'eval' is of type 'struct sed_eval_s' and 'lnum' is an apr_int64_t.
So use APR_INT64_T_FMT format specifier to be more consistent.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897271 13f79535-47bb-0310-9956-ffa450edef68
It is more straighforward to log the real value returned by apr_file_read() in such a case. The error code is also logged anyway.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897270 13f79535-47bb-0310-9956-ffa450edef68
the input brigade even if done inflating (ctx->done is true), but
don't try to flush the inflate stream in that case. (Caught by
Coverity)
Github: closes#280
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1895552 13f79535-47bb-0310-9956-ffa450edef68
to get their length. This may transform buckets unwanted (e.g. file
to mmap) and prevent optimization down the filter chain.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1892728 13f79535-47bb-0310-9956-ffa450edef68
* leaving mod_nw_ssl and mod_ssl itself untouched
* removing mod_ssl.h includes where no longer necessary
* some modules might skip post_config hooks, but those were left in, even when empty now.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1887364 13f79535-47bb-0310-9956-ffa450edef68
mimetypes like:
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
This mimetypes contains 'xml', but is unfortunately not an xml file.
xml2enc processes these files (in particular, when mod_proxy_html is
used), typically resulting in them being corrupted as it seems to
attempt to perform a ISO-8859-1 to UTF-8 conversion on them.
* modules/filters/mod_xml2enc.c (xml2enc_ffunc): Restrict test for XML
types to matching "+xml".
Submitted by: Joseph Heenan <joseph.heenan fintechlabs.io>
PR: 64339
Github: closes#150
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1884505 13f79535-47bb-0310-9956-ffa450edef68
It helps simplifying a lot of duplicated code based on apr_strtoff(), while
also rejecting leading plus/minus signs which are dissalowed in Content-Length
and (Content-)Range headers.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1877954 13f79535-47bb-0310-9956-ffa450edef68
This avoids having to define AP_REG_NO_* for each APR_REG_* specific option,
thus replacing AP_REG_NO_DOTALL introduced lately.
For ap_rxplus_compile() and mod_substitute where default AP_REG_DOTALL is not
suitable, let's use:
AP_REG_NO_DEFAULT | ap_regcomp_get_default_cflags() & AP_REG_DOLLAR_ENDONLY
to keep the default AP_REG_DOLLAR_ENDONLY unless RegexDefaultOptions unsets it.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1874090 13f79535-47bb-0310-9956-ffa450edef68
Fix gcc 9 warnings in code attempting to reduce gcc warnings.
(should have used expat...)
mod_xml2enc.c:26:28: warning: "/*" within comment [-Wcomment]
26 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
mod_proxy_html.c:32:28: warning: "/*" within comment [-Wcomment]
32 | /* libxml2 includes unicode/*.h files which uses C++ comments */
|
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864464 13f79535-47bb-0310-9956-ffa450edef68
and r1850745 are only known since GCC 4.2. Since it gets
set unconditionally, this breaks compilation with old GCC
even when not using maintainer mode.
Make the fix for maintainer mode more specific by using
a version dependent pragma in the relevant two C files
only switching off error status for comment warnings.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1864435 13f79535-47bb-0310-9956-ffa450edef68
r1837435, r1834553, r1833598, r1833452, r1833383, r1833368.
Undoes the following:
mod_ssl: OpenSSL now initializes fully through APR, use that.
mod_ssl: build with LibreSSL.
LibreSSL seems to be openssl-1.1 API compatible only in version 2.8 (master).
So use that for MODSSL_USE_OPENSSL_PRE_1_1_API instead of 2.7, the two 2.7
compatibility-exceptions are handled explicitely but overall it's simpler.
Regarding CRYPTO_malloc_init vs OPENSSL_malloc_init, libreSSL uses none, the
former used to be a no-op but depends is LIBRESSL_INTERNAL in latest versions,
while the latter has never been (and will never be) defined. So don't call any
with LibreSSL.
Follow up to r1833368: share openssl between modules.
Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto
can use the same crypto library (e.g. openssl), use the new APR crypto loading
API so that they can work together and initialize/terminate the lib either once
for all or on demand and reusable by the others.
Follow up to r1833368: apr_crypto_prng_after_fork() now used a PID.
Make use of the new apr_crypto_rng API if available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1861947 13f79535-47bb-0310-9956-ffa450edef68
r1853901 lowercased the [stage] for MRT_DEFAULT_[stage]_* macros but missed
to change the ones used in reqtimeout_hooks() to initialize the default rate
factors, leading to no default rate in 2.4.39. Fix that now. PR 63325.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1857129 13f79535-47bb-0310-9956-ffa450edef68
It helps both code readability where stages are initilized and potential
logging in the input filter (even if the stage is disabled).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853935 13f79535-47bb-0310-9956-ffa450edef68
The timeouts apply between the process_connection and pre_read_request hooks.
They are disabled by default for compatibily reasons.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853906 13f79535-47bb-0310-9956-ffa450edef68
With a bit of macro magic, this is to avoid more code duplication when adding
new stages (next commit will add TLS/handshake timeouts handling in addition to
existing header and body ones).
No functional change here.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853901 13f79535-47bb-0310-9956-ffa450edef68
On some platforms (e.g. OpenBSD) zlib's input/output counters are off_t
instead of ulong, which resuls in format-string warnings from some
compilers (e.g. clang). Work around this by upcasting to uint64_t.
Discussed on dev@ with ylavic and wrowe
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1849590 13f79535-47bb-0310-9956-ffa450edef68
By the time ap_http_header_filter() sends the header brigade and adds the
"CHUNK" filter, we need to garantee that the header went through all the
filters' stack, and more specifically above ap_http_chunk_filter() which
assumes that all it receives is content data.
Since rate_limit_filter() may retain the header brigade, make it run after
ap_http_chunk_filter(), just before AP_FTYPE_CONNECTION filters.
Also, ap_http_header_filter() shouldn't eat the EOS for HEAD/no-body responses.
For instance mod_ratelimit depends on it since r1835168, but any next request
filter may as well to flush and/or bail out approprietely.
This fixes the regression introduced in 2.4.34 (r1835168).
PR 62568.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837130 13f79535-47bb-0310-9956-ffa450edef68
Provide AP_STATUS_IS_HEADER_ONLY() helper/macro to check for 204 or 304 and
use it where some special treatment is needed when no body is expected.
Some of those places handled 204 only.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1837056 13f79535-47bb-0310-9956-ffa450edef68
mod_ratelimit works by splitting data in "chunks"
to send to the client, sleeping a predefined amount
of time between them (200ms). So for example,
a rate-limit 40 value would correspond to a chunk size
of 8192 bytes, flushed to the client every 200ms.
The idea works fine when httpd directly serves the
content, since the filter will be called once with
a single bucket brigade. In the context of a proxied
content though the filter is likely to be called multiple
times, with a bucket brigade size that corresponds to
the maximum allowed buffer size. If this value is lower
or higher than the chunk size, the filter will not
properly rate limit the data going to the client.
This patch solves the problem with two fix:
1) do_sleep is now stored in the ctx context struct,
so if the filter is invoked multiple times it
will still sleep when needed. For example, say
that the chunk_size is 8192 and the bucket brigate
len is 10240: the filter will flush 8192 bytes
on the first invocation, sleep 200ms, flush the
remaining bytes and then finish. The next invocation
will do the same, clearly not leading to the
correct "sleeping pattern".
2) The example above highlights also another issue:
mod_ratelimit should flush only chunk_size bytes
at the time (I am now excluding the burst calculation
from the picture), and buffer between invocations
unless the brigade contains EOS.
The change has been tested with various scenarios and
it looks working as expected, but of course more
feedback/testing is welcome.
The original patch was written by me and then Yann
refactored the code to be more precise and efficient,
basically transforming an axe in a wonderful Japanese
katana sword, so credits to him for this work.
PR: 62362
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833875 13f79535-47bb-0310-9956-ffa450edef68
Both libapr[-util], the core PRNG, mod_ssl, mod_crypto and mod_session_crypto
can use the same crypto library (e.g. openssl), use the new APR crypto loading
API so that they can work together and initialize/terminate the lib either once
for all or on demand and reusable by the others.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1833452 13f79535-47bb-0310-9956-ffa450edef68
Use apr_pstrmemdup instead of apr_pstrndup when possible.
Avoid scanning the first 2 bytes when looking for the | delimiter. it is known to be "${".
Avoid comma separated statements, it is not that usual.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1830943 13f79535-47bb-0310-9956-ffa450edef68
