From: Eric Covener Date: Tue, 2 Jun 2026 13:20:28 +0000 (+0000) Subject: Merge r1931949, r1934628, r1934678, r1934743 from trunk: X-Git-Tag: 2.4.68-rc1-candidate~37 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dbf1cc4dd62b681a0066271720994a047a3329ca;p=thirdparty%2Fapache%2Fhttpd.git Merge r1931949, r1934628, r1934678, r1934743 from trunk: *) mod_http2: update to version 2.0.39 Remove streams own memory allocator after reports of memory problems with third party modules. *) mod_http2: update to version 2.0.40 Fix error handling on upload requests when server runs out of file handles that left beam bucket callbacks in place, potentially using no longer valid references. Only applies on platforms with pipes and file descriptor limits not healthy for a network server. *) mod_http2: update to version 2.0.41 Fix cookie header accounting against LimitRequestFields. *) mod_http2: update to version 2.0.42 Fix excessive file description use for non-TLS frontend connections when sending files. Fixes Submitted By: icing Reviewed By: various (icing, steffenal, covener jim) git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1934882 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/h2_v2.0.40.txt b/changes-entries/h2_v2.0.40.txt new file mode 100644 index 0000000000..d8c7718da0 --- /dev/null +++ b/changes-entries/h2_v2.0.40.txt @@ -0,0 +1,6 @@ + *) mod_http2: update to version 2.0.40 + Fix error handling on upload requests when server runs out of file + handles that left beam bucket callbacks in place, potentially using + no longer valid references. Only applies on platforms with pipes + and file descriptor limits not healthy for a network server. + [Stefan Eissing] diff --git a/changes-entries/h2_v2.0.41.txt b/changes-entries/h2_v2.0.41.txt new file mode 100644 index 0000000000..4d7df59fed --- /dev/null +++ b/changes-entries/h2_v2.0.41.txt @@ -0,0 +1,3 @@ + *) mod_http2: update to version 2.0.41 + Fix cookie header accounting against LimitRequestFields. + [Stefan Eissing] diff --git a/changes-entries/h2_v2.0.42.txt b/changes-entries/h2_v2.0.42.txt new file mode 100644 index 0000000000..b58a606920 --- /dev/null +++ b/changes-entries/h2_v2.0.42.txt @@ -0,0 +1,4 @@ + *) mod_http2: update to version 2.0.42 + Fix excessive file description use for non-TLS frontend connections when + sending files. Fixes + [Stefan Eissing] diff --git a/modules/http2/h2_c1_io.c b/modules/http2/h2_c1_io.c index 5ed4ee818e..c239254d3c 100644 --- a/modules/http2/h2_c1_io.c +++ b/modules/http2/h2_c1_io.c @@ -144,32 +144,21 @@ apr_status_t h2_c1_io_init(h2_c1_io *io, h2_session *session) io->session = session; io->output = apr_brigade_create(c->pool, c->bucket_alloc); - io->is_tls = ap_ssl_conn_is_ssl(session->c1); - io->buffer_output = io->is_tls; io->flush_threshold = 4 * (apr_size_t)h2_config_sgeti64(session->s, H2_CONF_STREAM_MAX_MEM); - if (io->buffer_output) { - /* This is what we start with, - * see https://issues.apache.org/jira/browse/TS-2503 - */ - io->warmup_size = h2_config_sgeti64(session->s, H2_CONF_TLS_WARMUP_SIZE); - io->cooldown_usecs = (h2_config_sgeti(session->s, H2_CONF_TLS_COOLDOWN_SECS) - * APR_USEC_PER_SEC); - io->cooldown_usecs = 0; - io->write_size = (io->cooldown_usecs > 0? - WRITE_SIZE_INITIAL : WRITE_SIZE_MAX); - } - else { - io->warmup_size = 0; - io->cooldown_usecs = 0; - io->write_size = 0; - } + /* This is what we start with, + * see https://issues.apache.org/jira/browse/TS-2503 + */ + io->warmup_size = h2_config_sgeti64(session->s, H2_CONF_TLS_WARMUP_SIZE); + io->cooldown_usecs = (h2_config_sgeti(session->s, H2_CONF_TLS_COOLDOWN_SECS) + * APR_USEC_PER_SEC); + io->write_size = (io->cooldown_usecs > 0? + WRITE_SIZE_INITIAL : WRITE_SIZE_MAX); if (APLOGctrace1(c)) { ap_log_cerror(APLOG_MARK, APLOG_TRACE4, 0, c, - "h2_c1_io(%ld): init, buffering=%d, warmup_size=%ld, " - "cd_secs=%f", c->id, io->buffer_output, - (long)io->warmup_size, + "h2_c1_io(%ld): init, warmup_size=%ld, " + "cd_secs=%f", c->id, (long)io->warmup_size, ((double)io->cooldown_usecs/APR_USEC_PER_SEC)); } @@ -366,25 +355,19 @@ apr_status_t h2_c1_io_add_data(h2_c1_io *io, const char *data, size_t length) ap_log_cerror(APLOG_MARK, APLOG_TRACE2, 0, io->session->c1, "h2_c1_io(%ld): adding %ld data bytes", io->session->c1->id, (long)length); - if (io->buffer_output) { - while (length > 0) { - remain = assure_scratch_space(io); - if (remain >= length) { - memcpy(io->scratch + io->slen, data, length); - io->slen += length; - length = 0; - } - else { - memcpy(io->scratch + io->slen, data, remain); - io->slen += remain; - data += remain; - length -= remain; - } + while (length > 0) { + remain = assure_scratch_space(io); + if (remain >= length) { + memcpy(io->scratch + io->slen, data, length); + io->slen += length; + length = 0; + } + else { + memcpy(io->scratch + io->slen, data, remain); + io->slen += remain; + data += remain; + length -= remain; } - } - else { - status = apr_brigade_write(io->output, NULL, NULL, data, length); - io->buffered_len += length; } return status; } @@ -403,7 +386,7 @@ apr_status_t h2_c1_io_append(h2_c1_io *io, apr_bucket_brigade *bb) APR_BUCKET_REMOVE(b); APR_BRIGADE_INSERT_TAIL(io->output, b); } - else if (io->buffer_output) { + else { apr_size_t remain = assure_scratch_space(io); if (b->length > remain) { apr_bucket_split(b, remain); @@ -423,13 +406,6 @@ apr_status_t h2_c1_io_append(h2_c1_io *io, apr_bucket_brigade *bb) continue; } } - else { - /* no buffering, forward buckets setaside on flush */ - apr_bucket_setaside(b, io->session->c1->pool); - APR_BUCKET_REMOVE(b); - APR_BRIGADE_INSERT_TAIL(io->output, b); - io->buffered_len += b->length; - } } cleanup: return rv; diff --git a/modules/http2/h2_c1_io.h b/modules/http2/h2_c1_io.h index c4dac38e1e..60bd722242 100644 --- a/modules/http2/h2_c1_io.h +++ b/modules/http2/h2_c1_io.h @@ -30,7 +30,6 @@ typedef struct { struct h2_session *session; apr_bucket_brigade *output; - int is_tls; int unflushed; apr_time_t cooldown_usecs; apr_int64_t warmup_size; @@ -40,7 +39,6 @@ typedef struct { apr_int64_t bytes_read; apr_int64_t bytes_written; - int buffer_output; apr_off_t buffered_len; apr_off_t flush_threshold; unsigned int is_flushed : 1; diff --git a/modules/http2/h2_config.c b/modules/http2/h2_config.c index 94fd8d2242..c9ad42eca5 100644 --- a/modules/http2/h2_config.c +++ b/modules/http2/h2_config.c @@ -106,7 +106,7 @@ static h2_config defconf = { 1, /* modern TLS only */ -1, /* HTTP/1 Upgrade support */ 1024*1024, /* TLS warmup size */ - 1, /* TLS cooldown secs */ + 0, /* TLS cooldown secs */ 1, /* HTTP/2 server push enabled */ NULL, /* map of content-type to priorities */ 256, /* push diary size */ diff --git a/modules/http2/h2_mplx.c b/modules/http2/h2_mplx.c index 8053f60c9a..c50e15ccd5 100644 --- a/modules/http2/h2_mplx.c +++ b/modules/http2/h2_mplx.c @@ -880,9 +880,6 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_ memset(&conn_ctx->pipe_in, 0, sizeof(conn_ctx->pipe_in)); if (stream->input) { conn_ctx->beam_in = stream->input; - h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2); - h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2); - h2_beam_on_consumed(stream->input, c1_input_consumed, stream); #if H2_USE_PIPES action = "create input write pipe"; rv = apr_file_pipe_create_pools(&conn_ctx->pipe_in[H2_PIPE_OUT], @@ -891,6 +888,9 @@ static apr_status_t c2_setup_io(h2_mplx *m, conn_rec *c2, h2_stream *stream, h2_ c2->pool, c2->pool); if (APR_SUCCESS != rv) goto cleanup; #endif + h2_beam_on_send(stream->input, c2_beam_input_write_notify, c2); + h2_beam_on_received(stream->input, c2_beam_input_read_notify, c2); + h2_beam_on_consumed(stream->input, c1_input_consumed, stream); h2_beam_on_eagain(stream->input, c2_beam_input_read_eagain, c2); if (!h2_beam_empty(stream->input)) c2_beam_input_write_notify(c2, stream->input); diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c index b377ff77f1..b3039451f3 100644 --- a/modules/http2/h2_util.c +++ b/modules/http2/h2_util.c @@ -1708,6 +1708,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool, && !ap_cstr_casecmpn("cookie", (const char *)nv->name, nv->namelen)) { existing = apr_table_get(headers, "cookie"); if (existing) { + if (!nv->valuelen) + return APR_SUCCESS; /* Cookie header come separately in HTTP/2, but need * to be merged by "; " (instead of default ", ") */ @@ -1719,6 +1721,8 @@ static apr_status_t req_add_header(apr_table_t *headers, apr_pool_t *pool, apr_table_setn(headers, "Cookie", apr_psprintf(pool, "%s; %.*s", existing, (int)nv->valuelen, nv->value)); + /* Treat the merge as an "add" to not escape LimitRequestFields */ + *pwas_added = 1; return APR_SUCCESS; } } diff --git a/modules/http2/h2_version.h b/modules/http2/h2_version.h index 077e778e12..b7627bb6fc 100644 --- a/modules/http2/h2_version.h +++ b/modules/http2/h2_version.h @@ -27,7 +27,7 @@ * @macro * Version number of the http2 module as c string */ -#define MOD_HTTP2_VERSION "2.0.39" +#define MOD_HTTP2_VERSION "2.0.42" /** * @macro @@ -35,7 +35,7 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define MOD_HTTP2_VERSION_NUM 0x020027 +#define MOD_HTTP2_VERSION_NUM 0x02002a #endif /* mod_h2_h2_version_h */