Backport from HEAD:

* server/core.c (core_output_filter): Don't explicitly delete the EOC
bucket, and don't buffer the brigade if it ends in an EOC.

Reviewed by: trawick, nd

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104919 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/STATUS b/STATUS
index 1cbac78cd3d69219c092ff60170aa7f2cc130717..22597c4c9a40dd7b348c1a17c4d816d113ddd2a3 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/28 16:20:08 $]
+Last modified at [$Date: 2004/08/31 08:16:56 $]
 
 Release:
 
@@ -77,16 +77,17 @@ PATCHES TO BACKPORT FROM 2.1
         (2.0 + 1.3)
           modules/mappers/mod_rewrite.c: r1.259
         +1: nd
-
-    *) EOC bucket handling fix for core_output_filter (prevents possible variable use-
-       after-free since .49).
-       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.276&r2=1.277
-       +1: jorton, trawick, nd
        
     *) Don't link suexec against APR/etc libraries.
        http://cvs.apache.org/viewcvs.cgi/httpd-2.0/support/Makefile.in?r1=1.38&r2=1.39
        +1: jorton, trawick
        nd: what about the need of -static (dunno)?
+       jorton: -static was needed only to make sure libapr etc were linked statically
+       into suexec; they didn't work shared in a binary distribution because
+       LD_LIBRARY_PATH etc are ignored for a setuid binary (that only matters
+       for binary distributors where suexec gets relocated, since libtool 
+       puts an appropriate RPATH in the binary).  Not linking suexec against libapr 
+       etc avoids the issue entirely (and avoids scary >1Mb suexec binaries)
 
     *) mod_headers: Support {...}s tag for SSL variable lookup.
        http://www.apache.org/~jorton/mod_headers-2.0-ssl.diff

diff --git a/server/core.c b/server/core.c
index 56dd94d993e38d8dad99c65f5c3861672feb36ac..257cffa21e3ac59e5e438d7dcac79f16d210b1b2 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -3947,12 +3947,9 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b)
         APR_BRIGADE_FOREACH(e, b) {
             /* keep track of the last bucket processed */
             last_e = e;
-            if (APR_BUCKET_IS_EOS(e)) {
+            if (APR_BUCKET_IS_EOS(e) || AP_BUCKET_IS_EOC(e)) {
                 break;
             }
-            if (AP_BUCKET_IS_EOC(e)) {
-                apr_bucket_delete(e);
-            }
             else if (APR_BUCKET_IS_FLUSH(e)) {
                 if (e != APR_BRIGADE_LAST(b)) {
                     more = apr_brigade_split(b, APR_BUCKET_NEXT(e));
@@ -4108,7 +4105,8 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b)
         /* Completed iterating over the brigade, now determine if we want
          * to buffer the brigade or send the brigade out on the network.
          *
-         * Save if we haven't accumulated enough bytes to send, and:
+         * Save if we haven't accumulated enough bytes to send, the connection
+         * is not about to be closed, and:
          *
          *   1) we didn't see a file, we don't have more passes over the
          *      brigade to perform,  AND we didn't stop at a FLUSH bucket.
@@ -4119,6 +4117,7 @@ static apr_status_t core_output_filter(ap_filter_t *f, apr_bucket_brigade *b)
          *       with the hope of concatenating with another response)
          */
         if (nbytes + flen < AP_MIN_BYTES_TO_WRITE
+            && !AP_BUCKET_IS_EOC(last_e)
             && ((!fd && !more && !APR_BUCKET_IS_FLUSH(last_e))
                 || (APR_BUCKET_IS_EOS(last_e)
                     && c->keepalive == AP_CONN_KEEPALIVE))) {