From: André Malo <nd@apache.org>
Date: Sun, 15 Aug 2004 22:42:14 +0000 (+0000)
Subject: Recursive Include directives no longer crash. The server stops
X-Git-Tag: STRIKER_2_0_51_RC1^2~81
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8217ca7035b93a11bee6200d347a29b605df5db0;p=thirdparty%2Fapache%2Fhttpd.git

Recursive Include directives no longer crash. The server stops
including configuration files after a certain nesting level (128
as distributed). This is configurable at compile time using the
-DAP_MAX_INCLUDE_DEPTH switch.

PR: 28370
Reviewed by: Brad Nicholes, Jeff Trawick


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104671 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index bea2c20c7cf..b25c8fc727d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.51
 
+  *) Recursive Include directives no longer crash. The server stops
+     including configuration files after a certain nesting level (128
+     as distributed). This is configurable at compile time using the
+     -DAP_MAX_INCLUDE_DEPTH switch. PR 28370.  [André Malo]
+
   *) mod_dir: the trailing-slash behaviour is now configurable using the
      DirectorySlash directive.  [André Malo]
 
diff --git a/STATUS b/STATUS
index 844827b7d2d..3951bbcfae8 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/15 21:59:57 $]
+Last modified at [$Date: 2004/08/15 22:42:13 $]
 
 Release:
 
@@ -192,12 +192,6 @@ PATCHES TO BACKPORT FROM 2.1
          server/config.c: r1.175
        +1: nd
 
-    *) detect Include directive recursion by counting the nesting level.
-       PR 28370.
-         server/core.c: r1.275
-         os/netware/pre_nw.h: r1.7
-       +1: nd, bnicholes, trawick
-
     *) mod_headers: Regression from 1.3: There's no ErrorHeader directive.
        Since this was always a misnomer, it was dropped in 2.1 and
        Header was extended instead. Backport this from 2.1 and document
diff --git a/os/netware/pre_nw.h b/os/netware/pre_nw.h
index 910ab57cdae..0f2a9327a98 100644
--- a/os/netware/pre_nw.h
+++ b/os/netware/pre_nw.h
@@ -60,6 +60,9 @@
 /* Allow MOD_AUTH_DBM to use APR */
 #define AP_AUTH_DBM_USE_APR
 
+/* Restrict the number of nested includes */
+#define AP_MAX_INCLUDE_DEPTH    48
+
 #endif
 
 
diff --git a/server/config.c b/server/config.c
index 1ff94d54f57..64e4717c579 100644
--- a/server/config.c
+++ b/server/config.c
@@ -1108,7 +1108,7 @@ AP_DECLARE(const char *) ap_build_config(cmd_parms *parms,
 {
     ap_directive_t *current = *conftree;
     ap_directive_t *curr_parent = NULL;
-    char l[MAX_STRING_LEN];
+    char *l = apr_palloc (temp_pool, MAX_STRING_LEN);
     const char *errmsg;
 
     if (current != NULL) {
diff --git a/server/core.c b/server/core.c
index 31354faad72..21af7ee0e0a 100644
--- a/server/core.c
+++ b/server/core.c
@@ -59,6 +59,11 @@
 
 #define AP_MIN_SENDFILE_BYTES           (256)
 
+/* maximum include nesting level */
+#ifndef AP_MAX_INCLUDE_DEPTH
+#define AP_MAX_INCLUDE_DEPTH            (128)
+#endif
+
 APR_HOOK_STRUCT(
     APR_HOOK_LINK(get_mgmt_items)
 )
@@ -2244,9 +2249,30 @@ static const char *include_config (cmd_parms *cmd, void *dummy,
                                    const char *name)
 {
     ap_directive_t *conftree = NULL;
-    const char* conffile = ap_server_root_relative(cmd->pool, name);
+    const char* conffile;
+    unsigned *recursion;
+    void *data;
+
+    apr_pool_userdata_get(&data, "ap_include_sentinel", cmd->pool);
+    if (data) {
+        recursion = data;
+    }
+    else {
+        data = recursion = apr_palloc(cmd->pool, sizeof(*recursion));
+        *recursion = 0;
+        apr_pool_userdata_setn(data, "ap_include_sentinel", NULL, cmd->pool);
+    }
 
+    if (++*recursion > AP_MAX_INCLUDE_DEPTH) {
+        *recursion = 0;
+        return apr_psprintf(cmd->pool, "Exceeded maximum include depth of %u. "
+                            "You have probably a recursion somewhere.",
+                            AP_MAX_INCLUDE_DEPTH);
+    }
+
+    conffile = ap_server_root_relative(cmd->pool, name);
     if (!conffile) {
+        *recursion = 0;
         return apr_pstrcat(cmd->pool, "Invalid Include path ", 
                            name, NULL);
     }
@@ -2254,6 +2280,12 @@ static const char *include_config (cmd_parms *cmd, void *dummy,
     ap_process_resource_config(cmd->server, conffile,
                                &conftree, cmd->pool, cmd->temp_pool);
     *(ap_directive_t **)dummy = conftree;
+
+    /* recursion level done */
+    if (*recursion) {
+        --*recursion;
+    }
+
     return NULL;
 }