_config hooks are sorted properly */ apr_hook_sort_all(); if (ap_run_pre_config(pconf, plog, ptemp) != OK) { @@ -646,6 +647,12 @@ int main(int argc, const char * const argv[]) if (rv == OK) { ap_fixup_virtual_hosts(pconf, server_conf); ap_fini_vhost_config(pconf, server_conf); + /* + * Sort hooks again because ap_process_config_tree may have added + * modules and hence hooks. This happens with mod_perl and modules + * written in perl. + */ + apr_hook_sort_all(); if (configtestonly) { ap_run_test_config(pconf, server_conf); @@ -704,6 +711,7 @@ int main(int argc, const char * const argv[]) if (!server_conf) { destroy_and_exit_process(process, 1); } + /* sort hooks here to make sure pre_config hooks are sorted properly */ apr_hook_sort_all(); if (ap_run_pre_config(pconf, plog, ptemp) != OK) { @@ -718,6 +726,12 @@ int main(int argc, const char * const argv[]) } ap_fixup_virtual_hosts(pconf, server_conf); ap_fini_vhost_config(pconf, server_conf); + /* + * Sort hooks again because ap_process_config_tree may have added + * modules and hence hooks. This happens with mod_perl and modules + * written in perl. + */ + apr_hook_sort_all(); apr_pool_clear(plog); if (ap_run_open_logs(pconf, plog, ptemp, server_conf) != OK) { ap_log_error(APLOG_MARK, APLOG_STARTUP |APLOG_ERR, diff --git a/server/protocol.c b/server/protocol.c index 55468fc1..796ae587 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -670,6 +670,16 @@ static int read_request_line(request_rec *r, apr_bucket_brigade *bb) return 1; } +/* get the length of the field name for logging, but no more than 80 bytes */ +#define LOG_NAME_MAX_LEN 80 +static int field_name_len(const char *field) +{ + const char *end = ap_strchr_c(field, ':'); + if (end == NULL || end - field > LOG_NAME_MAX_LEN) + return LOG_NAME_MAX_LEN; + return end - field; +} + AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb) { char *last_field = NULL; @@ -709,12 +719,15 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb /* insure ap_escape_html will terminate correctly */ field[len - 1] = '\0'; apr_table_setn(r->notes, "error-notes", - apr_pstrcat(r->pool, + apr_psprintf(r->pool, "Size of a request header field " "exceeds server limit.<br />\n" - "<pre>\n", - ap_escape_html(r->pool, field), - "</pre>\n", NULL)); + "<pre>\n%.*s\n</pre>/n", + field_name_len(field), + ap_escape_html(r->pool, field))); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Request header exceeds LimitRequestFieldSize: " + "%.*s", field_name_len(field), field); } return; } @@ -735,13 +748,17 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb * overflow (last_field) as the field with the problem */ apr_table_setn(r->notes, "error-notes", - apr_pstrcat(r->pool, + apr_psprintf(r->pool, "Size of a request header field " "after folding " "exceeds server limit.<br />\n" - "<pre>\n", - ap_escape_html(r->pool, last_field), - "</pre>\n", NULL)); + "<pre>\n%.*s\n</pre>\n", + field_name_len(last_field), + ap_escape_html(r->pool, last_field))); + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, + "Request header exceeds LimitRequestFieldSize " + "after folding: %.*s", + field_name_len(last_field), last_field); return; } @@ -773,13 +790,18 @@ AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb if (!(value = strchr(last_field, ':'))) { /* Find ':' or */ r->status = HTTP_BAD_REQUEST; /* abort bad request */ apr_table_setn(r->notes, "error-notes", - apr_pstrcat(r->pool, + apr_psprintf(r->pool, "Request header field is " "missing ':' separator.<br />\n" - "<pre>\n", + "<pre>\n%.*s</pre>\n", + (int)LOG_NAME_MAX_LEN, ap_escape_html(r->pool, - last_field), - "</pre>\n", NULL)); + last_field))); + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, + "Request header field is missing ':' " + "separator: %.*s", (int)LOG_NAME_MAX_LEN, + last_field); + return; } @@ -1662,7 +1684,7 @@ AP_DECLARE(void) ap_send_interim_response(request_rec *r, int send_headers) return; } if (!ap_is_HTTP_INFO(r->status)) { - ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, NULL, + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, "Status is %d - not sending interim response", r->status); return; } diff --git a/server/scoreboard.c b/server/scoreboard.c index 85f37557..97b67f7a 100644 --- a/server/scoreboard.c +++ b/server/scoreboard.c @@ -42,6 +42,8 @@ AP_DECLARE_DATA const char *ap_scoreboard_fname = NULL; AP_DECLARE_DATA int ap_extended_status = 0; AP_DECLARE_DATA int ap_mod_status_reqtail = 0; +static ap_scoreboard_e scoreboard_type; + #if APR_HAS_SHARED_MEMORY #include "apr_shm.h" @@ -250,7 +252,7 @@ apr_status_t ap_cleanup_scoreboard(void *d) if (ap_scoreboard_image == NULL) { return APR_SUCCESS; } - if (ap_scoreboard_image->global->sb_type == SB_SHARED) { + if (scoreboard_type == SB_SHARED) { ap_cleanup_shared_mem(NULL); } else { @@ -312,7 +314,7 @@ int ap_create_scoreboard(apr_pool_t *p, ap_scoreboard_e sb_type) ap_init_scoreboard(sb_mem); } - ap_scoreboard_image->global->sb_type = sb_type; + ap_scoreboard_image->global->sb_type = scoreboard_type = sb_type; ap_scoreboard_image->global->running_generation = 0; ap_scoreboard_image->global->restart_time = apr_time_now(); diff --git a/server/util.c b/server/util.c index d0b90c6a..a50d0340 100644 --- a/server/util.c +++ b/server/util.c @@ -82,6 +82,8 @@ #define IS_SLASH(s) (s == '/') #endif +/* same as APR_SIZE_MAX which doesn't appear until APR 1.3 */ +#define UTIL_SIZE_MAX (~((apr_size_t)0)) /* * Examine a field value (such as a media-/content-type) string and return @@ -366,7 +368,7 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t *p, const char *input, char *dest, *dst; char c; size_t no; - int len; + apr_size_t len; if (!source) return NULL; @@ -391,6 +393,11 @@ AP_DECLARE(char *) ap_pregsub(apr_pool_t *p, const char *input, len++; } else if (no < nmatch && pmatch[no].rm_so < pmatch[no].rm_eo) { + if (UTIL_SIZE_MAX - len <= pmatch[no].rm_eo - pmatch[no].rm_so) { + ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, + "integer overflow or out of memory condition." ); + return NULL; + } len += pmatch[no].rm_eo - pmatch[no].rm_so; } |