From: Christophe Jaillet Date: Fri, 3 Jul 2020 19:53:37 +0000 (+0000) Subject: Merge r1612945, r1734835, r1738875, r1833416, r1842898, r1867257, r1876745, r1876807... X-Git-Tag: 2.4.44~52 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7f1ce37f5f12989cc6de3be08f5de8210bc4bd3e;p=thirdparty%2Fapache%2Fhttpd.git Merge r1612945, r1734835, r1738875, r1833416, r1842898, r1867257, r1876745, r1876807, r1876823, r1877642 from trunk Easy patches: synch 2.4.x and trunk - core: Re-introduce check for sufficient PCRE version. - core: Fix doc string for QualifyRedirectURL - mod_proxy: really return an error message on invalid "flusher" value. - mod_http2: Remove extra and un-needed "" - mod_ldap: fix a (unlikely) memory leak - ab: fix a typo - suexec: Report error string after failure from setgid/initgroups or setuid - mod_session_crypto: be less specific and don't echo passphrase - mod_proxy_html: Fix proxy_html_conf.bufsz to have correct type, as it is used with ap_set_int_slot. - mod_md: update duplicated APLOGNOs. Submitted by: fuankg, trawick, ylavic, jailletc36, jorton, jailletc36, jorton, covener, jorton, ylavic Reviewed by: jailletc36, jim, ylavic Backported by: jailletc36 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1879490 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/modules/filters/mod_proxy_html.c b/modules/filters/mod_proxy_html.c index 25eb3956e59..bb74c0ddf11 100644 --- a/modules/filters/mod_proxy_html.c +++ b/modules/filters/mod_proxy_html.c @@ -107,7 +107,7 @@ typedef struct { const char *doctype; const char *etag; unsigned int flags; - size_t bufsz; + int bufsz; apr_hash_t *links; apr_array_header_t *events; const char *charset_out; diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c index a2a71ca6220..5a8dd5a4a99 100644 --- a/modules/http2/h2_session.c +++ b/modules/http2/h2_session.c @@ -1285,7 +1285,7 @@ apr_status_t h2_session_set_prio(h2_session *session, h2_stream *stream, rv = nghttp2_session_change_stream_priority(session->ngh2, stream->id, &ps); ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, session->c, - ""H2_STRM_LOG(APLOGNO(03203), stream, + H2_STRM_LOG(APLOGNO(03203), stream, "PUSH %s, weight=%d, depends=%d, returned=%d"), ptype, ps.weight, ps.stream_id, rv); status = (rv < 0)? APR_EGENERAL : APR_SUCCESS; diff --git a/modules/ldap/util_ldap_cache_mgr.c b/modules/ldap/util_ldap_cache_mgr.c index 9bef3f88b4e..aa822bc9b43 100644 --- a/modules/ldap/util_ldap_cache_mgr.c +++ b/modules/ldap/util_ldap_cache_mgr.c @@ -280,7 +280,7 @@ void util_ald_cache_purge(util_ald_cache_t *cache) */ util_url_node_t *util_ald_create_caches(util_ldap_state_t *st, const char *url) { - util_url_node_t curl, *newcurl = NULL; + util_url_node_t curl; util_ald_cache_t *search_cache; util_ald_cache_t *compare_cache; util_ald_cache_t *dn_compare_cache; @@ -313,7 +313,6 @@ util_url_node_t *util_ald_create_caches(util_ldap_state_t *st, const char *url) /* check that all the caches initialised successfully */ if (search_cache && compare_cache && dn_compare_cache) { - /* The contents of this structure will be duplicated in shared memory during the insert. So use stack memory rather than pool memory to avoid a memory leak. */ @@ -323,11 +322,16 @@ util_url_node_t *util_ald_create_caches(util_ldap_state_t *st, const char *url) curl.compare_cache = compare_cache; curl.dn_compare_cache = dn_compare_cache; - newcurl = util_ald_cache_insert(st->util_ldap_cache, &curl); - + return util_ald_cache_insert(st->util_ldap_cache, &curl); } + else { + /* util_ald_destroy_cache is a noop for a NULL argument. */ + util_ald_destroy_cache(search_cache); + util_ald_destroy_cache(compare_cache); + util_ald_destroy_cache(dn_compare_cache); - return newcurl; + return NULL; + } } diff --git a/modules/md/mod_md.c b/modules/md/mod_md.c index eea989140af..55413f5b67c 100644 --- a/modules/md/mod_md.c +++ b/modules/md/mod_md.c @@ -592,7 +592,7 @@ static apr_status_t link_md_to_servers(md_mod_conf_t *mc, md_t *md, server_rec * uri = md_util_schemify(p, s->server_admin, "mailto"); if (md_array_str_index(md->contacts, uri, 0, 0) < 0) { APR_ARRAY_PUSH(md->contacts, const char *) = uri; - ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, APLOGNO(10044) + ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, base_server, APLOGNO(10237) "%s: added contact %s", md->name, uri); } } @@ -1099,7 +1099,7 @@ static apr_status_t get_certificate(server_rec *s, apr_pool_t *p, int fallback, } else if (sc->assigned->nelts != 1) { if (!fallback) { - ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(10042) + ap_log_error(APLOG_MARK, APLOG_ERR, 0, s, APLOGNO(10238) "conflict: %d MDs match Virtualhost %s which uses SSL, however " "there can be at most 1.", (int)sc->assigned->nelts, s->server_hostname); diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c index 2521c6511ba..aa62329b1b3 100644 --- a/modules/proxy/mod_proxy.c +++ b/modules/proxy/mod_proxy.c @@ -308,10 +308,10 @@ static const char *set_worker_param(apr_pool_t *p, worker->s->conn_timeout_set = 1; } else if (!strcasecmp(key, "flusher")) { - if (strlen(val) >= sizeof(worker->s->flusher)) - apr_psprintf(p, "flusher name length must be < %d characters", - (int)sizeof(worker->s->flusher)); - PROXY_STRNCPY(worker->s->flusher, val); + if (PROXY_STRNCPY(worker->s->flusher, val) != APR_SUCCESS) { + return apr_psprintf(p, "flusher name length must be < %d characters", + (int)sizeof(worker->s->flusher)); + } } else if (!strcasecmp(key, "upgrade")) { if (PROXY_STRNCPY(worker->s->upgrade, val) != APR_SUCCESS) { diff --git a/modules/session/mod_session_crypto.c b/modules/session/mod_session_crypto.c index 996620d5106..1bf2b714d6e 100644 --- a/modules/session/mod_session_crypto.c +++ b/modules/session/mod_session_crypto.c @@ -293,7 +293,7 @@ static apr_status_t encrypt_string(request_rec * r, const apr_crypto_t *f, *cipher, APR_MODE_CBC, 1, 4096, f, r->pool); if (APR_STATUS_IS_ENOKEY(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01825) - "the passphrase '%s' was empty", passphrase); + "failure generating key from passphrase"); } if (APR_STATUS_IS_EPADDING(res)) { ap_log_rerror(APLOG_MARK, APLOG_ERR, res, r, APLOGNO(01826) @@ -415,7 +415,7 @@ static apr_status_t decrypt_string(request_rec * r, const apr_crypto_t *f, f, r->pool); if (APR_STATUS_IS_ENOKEY(res)) { ap_log_rerror(APLOG_MARK, APLOG_DEBUG, res, r, APLOGNO(01832) - "the passphrase '%s' was empty", passphrase); + "failure generating key from passphrase"); continue; } else if (APR_STATUS_IS_EPADDING(res)) { diff --git a/server/core.c b/server/core.c index 2ba9e1afa0b..bbfe49f2731 100644 --- a/server/core.c +++ b/server/core.c @@ -4514,8 +4514,8 @@ AP_INIT_FLAG("CGIPassAuth", set_cgi_pass_auth, NULL, OR_AUTHCFG, AP_INIT_TAKE2("CGIVar", set_cgi_var, NULL, OR_FILEINFO, "Controls how some CGI variables are set"), AP_INIT_FLAG("QualifyRedirectURL", set_qualify_redirect_url, NULL, OR_FILEINFO, - "Controls whether HTTP authorization headers, normally hidden, will " - "be passed to scripts"), + "Controls whether the REDIRECT_URL environment variable is fully " + "qualified"), AP_INIT_TAKE1("ForceType", ap_set_string_slot_lower, (void *)APR_OFFSETOF(core_dir_config, mime_type), OR_FILEINFO, diff --git a/server/util_pcre.c b/server/util_pcre.c index 88198713282..78fc983536d 100644 --- a/server/util_pcre.c +++ b/server/util_pcre.c @@ -57,6 +57,11 @@ POSSIBILITY OF SUCH DAMAGE. #include "apr_tables.h" #include "pcre.h" +/* PCRE_DUPNAMES is only present since version 6.7 of PCRE */ +#ifndef PCRE_DUPNAMES +#error PCRE Version 6.7 or later required! +#else + #define APR_WANT_STRFUNC #include "apr_want.h" @@ -342,4 +347,6 @@ AP_DECLARE(int) ap_regname(const ap_regex_t *preg, return namecount; } +#endif /* PCRE_DUPNAMES defined */ + /* End of pcreposix.c */ diff --git a/support/ab.c b/support/ab.c index 8205620994b..dc0dc8653bc 100644 --- a/support/ab.c +++ b/support/ab.c @@ -18,7 +18,7 @@ ** This program is based on ZeusBench V1.0 written by Adam Twiss ** which is Copyright (c) 1996 by Zeus Technology Ltd. http://www.zeustech.net/ ** - ** This software is provided "as is" and any express or implied waranties, + ** This software is provided "as is" and any express or implied warranties, ** including but not limited to, the implied warranties of merchantability and ** fitness for a particular purpose are disclaimed. In no event shall ** Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, diff --git a/support/suexec.c b/support/suexec.c index ee2dd4b3ad7..eb2d38a4282 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -502,7 +502,8 @@ int main(int argc, char *argv[]) * and setgid() to the target group. If unsuccessful, error out. */ if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) { - log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd); + log_err("failed to setgid/initgroups (%lu: %s): %s\n", + (unsigned long)gid, cmd, strerror(errno)); exit(109); } @@ -510,7 +511,8 @@ int main(int argc, char *argv[]) * setuid() to the target user. Error out on fail. */ if ((setuid(uid)) != 0) { - log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd); + log_err("failed to setuid (%lu: %s): %s\n", + (unsigned long)uid, cmd, strerror(errno)); exit(110); }