Graham Leggett [Sun, 7 Apr 2002 19:12:27 +0000 (19:12 +0000)]
Correct a timeout problem within proxy which would force long
or slow POST requests to close after 300 seconds.
PR: 7572
Obtained from:
Submitted by: Martin Lichtin <martin@lichtin.net>, Brian Bothwell <brian.bothwell@wisdomtools.com>
Reviewed by:
Graham Leggett [Sat, 6 Apr 2002 13:20:48 +0000 (13:20 +0000)]
Remove the last little bit of the multiple-headers bug in proxy. Before,
only the last instance of a header would have been cached.
PR:
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Sat, 6 Apr 2002 13:12:36 +0000 (13:12 +0000)]
Fix a log line message to be clearer. There have been queries in the past
as to whether this message was an Apache problem, when it warns of a
downstream server problem.
PR:
Obtained from:
Submitted by:
Reviewed by:
Fixed incompliance of AB when used with a proxy as reported by
Taisuke Yamada <tai@iij.ad.jp>. Added error trapping to the
write function (important on systems with defered errors
after a connect). Documented the weakness of the write()
function - it assumes the whole RQ can always be fully
written to the socket. Fixed a compiler warning which
pointed out that 'bad' was both a label and a variable.
Joshua Slive [Thu, 28 Mar 2002 18:56:08 +0000 (18:56 +0000)]
Update the Redhat layout to match v7. I decided to just replace the old layout
on the principal that tracking every version of every os in config.layout would
be a nightmare.
Graham Leggett [Mon, 25 Mar 2002 22:45:05 +0000 (22:45 +0000)]
Tighten up the overridden-Server-header bugfix in the proxy, by
only overriding if the request is a proxy request. It has been
pointed out that the previous fix allows CGIs and modules to
override the Server header, which is change to previous behavior.
PR:
Obtained from:
Submitted by: Graham Leggett, Joshua Slive
Reviewed by:
Cliff Woolley [Thu, 21 Mar 2002 17:02:53 +0000 (17:02 +0000)]
Because of the if's I change to else if's, these continue's are now
functionally useless. This gets rid of them without changing the behavior
at all (ie, it doesn't matter if this change makes it in to 1.3.24 or not).
Cliff Woolley [Thu, 21 Mar 2002 16:48:46 +0000 (16:48 +0000)]
handle_if() and handle_elif() were now correctly checking return codes,
but send_parsed_content() was ignoring THEIR return codes, resulting in
another segfault in a related set of circumstances. In all cases we
should consider ret!=0 from any of the handle_foo() functions to mean
premature EOF was encountered.
Aaron Bannert [Thu, 21 Mar 2002 16:16:15 +0000 (16:16 +0000)]
Fix minor formatting error. Mention the default for CGICommandArgs.
Also mention isindex-style query argument passing, so we don't confuse
this with QUERY_STRING.
Introduce proper escaping of command.com and cmd.exe for Win32.
These patches close vulnerability CAN-2002-0061, identified and
reported by Ory Segal <ory.segal@sanctuminc> 13 Feb 2002, by which
any invocation of .bat or .cmd files permit system comprimize
when cmd.exe parsed the args passed from QUERY_STRING.
[William Rowe]
Patches of the set reviewed by Allan Edwards and Bill Stoddard,
while the security solutions were reviewed at length by the entire
security community at the ASF.
Share ap_double_quotes() code between OS2 and Win32 to use
for Win32's command.com, and introduce ap_caret_escape_args()
for Win32's cmd.exe. [William Rowe]
Graham Leggett [Thu, 21 Mar 2002 14:49:46 +0000 (14:49 +0000)]
When a proxied site was being served, Apache was replacing
the original site Server header with it's own, which is not
allowed by RFC2616. Fixed.
PR:
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Thu, 21 Mar 2002 14:37:42 +0000 (14:37 +0000)]
Change ap_construct_url() so that the r->hostname is used in
the URL instead of the value of the ServerName directive. This
stops Apache redirecting to a different website name to the
one the user typed in, which can break cookies and javascript
handling on the client.
PR:
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Thu, 21 Mar 2002 11:38:03 +0000 (11:38 +0000)]
Fixed the previous multiple-cookie fix in the proxy. Cookies
are broken in that they contain dates which in turn contain
commas - so merging and then unmerging them breaks Set-Cookie
headers. Sigh.
PR:
Obtained from:
Submitted by:
Reviewed by:
Introduce earlier identification of command.com v.s. cmd.exe
for Win32 .bat/.cmd scripts, and assure we treat command.com
as a 16-bit application. [William Rowe]
Pass the command line to the cmd.exe /c interpreter double quoted.
This fixes a bug that CGI args ending in a double-quote would cause
invocation to fail. Just fixed the converse problem in Apache 2.0,
where assumed they all acted as cmd.exe, which command.com will not.
[William Rowe]
Win32; Never invoke cmd or bat scripts based on the registry,
even with 'ScriptInterpreterSource Registry' enabled, since I've
discovered the registry is inconsistent between the versions of
WinNT/2K/XP. [William Rowe]
Provide Win32 users a log of the cgi command invoked, to assist
in debugging scripts, at LogLevel info. Also provide env vars
at LogLevel debug for additional help to admins troubleshooting
the ever mysterious "Premature end of script headers" error.
Since this is the single most common cause of trouble reports on
the newslist, at least this gives us something to point users at.
[Aaron Bannert]
Resolve bugs introduced by my Rev 1.173, which attempted to close
a type mismatch error. This truncation should now produce a random
result, once again. PR 10090, 10185
Bug pinpointed by Jeroen Boomgaardt <jeroen@swissclue.com>
Bradley Nicholes [Wed, 13 Mar 2002 15:58:40 +0000 (15:58 +0000)]
Added the -e command line directive for NetWare to force all fatal
configuration file errors to the logger screen rather than to the Apache
screen. This allows Apache to shutdown cleanly and completely on an
error condition without losing the error information that was written to the
screen or requiring user interaction to close the Apache screen.
Graham Leggett [Sat, 9 Mar 2002 22:25:41 +0000 (22:25 +0000)]
Add the ProxyIOBufferSize option. Previously the size of the
buffer used while reading from the remote server in proxy was
taken from ProxyReceiveBufferSize. These two functions were
similar but not the same, thus the need for the split.
PR:
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Fri, 8 Mar 2002 18:35:11 +0000 (18:35 +0000)]
Fix a NULL variable check in proxy where we were checking the
wrong variable.
PR:
Obtained from:
Submitted by: Geff Hanoian <geff@pier64.com>
Reviewed by: Graham Leggett
Bradley Nicholes [Thu, 28 Feb 2002 16:57:57 +0000 (16:57 +0000)]
Logging module for NetWare that implements log rotation. This solves the
log rotation problem for NetWare since the NetWare OS does not support
pipes and can therefore not use the RotateLog utility.
Bill Stoddard [Tue, 26 Feb 2002 14:25:56 +0000 (14:25 +0000)]
Win32: Emulate the blocking send/recv calls that were called in these functions
when the timeout was set to 0. This is a bit of a hack but it is an improvement
over the original code. A better fix would involve making too many other changes
to the server that I would prefer not to make in the 1.3 tree.
Jeff Trawick [Fri, 22 Feb 2002 17:31:06 +0000 (17:31 +0000)]
This patch changes a TPF-specific section of http_main.c to use the
correct subpool when initially opening the error log.
This makes TPF's ap_open_logs call the same as other platforms and
prevents a possible SIGPIPE in standalone_main on TPF.
Submitted by: David McCreedy
Reviewed by: Jeff Trawick
Graham Leggett [Thu, 21 Feb 2002 06:03:08 +0000 (06:03 +0000)]
When proxy enabled a slow frontend client to read from an
expensive backend server, it would wait until it had delivered
the response to the slow frontend client completely before
closing the backend connection. The backend connection is now
closed as soon as the last byte is read from it, freeing up
resources that would have been tied up unnecessarily.
The proxy code read chunks from the backend server in a
hardcoded amount of 8k. The existing ProxyReceiveBufferSize
parameter has been overloaded to specify the size of this buffer.
Martin Kraemer [Fri, 15 Feb 2002 11:32:34 +0000 (11:32 +0000)]
[Security] Prevent invalid client hostnames from appearing in
the log file. If a double-reverse lookup was performed (e.g.,
for an "Allow from .my.domain" directive) but failed, then
a spoofed dns-reverse-address could appear in the logs. Now
the numeric address is logged instead. Note that
reverse-address-spoofing did NOT actually allow access
to any protected resource! It was only possible to cause apache to
log arbitrary names (for resources protected thusly) if you had
control over the reverse dns zone.
Graham Leggett [Wed, 13 Feb 2002 05:35:02 +0000 (05:35 +0000)]
Some browsers ignore cookies that have been merged into a
single Set-Cookie header. Set-Cookie and Set-Cookie2 headers
are now unmerged in the http proxy before being sent to the
client.
PR:
Obtained from:
Submitted by:
Reviewed by:
Graham Leggett [Mon, 11 Feb 2002 21:15:19 +0000 (21:15 +0000)]
Corrected the use of ap_table_set and ap_table_merge:
- Fix a problem with proxy where each entry of a duplicated
header such as Set-Cookie would overwrite and obliterate the
previous value of the header, resulting in multiple header
values (like cookies) going missing.
- Fix a problem with proxy where X-Cache headers were
overwriting and then obliterating upstream X-Cache headers
from other proxies.
PR:
Obtained from:
Submitted by:
Reviewed by:
Bill Stoddard [Sat, 9 Feb 2002 14:51:30 +0000 (14:51 +0000)]
Win32: Eliminate blocking network i/o in the Windows code paths. In practice
only sends() were ever blocking. That any network i/o was ever blocking
could be considered a bug in Apache.
This patch seems to work around a bug in WinXP that causes network write
data corruption. The bug appears to be tickled by the combined use of
WSADuplicateSocket and blocking sends(). Allan Edwards is submitting a
bug report to Microsoft.
Only lower case the canonical name on a call to ap_os_canonical_filename()
if ap_os_case_canonical_filename() fails to retieve the information from the
file system, at least we have the casing from the request.
Ken Coar [Tue, 5 Feb 2002 15:21:55 +0000 (15:21 +0000)]
Demote the 'turned /foo into http://host/foo' message from
WARNING to DEBUG; it's a supported operation, so no need to
fill normal log files with noise. Setting LogLevel to Debug
will show the activity, though.
Martin Kraemer [Mon, 4 Feb 2002 13:57:39 +0000 (13:57 +0000)]
Fix the longstanding bug that errors (returned by src/Configure)
would not be noticed by the top level configure script.
That was bad for automated production environments, as errors would
go thru unnoticed, and caused havoc much later in the production.
Martin Kraemer [Sun, 27 Jan 2002 22:08:30 +0000 (22:08 +0000)]
ftp proxy: various cosmetic and functional improvements
- Allow for /%2f hack (to access the root directory / )
- properly escape generated links in dir listing
- do directory listings in ASCII, to avoid problems with EBCDIC servers
- close data & control channels to server properly
- rename "BUFF f" to "BUFF data" or "BUFF ctrl", depending on its FTP use
Martin Kraemer [Sun, 27 Jan 2002 19:57:55 +0000 (19:57 +0000)]
* Rename "BUFF f" to "BUFF data" or "BUFF ctrl", depending on ftp use
(cosmetics only)
* Make output look more like xhtml (cosmetics only)
* Properly escape file names from ftp directory listing (as HTML or URI)
* Treat ftp rc 421 (closing connection) like -1 (connection was closed)
* fix a possible pointer underrun
projects / thirdparty / apache / httpd.git / log
