From: Graham Leggett Date: Sun, 26 Sep 2021 14:11:22 +0000 (+0000) Subject: Backport: X-Git-Tag: candidate-2.4.50-rc1~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=324c4a2791dacf8ea2e587978328e5b6ee0dab7b;p=thirdparty%2Fapache%2Fhttpd.git Backport: *) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() and use it to prevent that failures in running the pre_connection hook cause crashes afterwards. Trunk version of patch: https://svn.apache.org/r1893497 https://svn.apache.org/r1893507 Backport version for 2.4.x of patch: https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/269.diff Can be applied via apply_backport_pr.sh 269. +1: rpluem, icing, ylavic git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1893654 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 33fab408c47..90b82c23599 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.50 + *) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() + and use it to prevent that failures in running the pre_connection + hook cause crashes afterwards. [Ruediger Pluem] + *) mod_speling: Add CheckBasenameMatch PR 44221. [Christophe Jaillet] Changes with Apache 2.4.49 diff --git a/STATUS b/STATUS index a7d184de6f5..1d1e2830ebb 100644 --- a/STATUS +++ b/STATUS @@ -142,17 +142,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection() - and use it to prevent that failures in running the pre_connection - hook cause crashes afterwards. - Trunk version of patch: - https://svn.apache.org/r1893497 - https://svn.apache.org/r1893507 - Backport version for 2.4.x of patch: - https://patch-diff.githubusercontent.com/raw/apache/httpd/pull/269.diff - Can be applied via apply_backport_pr.sh 269. - +1: rpluem, icing, ylavic - *) core: do not install core input/output filters on secondary connections. Trunk version of patch: diff --git a/include/ap_mmn.h b/include/ap_mmn.h index f874f96f2df..52876f843f2 100644 --- a/include/ap_mmn.h +++ b/include/ap_mmn.h @@ -578,6 +578,7 @@ * 20120211.115 (2.4.49-dev) Add ap_proxy_get_worker_ex() and * ap_proxy_define_worker_ex() to mod_proxy.h * 20120211.116 (2.4.49-dev) add conn_rec->outgoing and ap_ssl_bind_outgoing() + * 20120211.117 (2.4.50-dev) Add ap_pre_connection */ #define MODULE_MAGIC_COOKIE 0x41503234UL /* "AP24" */ @@ -585,7 +586,7 @@ #ifndef MODULE_MAGIC_NUMBER_MAJOR #define MODULE_MAGIC_NUMBER_MAJOR 20120211 #endif -#define MODULE_MAGIC_NUMBER_MINOR 116 /* 0...n */ +#define MODULE_MAGIC_NUMBER_MINOR 117 /* 0...n */ /** * Determine if the server's current MODULE_MAGIC_NUMBER is at least a diff --git a/include/http_connection.h b/include/http_connection.h index 8bc009da3b7..71f02bdd14b 100644 --- a/include/http_connection.h +++ b/include/http_connection.h @@ -135,6 +135,21 @@ AP_DECLARE_HOOK(int,process_connection,(conn_rec *c)) */ AP_DECLARE_HOOK(int,pre_close_connection,(conn_rec *c)) +/** + * This is a wrapper around ap_run_pre_connection. In case that + * ap_run_pre_connection returns an error it marks the connection as + * aborted and ensures that the basic connection setup normally done + * by the core module is done in case it was not done so far. + * @param c The connection on which the request has been received. + * Same as for the pre_connection hook. + * @param csd The mechanism on which this connection is to be read. + * Most times this will be a socket, but it is up to the module + * that accepts the request to determine the exact type. + * Same as for the pre_connection hook. + * @return The result of ap_run_pre_connection + */ +AP_DECLARE(int) ap_pre_connection(conn_rec *c, void *csd); + /** End Of Connection (EOC) bucket */ AP_DECLARE_DATA extern const apr_bucket_type_t ap_bucket_type_eoc; diff --git a/server/connection.c b/server/connection.c index b0093e16c9d..03ecd90107c 100644 --- a/server/connection.c +++ b/server/connection.c @@ -202,13 +202,9 @@ AP_DECLARE(void) ap_lingering_close(conn_rec *c) AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd) { - int rc; ap_update_vhost_given_ip(c); - rc = ap_run_pre_connection(c, csd); - if (rc != OK && rc != DONE) { - c->aborted = 1; - } + ap_pre_connection(c, csd); if (!c->aborted) { ap_run_process_connection(c); diff --git a/server/core.c b/server/core.c index 15645210762..f30e23715cb 100644 --- a/server/core.c +++ b/server/core.c @@ -5300,6 +5300,31 @@ static int core_pre_connection(conn_rec *c, void *csd) return DONE; } +AP_DECLARE(int) ap_pre_connection(conn_rec *c, void *csd) +{ + int rc = OK; + + rc = ap_run_pre_connection(c, csd); + if (rc != OK && rc != DONE) { + c->aborted = 1; + /* + * In case we errored, the pre_connection hook of the core + * module maybe did not run (it is APR_HOOK_REALLY_LAST) and + * hence we missed to + * + * - Put the socket in c->conn_config + * - Setup core output and input filters + * - Set socket options and timeouts + * + * Hence call it in this case. + */ + if (!ap_get_conn_socket(c)) { + core_pre_connection(c, csd); + } + } + return rc; +} + AP_DECLARE(int) ap_state_query(int query) { switch (query) { diff --git a/server/mpm/event/event.c b/server/mpm/event/event.c index 8302091cd5c..5458aa85e97 100644 --- a/server/mpm/event/event.c +++ b/server/mpm/event/event.c @@ -995,11 +995,10 @@ static void process_socket(apr_thread_t *thd, apr_pool_t * p, apr_socket_t * soc ap_update_vhost_given_ip(c); - rc = ap_run_pre_connection(c, sock); + rc = ap_pre_connection(c, sock); if (rc != OK && rc != DONE) { ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c, APLOGNO(00469) "process_socket: connection aborted"); - c->aborted = 1; } /**