Recursive Include directives no longer crash. The server stops

author André Malo <nd@apache.org>

Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)

committer André Malo <nd@apache.org>

Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)
author André Malo <nd@apache.org>
Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)
committer André Malo <nd@apache.org>
Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)
diff --git a/CHANGES b/CHANGES

index bea2c20c7cff3756b7e4d3cef09de579f8821c9a..b25c8fc727d00c85382d5ad0e0dd43d0e65f6f6e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
  Changes with Apache 2.0.51
  
+  *) Recursive Include directives no longer crash. The server stops
+     including configuration files after a certain nesting level (128
+     as distributed). This is configurable at compile time using the
+     -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]
+
    *) mod_dir: the trailing-slash behaviour is now configurable using the
       DirectorySlash directive.  [André Malo]
  
diff --git a/STATUS b/STATUS

index 844827b7d2d0148efbed5a6f984da062af89df58..3951bbcfae8419bbf773a84a7b0c5b470a282950 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
  APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/15 21:59:57 $]
+Last modified at [$Date: 2004/08/15 22:42:13 $]
  
  Release:
  
@@ -192,12 +192,6 @@ PATCHES TO BACKPORT FROM 2.1
           server/config.c: r1.175
         +1: nd
  
-    *) detect Include directive recursion by counting the nesting level.
-       PR 28370.
-         server/core.c: r1.275
-         os/netware/pre_nw.h: r1.7
-       +1: nd, bnicholes, trawick
-
      *) mod_headers: Regression from 1.3: There's no ErrorHeader directive.
         Since this was always a misnomer, it was dropped in 2.1 and
         Header was extended instead. Backport this from 2.1 and document
diff --git a/os/netware/pre_nw.h b/os/netware/pre_nw.h

index 910ab57cdae2f82dc54720f19a56024dd324c6e0..0f2a9327a9809f3340fa9fd4c6671a1f1d2e4ea5 100644 (file)
--- a/os/netware/pre_nw.h
+++ b/os/netware/pre_nw.h
@@ -60,6 +60,9 @@
  /* Allow MOD_AUTH_DBM to use APR */
  #define AP_AUTH_DBM_USE_APR
  
+/* Restrict the number of nested includes */
+#define AP_MAX_INCLUDE_DEPTH    48
+
  #endif
  
  
diff --git a/server/config.c b/server/config.c

index 1ff94d54f57819d41fa986db01211d436e30d4a2..64e4717c579820cf7cb3c20c423189b9e6705826 100644 (file)
--- a/server/config.c
+++ b/server/config.c
@@ -1108,7 +1108,7 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms,
  {
      ap_directive_t *current = *conftree;
      ap_directive_t *curr_parent = NULL;
-    char l[MAX_STRING_LEN];
+    char *l = apr_palloc (temp_pool, MAX_STRING_LEN);
      const char *errmsg;
  
      if (current != NULL) {
diff --git a/server/core.c b/server/core.c

index 31354faad721c26c9cf97581e49292fe294f29a8..21af7ee0e0a1d20d67a3ea06572546fe5f676684 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -59,6 +59,11 @@
  
  #define AP_MIN_SENDFILE_BYTES           (256)
  
+/* maximum include nesting level */
+#ifndef AP_MAX_INCLUDE_DEPTH
+#define AP_MAX_INCLUDE_DEPTH            (128)
+#endif
+
  APR_HOOK_STRUCT(
      APR_HOOK_LINK(get_mgmt_items)
  )
@@ -2244,9 +2249,30 @@ static const char *include_config (cmd_parms *cmd, void *dummy,
                                     const char *name)
  {
      ap_directive_t *conftree = NULL;
-    const char* conffile = ap_server_root_relative(cmd->pool, name);
+    const char* conffile;
+    unsigned *recursion;
+    void *data;
+
+    apr_pool_userdata_get(&data, "ap_include_sentinel", cmd->pool);
+    if (data) {
+        recursion = data;
+    }
+    else {
+        data = recursion = apr_palloc(cmd->pool, sizeof(*recursion));
+        *recursion = 0;
+        apr_pool_userdata_setn(data, "ap_include_sentinel", NULL, cmd->pool);
+    }
  
+    if (++*recursion > AP_MAX_INCLUDE_DEPTH) {
+        *recursion = 0;
+        return apr_psprintf(cmd->pool, "Exceeded maximum include depth of %u. "
+                            "You have probably a recursion somewhere.",
+                            AP_MAX_INCLUDE_DEPTH);
+    }
+
+    conffile = ap_server_root_relative(cmd->pool, name);
      if (!conffile) {
+        *recursion = 0;
          return apr_pstrcat(cmd->pool, "Invalid Include path ", 
                             name, NULL);
      }
@@ -2254,6 +2280,12 @@ static const char *include_config (cmd_parms *cmd, void *dummy,
      ap_process_resource_config(cmd->server, conffile,
                                 &conftree, cmd->pool, cmd->temp_pool);
      *(ap_directive_t **)dummy = conftree;
+
+    /* recursion level done */
+    if (*recursion) {
+        --*recursion;
+    }
+
      return NULL;
  }
author	André Malo <nd@apache.org>
	Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)
committer	André Malo <nd@apache.org>
	Sun, 15 Aug 2004 22:42:14 +0000 (22:42 +0000)
CHANGES		patch \| blob \| blame \| history
STATUS		patch \| blob \| blame \| history
os/netware/pre_nw.h		patch \| blob \| blame \| history
server/config.c		patch \| blob \| blame \| history
server/core.c		patch \| blob \| blame \| history