From 43a0fdabc7c55b0dcdb51bc6b5a8b2b95699d3f2 Mon Sep 17 00:00:00 2001 From: Paul Querna Date: Sat, 20 Aug 2005 18:39:06 +0000 Subject: [PATCH] Revert OID() changes to mod_setenvif, and sync() CHANGES git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@234108 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 11 +----- modules/metadata/mod_setenvif.c | 70 +-------------------------------- 2 files changed, 3 insertions(+), 78 deletions(-) diff --git a/CHANGES b/CHANGES index 81d92e1ce13..18775f952a0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,6 @@ -*- coding: utf-8 -*- -Changes with Apache 2.3.0 +Changes with Apache 2.1.7 + [Remove entries to the current 2.0 section below, when backported] *) SECURITY: CAN-2005-2491 (cve.mitre.org): Fix integer overflows in PCRE in quantifier parsing which could @@ -32,14 +33,6 @@ Changes with Apache 2.3.0 links for clients not using an Authorization header. [Graham Leggett, Jon Snow ] - *) Teach mod_ssl to use arbitraty OIDs in an SSLRequire directive, - allowing string-valued client certificate attributes to be used for - access control, as in: SSLRequire "value" in OID("1.3.6.1.4.1.18060.1") - [Martin Kraemer, David Reid] - -Changes with Apache 2.1.7 - [Remove entries to the current 2.0 section below, when backported] - *) mod_cache: Restore the HTTP status of cached responses. [Hansjoerg Pehofer ] diff --git a/modules/metadata/mod_setenvif.c b/modules/metadata/mod_setenvif.c index 2d568cc0fc9..f07a9f5925e 100644 --- a/modules/metadata/mod_setenvif.c +++ b/modules/metadata/mod_setenvif.c @@ -94,7 +94,6 @@ #include "http_log.h" #include "http_protocol.h" -#include "mod_ssl.h" enum special { SPECIAL_NOT, @@ -103,8 +102,7 @@ enum special { SPECIAL_REQUEST_URI, SPECIAL_REQUEST_METHOD, SPECIAL_REQUEST_PROTOCOL, - SPECIAL_SERVER_ADDR, - SPECIAL_OID_VALUE + SPECIAL_SERVER_ADDR }; typedef struct { char *name; /* header name */ @@ -123,8 +121,6 @@ typedef struct { module AP_MODULE_DECLARE_DATA setenvif_module; -static APR_OPTIONAL_FN_TYPE(ssl_extlist_by_oid) *ssl_extlist_by_oid_func = NULL; - /* * These routines, the create- and merge-config functions, are called * for both the server-wide and the per-directory contexts. This is @@ -349,31 +345,6 @@ static const char *add_setenvif_core(cmd_parms *cmd, void *mconfig, else if (!strcasecmp(fname, "server_addr")) { new->special_type = SPECIAL_SERVER_ADDR; } - else if (!strncasecmp(fname, "oid(",4)) { - ap_regmatch_t match[AP_MAX_REG_MATCH]; - - new->special_type = SPECIAL_OID_VALUE; - - /* Syntax check and extraction of the OID as a regex: */ - new->pnamereg = ap_pregcomp(cmd->pool, - "^oid\\(\"?([0-9.]+)\"?\\)$", - (AP_REG_EXTENDED // | AP_REG_NOSUB - | AP_REG_ICASE)); - /* this can never happen, as long as pcre works: - if (new->pnamereg == NULL) - return apr_pstrcat(cmd->pool, cmd->cmd->name, - "OID regex could not be compiled.", NULL); - */ - if (ap_regexec(new->pnamereg, fname, AP_MAX_REG_MATCH, match, 0) == AP_REG_NOMATCH) { - return apr_pstrcat(cmd->pool, cmd->cmd->name, - "OID syntax is: oid(\"1.2.3.4.5\"); error in: ", - fname, NULL); - } - new->pnamereg = NULL; - /* The name field is used for the stripped oid string */ - new->name = fname = apr_pstrdup(cmd->pool, fname+match[1].rm_so); - fname[match[1].rm_eo - match[1].rm_so] = '\0'; - } else { new->special_type = SPECIAL_NOT; /* Handle fname as a regular expression. @@ -504,8 +475,6 @@ static int match_headers(request_rec *r) * same header. Remember we don't need to strcmp the two header * names because we made sure the pointers were equal during * configuration. - * In the case of SPECIAL_OID_VALUE values, each oid string is - * dynamically allocated, thus there are no duplicates. */ if (b->name != last_name) { last_name = b->name; @@ -529,34 +498,6 @@ static int match_headers(request_rec *r) case SPECIAL_REQUEST_PROTOCOL: val = r->protocol; break; - case SPECIAL_OID_VALUE: - /* If mod_ssl is not loaded, the accessor function is NULL */ - if (ssl_extlist_by_oid_func != NULL) - { - apr_array_header_t *oid_array; - char **oid_value; - int j, len = 0; - char *retval = NULL; - - /* The given oid can occur multiple times. Concatenate the values */ - if ((oid_array = ssl_extlist_by_oid_func(r, b->name)) != NULL) { - oid_value = (char **) oid_array->elts; - /* pass 1: determine the size of the string */ - for (len=j=0; j < oid_array->nelts; j++) { - len += strlen(oid_value[j]) + 1; /* +1 for ',' or terminating NIL */ - } - retval = apr_palloc(r->pool, len); - /* pass 2: fill the string */ - for (j=0; j < oid_array->nelts; j++) { - if (j > 0) { - strcat(retval, ","); - } - strcat(retval, oid_value[j]); - } - } - val = retval; - } - break; case SPECIAL_NOT: if (b->pnamereg) { /* Matching headers_in against a regex. Iterate through @@ -627,19 +568,10 @@ static int match_headers(request_rec *r) return DECLINED; } -static int setenvif_post_config(apr_pool_t *pconf, apr_pool_t *plog, - apr_pool_t *ptemp, server_rec *s) -{ - ssl_extlist_by_oid_func = APR_RETRIEVE_OPTIONAL_FN(ssl_extlist_by_oid); - return OK; -} - static void register_hooks(apr_pool_t *p) { ap_hook_header_parser(match_headers, NULL, NULL, APR_HOOK_MIDDLE); ap_hook_post_read_request(match_headers, NULL, NULL, APR_HOOK_MIDDLE); - /* post config handling */ - ap_hook_post_config(setenvif_post_config, NULL, NULL, APR_HOOK_MIDDLE); } module AP_MODULE_DECLARE_DATA setenvif_module = -- 2.47.2