From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 26 Jun 2020 10:21:19 +0000 (+0000)
Subject: Merge r1878280 from trunk:
X-Git-Tag: 2.4.44~66
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ced24e032ebe185a2d885fa309d6de47668ba31e;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1878280 from trunk:

mod_proxy_http: don't strip EOS when spooling request body to file.

To prevent stream_reqbody() from sending the FILE and FLUSH bucket in separate
brigades, and thus apr_file_setaside() to trigger if network congestion occurs
with the backend, restore the EOS in spool_reqbody_cl() which was stripped
when spooling the request body to a file.

Until APR r1878279 is released (and installed by users), apr_file_setaside()
on a temporary file (mktemp) will simply drop the file cleanup, leaking the
fd and inode..

This fixes BZ 64452.


Submitted by: ylavic
Reviewed by: ylavic, jorton, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1879226 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 83f38e681c8..40fa12e9c38 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.44
 
+  *) mod_proxy_http: flush spooled request body in one go to avoid
+     leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
+
   *) mod_ssl: Fix a race condition and possible crash when using a proxy client
      certificate (SSLProxyMachineCertificateFile).
      [Armin Abfalterer <a.abfalterer gmail.com>]
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index e94bf26d412..7a0f063f705 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -548,6 +548,14 @@ static int spool_reqbody_cl(proxy_http_req_t *req, apr_off_t *bytes_spooled)
         e = apr_bucket_immortal_create(CRLF_ASCII, 2, bucket_alloc);
         APR_BRIGADE_INSERT_TAIL(input_brigade, e);
     }
+    if (tmpfile) {
+        /* We dropped metadata buckets when spooling to tmpfile,
+         * terminate with EOS for stream_reqbody() to flush the
+         * whole in one go.
+         */
+        e = apr_bucket_eos_create(bucket_alloc);
+        APR_BRIGADE_INSERT_TAIL(input_brigade, e);
+    }
     return OK;
 }