Changes with Apache 1.3.28
+ *) Certain 3rd party modules would bypass the Apache API and not
+ invoke ap_cleanup_for_exec() before creating sub-processes.
+ To such a child process, Apache's file descriptors (lock
+ fd's, log files, sockets) were accessible, allowing them
+ direct access to Apache log file etc. Where the OS allows,
+ we now add proactive close functions to prevent these file
+ descriptors from leaking to the child processes.
+ [Jim Jagielski, Martin Kraemer]
+
*) Prevent obscenely large values of precision in ap_vformatter
from clobbering a buffer. [Sander Striker, Jim Jagielski]
API_EXPORT(FILE *) ap_pfopen(struct pool *, const char *name, const char *fmode);
API_EXPORT(FILE *) ap_pfdopen(struct pool *, int fd, const char *fmode);
API_EXPORT(int) ap_popenf(struct pool *, const char *name, int flg, int mode);
+API_EXPORT(int) ap_popenf_ex(struct pool *, const char *name, int flg,
+ int mode, int domagic);
API_EXPORT(void) ap_note_cleanups_for_file(pool *, FILE *);
API_EXPORT(void) ap_note_cleanups_for_file_ex(pool *, FILE *, int);
API_EXPORT(void) ap_note_cleanups_for_socket_ex(pool *, int, int);
API_EXPORT(void) ap_kill_cleanups_for_socket(pool *p, int sock);
API_EXPORT(int) ap_psocket(pool *p, int, int, int);
+API_EXPORT(int) ap_psocket_ex(pool *p, int, int, int, int);
API_EXPORT(int) ap_pclosesocket(pool *a, int sock);
API_EXPORT(regex_t *) ap_pregcomp(pool *p, const char *pattern, int cflags);
* 19990320.13 - add ap_strtol()
* 19990320.14 - add ap_register_cleanup_ex(),
* ap_note_cleanups_for_fd_ex(),
- * ap_note_cleanups_for_socket_ex() and
- * ap_note_cleanups_for_file_ex()
+ * ap_note_cleanups_for_socket_ex(),
+ * ap_note_cleanups_for_file_ex(),
+ * ap_popenf_ex() and ap_psocket_ex().
*/
#define MODULE_MAGIC_COOKIE 0x41503133UL /* "AP13" */
void (*child_cleanup) (void *),
int (*magic_cleanup) (void *))
{
- struct cleanup *c = (struct cleanup *) ap_palloc(p, sizeof(struct cleanup));
- c->data = data;
- c->plain_cleanup = plain_cleanup;
- c->child_cleanup = child_cleanup;
- c->next = p->cleanups;
- p->cleanups = c;
- if(magic_cleanup) {
- if(!magic_cleanup(data))
+ struct cleanup *c;
+ if (p) {
+ c = (struct cleanup *) ap_palloc(p, sizeof(struct cleanup));
+ c->data = data;
+ c->plain_cleanup = plain_cleanup;
+ c->child_cleanup = child_cleanup;
+ c->next = p->cleanups;
+ p->cleanups = c;
+ }
+ /* attempt to do magic even if not passed a pool. Allows us
+ * to perform the magic, therefore, "whenever" we want/need */
+ if (magic_cleanup) {
+ if (!magic_cleanup(data))
ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
"exec() may not be safe");
}
ap_kill_cleanup(p, (void *) (long) fd, fd_cleanup);
}
-API_EXPORT(int) ap_popenf(pool *a, const char *name, int flg, int mode)
+API_EXPORT(int) ap_popenf_ex(pool *a, const char *name, int flg, int mode,
+ int domagic)
{
int fd;
int save_errno;
save_errno = errno;
if (fd >= 0) {
fd = ap_slack(fd, AP_SLACK_HIGH);
- ap_note_cleanups_for_fd(a, fd);
+ ap_note_cleanups_for_fd_ex(a, fd, domagic);
}
ap_unblock_alarms();
errno = save_errno;
return fd;
}
+API_EXPORT(int) ap_popenf(pool *a, const char *name, int flg, int mode)
+{
+ return ap_popenf_ex(a, name, flg, mode, 0);
+}
+
API_EXPORT(int) ap_pclosef(pool *a, int fd)
{
int res;
ap_kill_cleanup(p, (void *) (long) sock, socket_cleanup);
}
-API_EXPORT(int) ap_psocket(pool *p, int domain, int type, int protocol)
+API_EXPORT(int) ap_psocket_ex(pool *p, int domain, int type, int protocol,
+ int domagic)
{
int fd;
errno = save_errno;
return -1;
}
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, domagic);
ap_unblock_alarms();
return fd;
}
+API_EXPORT(int) ap_psocket(pool *p, int domain, int type, int protocol)
+{
+ return ap_psocket_ex(p, domain, type, protocol, 0);
+}
+
API_EXPORT(int) ap_pclosesocket(pool *a, int sock)
{
int res;
unlock_it.l_pid = 0; /* pid not actually interesting */
expand_lock_fname(p);
- lock_fd = ap_popenf(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
+ lock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644, 1);
if (lock_fd == -1) {
perror("open");
fprintf(stderr, "Cannot open lock file: %s\n", ap_lock_fname);
static void accept_mutex_child_init_flock(pool *p)
{
- flock_fd = ap_popenf(p, ap_lock_fname, O_WRONLY, 0600);
+ flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
if (flock_fd == -1) {
ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
"Child cannot open lock file: %s", ap_lock_fname);
{
expand_lock_fname(p);
unlink(ap_lock_fname);
- flock_fd = ap_popenf(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
if (flock_fd == -1) {
ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
"Parent cannot open lock file: %s", ap_lock_fname);
#ifdef TPF
ap_scoreboard_fname = ap_server_root_relative(p, ap_scoreboard_fname);
#endif /* TPF */
- scoreboard_fd = ap_popenf(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR, 0666);
+ scoreboard_fd = ap_popenf_ex(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR, 0666, 1);
if (scoreboard_fd == -1) {
perror(ap_scoreboard_fname);
fprintf(stderr, "Cannot open scoreboard file:\n");
ap_scoreboard_image = &_scoreboard_image;
ap_scoreboard_fname = ap_server_root_relative(p, ap_scoreboard_fname);
- scoreboard_fd = ap_popenf(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR, 0644);
+ scoreboard_fd = ap_popenf_ex(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR, 0644, 1);
if (scoreboard_fd == -1) {
perror(ap_scoreboard_fname);
fprintf(stderr, "Cannot open scoreboard file:\n");
s = ap_slack(s, AP_SLACK_HIGH);
#endif
- ap_note_cleanups_for_socket(p, s); /* arrange to close on exec or restart */
+ ap_note_cleanups_for_socket_ex(p, s, 1); /* arrange to close on exec or restart */
#ifdef TPF
os_note_additional_cleanups(p, s);
#endif /* TPF */
#ifdef WORKAROUND_SOLARIS_BUG
s = ap_slack(s, AP_SLACK_HIGH);
- ap_note_cleanups_for_socket(p, s); /* arrange to close on exec or restart */
+ ap_note_cleanups_for_socket_ex(p, s, 1); /* arrange to close on exec or restart */
#endif
ap_unblock_alarms();
fd = make_sock(p, &lr->local_addr);
}
else {
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, 1);
}
/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
FD_SET(fd, &listenfds);
*/
signal(SIGUSR1, SIG_IGN);
- ap_note_cleanups_for_socket(ptrans, csd);
+ ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
/* protect various fd_sets */
#ifdef CHECK_FD_SETSIZE
"dup: couldn't duplicate csd");
dupped_csd = csd; /* Oh well... */
}
- ap_note_cleanups_for_socket(ptrans, dupped_csd);
+ ap_note_cleanups_for_socket_ex(ptrans, dupped_csd, 1);
/* protect various fd_sets */
#ifdef CHECK_FD_SETSIZE
#ifdef SCOREBOARD_FILE
else {
ap_scoreboard_fname = ap_server_root_relative(pconf, ap_scoreboard_fname);
- ap_note_cleanups_for_fd(pconf, scoreboard_fd);
+ ap_note_cleanups_for_fd_ex(pconf, scoreboard_fd, 1); /* close on exec */
}
#endif
requests_this_child++;
- ap_note_cleanups_for_socket(ptrans, csd);
+ ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
/*
* We now have a connection, so set it up with the appropriate
"dup: couldn't duplicate csd");
dupped_csd = csd; /* Oh well... */
}
- ap_note_cleanups_for_socket(ptrans, dupped_csd);
+ ap_note_cleanups_for_socket_ex(ptrans, dupped_csd, 1);
#endif
ap_bpushfd(conn_io, csd, dupped_csd);
if (fd > listenmaxfd)
listenmaxfd = fd;
}
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, 1);
lr->fd = fd;
if (lr->next == NULL) {
/* turn the list into a ring */
result = FROM_UNKNOWN;
- sock = ap_psocket(conn->pool, AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(conn->pool, AF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock < 0) {
ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
"socket: rfc1413: error creating socket");
return ap_proxyerror(r,
proxyhost ? HTTP_BAD_GATEWAY : HTTP_INTERNAL_SERVER_ERROR, err);
- sock = ap_psocket(r->pool, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(r->pool, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "proxy: error creating socket");
return HTTP_INTERNAL_SERVER_ERROR;
if (err != NULL)
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
- sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
}
/* try to set up PASV data connection first */
- dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (dsock == -1) {
return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
"proxy: error getting socket address"));
}
- dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (dsock == -1) {
return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
* we have worked out who exactly we are going to connect to, now make
* that connection...
*/
- sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
cls->agent_fd = ap_piped_log_write_fd(pl);
}
else if (*cls->fname != '\0') {
- if ((cls->agent_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->agent_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open agent log file %s.", fname);
exit(1);
}
else {
char *fname = ap_server_root_relative(p, cls->fname);
- if ((cls->log_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->log_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open transfer log file %s.", fname);
exit(1);
cls->referer_fd = ap_piped_log_write_fd(pl);
}
else if (*cls->fname != '\0') {
- if ((cls->referer_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->referer_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open referer log file %s.", fname);
exit(1);
conf->rewritelogfp = ap_piped_log_write_fd(pl);
}
else if (*conf->rewritelogfile != '\0') {
- if ((conf->rewritelogfp = ap_popenf(p, fname, rewritelog_flags,
- rewritelog_mode)) < 0) {
+ if ((conf->rewritelogfp = ap_popenf_ex(p, fname, rewritelog_flags,
+ rewritelog_mode, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: could not open RewriteLog "
/* create the lockfile */
unlink(lockname);
- if ((lockfd = ap_popenf(p, lockname, O_WRONLY|O_CREAT,
- REWRITELOCK_MODE)) < 0) {
+ if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY|O_CREAT,
+ REWRITELOCK_MODE, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: Parent could not create RewriteLock "
"file %s", lockname);
}
/* open the lockfile (once per child) to get a unique fd */
- if ((lockfd = ap_popenf(p, lockname, O_WRONLY,
- REWRITELOCK_MODE)) < 0) {
+ if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY,
+ REWRITELOCK_MODE, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: Child could not open RewriteLock "
"file %s", lockname);
fname = ap_server_root_relative(p, cls->fname);
}
- if ((cls->log_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->log_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open transfer log file %s.", fname);
exit(1);
projects / thirdparty / apache / httpd.git / commitdiff
