Constify + save a few bytes in conf pool
Save a few bytes in conf pool when processing 'AllowOverrideList'.
The 'override_list' table is allocated from the cmd->pool, just as all strings from argv[].
So there is no need to duplicate them.
+ some minor style issues
Save a few bytes in conf pool
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1715015 13f79535-47bb-0310-9956-ffa450edef68
Make the fix for fully qualifying REDIRECT_URL from PR#57785 opt-in.
followup to r1710380 -- refactored name and didn't have 'make depend'
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1712268 13f79535-47bb-0310-9956-ffa450edef68
adding ap_get_protocol(c) which safeguards against NULL returns, for use instead of direct calling ap_run_protocol_get
changed Protocols to let vhosts override servers, removed old H2Engine example from readme
creating ap_array_index in util, forwarding scheme into request processing, enabling SSL vars only when scheme is not http:, delayed connection creation until task worker assignment
removed unnecessary lingering_close and sbh update on end of protocol upgrade handling
introducing ap_array_index in util, used in protocol and mod_h2
fixes existing protocol missing in selection if not explicitly proposed
new directive ProtocolsHonorOrder, added documentation for Protocols feature, changed preference selection and config merging
removed accidental code
new Protocols directive and core API changes to enable protocol switching on HTTP Upgrade or ALPN, implemented in mod_ssl and mod_h2
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse
proxy configuration, a remote attacker could send a carefully crafted
request which could crash a server process, resulting in denial of
service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for
reporting this issue.
* server/util.c (ap_parse_token_list_strict): New function.
* modules/proxy/proxy_util.c (find_conn_headers): Use it here.
* modules/proxy/mod_proxy_http.c (ap_proxy_http_process_response):
Send a 400 for a malformed Connection header.
Submitted by: Edward Lu, breser, covener
http, mod_ssl: Introduce and return the 421 (Misdirected Request) status code
for clients requesting a hostname on a reused connection whose SNI (from the
TLS handshake) does not match.
PR 5802.
This allows HTTP/2 clients to fall back to a new connection as per:
https://tools.ietf.org/html/rfc7540#section-9.1.2
Proposed by: Stefan Eissing <stefan eissing.org>
Reviewed by: ylavic
c89
Allowing protocol_propose hooks to be called with offers=NULL, clarifying semantics as proposed by chaosed0@gmail.com
giving ap_array_index a start parameter, adding ap_array_contains
ap_process_request needs exportation for use in mod_h2 on Windows
final final change to the new ap_array_str_* functions after review
changed Protocols default to http/1.1 only, updated documentation, changed ap_select_protocol() to return NULL when no protocol could be agreed upon
mod_ssl: fix compiler warning (bad cast).
improvements in ap_select_protocol(), supplied by yann ylavic
Submitted by: icing, jorton, ylavic, covener, icing, icing, gsmith, icing, icing, ylavic, icing
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705672 13f79535-47bb-0310-9956-ffa450edef68
can't create new (clear) slots while previous children gracefully stopping
still use the old ones (e.g. Windows, OS2). PR 58024.
Submitted by: ylavic
Reviewed by: jim, minfrin
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1705499 13f79535-47bb-0310-9956-ffa450edef68
Core filters do not need mod_proxy.h
Small speed optimization when parsing <Limit>, <LimitExcept> and environment variables
Save a few bytes in conf pool
Remove some spaces between some return statements and ';' + fix a strange formating in a 'for' loop
In order to save a few cycles, delay a hash table lookup which is not necessary needed
Constify + save a few bytes in conf pool
Submitted by: ylavic, jailletc36, jailletc36, jailletc36, jailletc36, jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1703405 13f79535-47bb-0310-9956-ffa450edef68
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting
Silence a sparse warning about inconsistent indenting + some minor style issues
Remove useless line
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Fix some spurious ident spotted by sparse
Silence a sparse warning about inconsistent indenting + some minor style issues
Silence a sparse warning about inconsistent indenting + some minor style issues
Submitted by: jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1701772 13f79535-47bb-0310-9956-ffa450edef68
Replacement of ap_some_auth_required (unusable in Apache httpd 2.4)
with new ap_some_authn_required and ap_force_authn hook.
Submitted by: breser
Backports: r1684524
Reviewed by: wrowe, ylavic, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1684525 13f79535-47bb-0310-9956-ffa450edef68
* Fix typo in error message
mpm_event(opt): zero is immutable.
Fix printf format spotted by cppcheck.
Untested.
Submitted by: rpluem, ylavic, jailletc36
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1678232 13f79535-47bb-0310-9956-ffa450edef68
mpm_event: Allow for timer events duplicates.
Meanwhile ap[r]_skiplist_add()...
mpm_event: follow up to r1666468.
We only need one compare function for add semantic with apr_skiplist_insert()
and unique timers (pointers). It also should work with apr_skiplist_remove()
and apr_skiplist_find(), be they used some day.
mpm_event: follow up to r1666468 and r1666618.
We don't need to return 0 in the compare function, but for debugging purpose
which we could implement later if necessary (in a separate function).
For now, keep the function simple as in 2.4.x to ease backport, and add a
comment about why we never return 0 here.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1674921 13f79535-47bb-0310-9956-ffa450edef68
core: If explicitly configured, use the KeepaliveTimeout value of the
virtual host which handled the latest request on the connection, or by
default the one of the first virtual host bound to the same IP:port.
For non-async MPMs, use either r->server's or c->base_server's value in
ap_process_http_sync_connection() depending on a new server_rec's flag
called keep_alive_timeout_set and determined at config time.
For event MPM, use a queue per timeout value, chaining the queues per
type (keepalive wrt KeepAliveTimeout, write completion wrt to Timeout)
so that maintenance can be done on all the queues from the head, and such
that insertions/maintenance remain in O(1).
A server config is created and pointing to the queue of each vhost at
post_config time, hence the config can be associated to the connection
state (cs) at post_read_request time (keep_alive_timeout_set is used to
determine r->server vs c->base_server here), and we can simply insert
with TO_QUEUE_INSERT(cs->sc->q, cs). PR56226.
While at it, since each queue now embeds it own timeout and hence the
expiration_time of the cs has changed to a queue_timestamp (the time it
was queued), we can detect clock skews and expire entries immediatly if
the system is set (eg. far) in the past during runtime and we want to
avoid waiting for (eg.) centuries before the current logic kills them.
Any entry which is registered above now + q->timeout is concerned, and
is now cleaned from the queue when encountered. PR57374.
core: Follow up to r1664071: comments on new keep_alive_timeout_set flag.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670326 13f79535-47bb-0310-9956-ffa450edef68
core: Initialize scoreboard's used optional functions on graceful restarts to
avoid a crash when relocation occurs. PR 57177.
core: follow up to r1668532: CHANGES entry.
core: follow up to r1668532: always initialize optional_fn pointers in ap_create_scoreboard().
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670325 13f79535-47bb-0310-9956-ffa450edef68
core: Add expression support to ErrorDocument. Switch from a fixed
sized 664 byte array per merge to a hash table.
Submitted by: minfrin
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1670320 13f79535-47bb-0310-9956-ffa450edef68
*) SECURITY: CVE-2015-0253 (cve.mitre.org)
core: Fix a crash introduced in with ErrorDocument 400 pointing
to a local URL-path with the INCLUDES filter active, introduced
in 2.4.11. PR 57531. [Yann Ylavic]
Submitted By: ylavic
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1668879 13f79535-47bb-0310-9956-ffa450edef68
mpm_event: follow up to r1538490, r1545736, r1604350, r1639614 and r1642868.
Clear and restore sbh in notify_suspend() and notify_resume() respectively.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1664365 13f79535-47bb-0310-9956-ffa450edef68
* Save a few bytes in conf pool when parsing some directives. Use temp_pool
when applicable.
Submitted by: jailletc36
Reviewed by: jailletc36, ylavic, covener
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1662639 13f79535-47bb-0310-9956-ffa450edef68
core: Optimize string concatenation in expression
parser when evaluating a string expression.
We have a relatively small recursion limit of
about 10 operations. This is a compilation
limit (a define). It can be hit if many expr
vars or function calls are concatenated in an
expression that is evaluated as a string not as
a boolean.
The new optimization uses iteration instead of
recursion and is very similar to the
existing one, which optimizes consecutive
concatenations in node2 of the tree. The new
one optimizes consecutive concatenations in
node 1.
Submitted by: rjung
Reviewed by: rjung, ylavic, covener
Backported by: rjung
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1662075 13f79535-47bb-0310-9956-ffa450edef68
r1643672, r1496178 from trunk
* Synch with trunk:
- Add missing APLOGNO.
- mod_deflate: don't require <limits.h> by using APR_INT32_MAX instead of INT_MAX.
- Move two variable assignments off the fast path.
- Fix curly braces style. Remove useless empty lines
- tab vs space
- Removed tabs.
- dump fcgi headers with trace8 instead of debug+compile-time flag.
- Drop severity of "LDAP: Setting referrals to ON" from DEBUG to TRACE4
Submitted by: jailletc36, ylavic, minfrin, fuankg, covener
Reviewed by: jailletc36, minfrin, ylavic
Backported by: jailletc36
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1661845 13f79535-47bb-0310-9956-ffa450edef68
too much DirectoryMatch matching and is not critical to have in.
Discussion on dev@ on trunk rev commit msg for r1635428
Also, I don't think the addition in the middle of the core_dir_config
given that the core_dir_config is exposed to modules as kind
of a special case.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652902 13f79535-47bb-0310-9956-ffa450edef68
work due to the fact that we overload rv as both the DWORD windows result
and the apr_status_t result code.
Backport: r1611244
Reviewed by: wrowe, gsmith
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1652267 13f79535-47bb-0310-9956-ffa450edef68
Update conn_rec.id when a new thread begins working on a connection, because
the old thread may work on a new connection and assign the same ID in parallel.
Submitted By: Michael Thorpe
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651656 13f79535-47bb-0310-9956-ffa450edef68
Configuration files with long lines and continuation characters
are not read properly. PR 55910.
Submitted By: Manuel Mausz <manuel-as mausz.at>
Committed By: covener
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651653 13f79535-47bb-0310-9956-ffa450edef68
mod_ssl: Ensure that the SSL close notify alert is flushed to the client.
PR54998.
Submitted By: Tim Kosse <tim.kosse filezilla-project.org>, ylavic
Committed By: ylavic
mod_ssl: SSL_smart_shutdown(): follow up to r1601184.
Use SSL_get_wbio() to comply with OPENSSL_NO_SSL_INTERN.
Stop SSL shutdown loop when flush fails.
mpm_event[opt]: Send the SSL close notify alert when the KeepAliveTimeout
expires. PR54998.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1651077 13f79535-47bb-0310-9956-ffa450edef68
mpm_event: follow up to r1639614 (trunk) and r1642858 (2.4.x).
Notify suspend in any case when starting lingering close (blocking),
and outside the lingering queue's critical section.
Submitted by: ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1645936 13f79535-47bb-0310-9956-ffa450edef68
avoid dereferencing a recently apr_pool_clear()'ed event_conn_state_t *cs
in several paths where ptrans is being recycled at the end of a request.
event, eventopt: follow up to r1638879 and r1639960.
Clear the pool in ap_push_pool() before recycling.
Submitted by: covener, ylavic
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642859 13f79535-47bb-0310-9956-ffa450edef68
don't call notify_suspend() in a worker thread after
start_lingering_close_common may have put the socket back
into the pollset.
If it becomes readable too quickly, cs can be
free'ed or accessed concurrently.
Submitted by: covener
Reviewed/backported by: jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1642858 13f79535-47bb-0310-9956-ffa450edef68
