- These flags are not for apr_dir_ function. Clarify comment.
- Initialize 'depth', especially when AP_DIR_FLAG_RECURSIVE is explicitelly required.
- Avoid an harmless over-allocation .
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1853302 13f79535-47bb-0310-9956-ffa450edef68
Introduce opaque struct ap_filter_private to move ap_filter_t "pending", "bb"
and "deferred_pool" fields to the "priv" side of things.
This allows to trust values set internally (only!) in util_filter code, and
make useful assertions between the different functions calls, along with the
usual nice extensibility property.
Likewise, the private struct ap_filter_conn_ctx in conn_rec (from r1839997)
allows now to implement the new ap_acquire_brigade() and ap_release_brigade()
functions useful to get a brigade with c->pool's lifetime. They obsolete
ap_reuse_brigade_from_pool() which is replaced where previously used.
Some comments added in ap_request_core_filter() regarding the lifetime of the
data it plays with, up to EOR...
MAJOR bumped (once again).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1840149 13f79535-47bb-0310-9956-ffa450edef68
'ap_unescape_urlencoded()' suggests that NULL can be passed to 'unescape_url()'.
So avoid a potential 'strchr(NULL, ...)' which is an undefined behavior.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1838270 13f79535-47bb-0310-9956-ffa450edef68
Current RETRIEVE_BRIGADE_FROM_POOL macro from "http_request.c" is turned into
a helper and used in ap_request_core_filter().
We will need it in a subsequent commit in "util_filter.c" too.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1836018 13f79535-47bb-0310-9956-ffa450edef68
ap_pbase64decode_strict() adds to the functionality of
ap_pbase64decode() in two ways:
- the length of the decoded buffer is returned, allowing embedded NULLs
to be retained by the caller
- the input string is strictly checked for Base64 validity, including
correct zero-padding at the end of the string
(This was originally added to the httpdunit feature/backport branch in
r1796208, then reverted in r1799376, since it's currently intended for
trunk only.)
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799380 13f79535-47bb-0310-9956-ffa450edef68
In the aftermath of CVE-2017-7668, decouple the business logic ("is NULL
a T_HTTP_CTRL") from the postcondition ("must not go past the end of the
string"). The NULL-byte classification in the TEST_CHAR table may change
in the future.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799375 13f79535-47bb-0310-9956-ffa450edef68
no application for this yet in httpd, so hold off adding this function when
we backport the enhancements. ap_scan_http_token was entirely sufficient.
If the community wants this new function, we can add it when backporting
work is complete.
This patch, and the earlier patches Friday actually demanded an mmn major
bump due to struct member changes. In any final backport, new members must
be added to the end of the struct to retain an mmn minor designation.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1765451 13f79535-47bb-0310-9956-ffa450edef68
and inefficient application at that, added ap_scan_vchar_obstext()
to accomplish a similar purpose.
Dropped HttpProtocolOptions StrictURL option, this will be better
handled in the future with a specific directive and perhaps multiple
levels of scrutiny, use ap_scan_vchar_obstext() to simply ensure there
are no control characters or whitespace within the URI.
Changed the scanning of the response header table by check_headers()
to follow the same rulesets as reading request headers. Disallow any
CTL character within a response header value, and any CTL or whitespace
in response header field name, even in strict mode.
Apply HttpProtocolOptions Strict to chunk header parsing, invalid
whitespace is invalid, line termination must follow CRLF convention.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1764961 13f79535-47bb-0310-9956-ffa450edef68
is that it becomes impossible to cleanly merge into branches/2.4.x.
Reverting this one functional/historical edit, to recommit for merging.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1747477 13f79535-47bb-0310-9956-ffa450edef68
just like ap_getword_conf[_nc] but allows for {} to be
used as word quotes. That is:
{Hello World} Foo Bar
"Hello World" Foo Bar
are equiv.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1722321 13f79535-47bb-0310-9956-ffa450edef68
use of curlies... That is:
"Hello World" Foo Bar
and
{Hello World} Foo Bar
will both return the same if using ap_getword_conf2()
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1722243 13f79535-47bb-0310-9956-ffa450edef68
This simply provides it. Next step is to change all uses of
str[n]casecmp to ap_str[n]casecmp and *then* remove those silly
logic paths where we check the 1st char of a string before
we do the strcasecmp (since this is no longer expensive).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1715401 13f79535-47bb-0310-9956-ffa450edef68
