Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
apache2.511
httpd-2.4.9-bnc690734.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.4.9-bnc690734.patch of Package apache2.511
diff -rNU 100 ../httpd-2.4.9-o/server/util_script.c ./server/util_script.c --- ../httpd-2.4.9-o/server/util_script.c 2013-09-14 16:12:54.000000000 +0200 +++ ./server/util_script.c 2014-04-30 09:35:29.000000000 +0200 @@ -325,336 +325,348 @@ } first = r->the_request; /* use the request-line */ while (*first && !apr_isspace(*first)) { ++first; /* skip over the method */ } while (apr_isspace(*first)) { ++first; /* and the space(s) */ } last = first; while (*last && !apr_isspace(*last)) { ++last; /* end at next whitespace */ } return apr_pstrmemdup(r->pool, first, last - first); } AP_DECLARE(void) ap_add_cgi_vars(request_rec *r) { apr_table_t *e = r->subprocess_env; apr_table_setn(e, "GATEWAY_INTERFACE", "CGI/1.1"); apr_table_setn(e, "SERVER_PROTOCOL", r->protocol); apr_table_setn(e, "REQUEST_METHOD", r->method); apr_table_setn(e, "QUERY_STRING", r->args ? r->args : ""); apr_table_setn(e, "REQUEST_URI", original_uri(r)); /* Note that the code below special-cases scripts run from includes, * because it "knows" that the sub_request has been hacked to have the * args and path_info of the original request, and not any that may have * come with the script URI in the include command. Ugh. */ if (!strcmp(r->protocol, "INCLUDED")) { apr_table_setn(e, "SCRIPT_NAME", r->uri); if (r->path_info && *r->path_info) { apr_table_setn(e, "PATH_INFO", r->path_info); } } else if (!r->path_info || !*r->path_info) { apr_table_setn(e, "SCRIPT_NAME", r->uri); } else { int path_info_start = ap_find_path_info(r->uri, r->path_info); apr_table_setn(e, "SCRIPT_NAME", apr_pstrndup(r->pool, r->uri, path_info_start)); apr_table_setn(e, "PATH_INFO", r->path_info); } if (r->path_info && r->path_info[0]) { /* * To get PATH_TRANSLATED, treat PATH_INFO as a URI path. * Need to re-escape it for this, since the entire URI was * un-escaped before we determined where the PATH_INFO began. */ request_rec *pa_req; pa_req = ap_sub_req_lookup_uri(ap_escape_uri(r->pool, r->path_info), r, NULL); if (pa_req->filename) { char *pt = apr_pstrcat(r->pool, pa_req->filename, pa_req->path_info, NULL); #ifdef WIN32 /* We need to make this a real Windows path name */ apr_filepath_merge(&pt, "", pt, APR_FILEPATH_NATIVE, r->pool); #endif apr_table_setn(e, "PATH_TRANSLATED", pt); } ap_destroy_sub_req(pa_req); } } static int set_cookie_doo_doo(void *v, const char *key, const char *val) { apr_table_addn(v, key, val); return 1; } #define HTTP_UNSET (-HTTP_OK) #define SCRIPT_LOG_MARK __FILE__,__LINE__,module_index AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer, int (*getsfunc) (char *, int, void *), void *getsfunc_data, int module_index) { char x[MAX_STRING_LEN]; char *w, *l; int p; int cgi_status = HTTP_UNSET; apr_table_t *merge; apr_table_t *cookie_table; int trace_log = APLOG_R_MODULE_IS_LEVEL(r, module_index, APLOG_TRACE1); int first_header = 1; + int wlen; if (buffer) { *buffer = '\0'; } - w = buffer ? buffer : x; + + if (r->server->limit_req_fieldsize + 2 > MAX_STRING_LEN) { + w = apr_palloc(r->pool, r->server->limit_req_fieldsize + 2); + wlen = r->server->limit_req_fieldsize + 2; + } else { + w = buffer ? buffer : x; + wlen = MAX_STRING_LEN; + } + /* temporary place to hold headers to merge in later */ merge = apr_table_make(r->pool, 10); /* The HTTP specification says that it is legal to merge duplicate * headers into one. Some browsers that support Cookies don't like * merged headers and prefer that each Set-Cookie header is sent * separately. Lets humour those browsers by not merging. * Oh what a pain it is. */ cookie_table = apr_table_make(r->pool, 2); apr_table_do(set_cookie_doo_doo, cookie_table, r->err_headers_out, "Set-Cookie", NULL); while (1) { - int rv = (*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data); + int rv = (*getsfunc) (w, wlen - 1, getsfunc_data); if (rv == 0) { const char *msg = "Premature end of script headers"; if (first_header) msg = "End of script output before headers"; ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, "%s: %s", msg, apr_filepath_name_get(r->filename)); return HTTP_INTERNAL_SERVER_ERROR; } else if (rv == -1) { ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, "Script timed out before returning headers: %s", apr_filepath_name_get(r->filename)); return HTTP_GATEWAY_TIME_OUT; } /* Delete terminal (CR?)LF */ p = strlen(w); /* Indeed, the host's '\n': '\012' for UNIX; '\015' for MacOS; '\025' for OS/390 -- whatever the script generates. */ if (p > 0 && w[p - 1] == '\n') { if (p > 1 && w[p - 2] == CR) { w[p - 2] = '\0'; } else { w[p - 1] = '\0'; } } /* * If we've finished reading the headers, check to make sure any * HTTP/1.1 conditions are met. If so, we're done; normal processing * will handle the script's output. If not, just return the error. * The appropriate thing to do would be to send the script process a * SIGPIPE to let it know we're ignoring it, close the channel to the * script process, and *then* return the failed-to-meet-condition * error. Otherwise we'd be waiting for the script to finish * blithering before telling the client the output was no good. * However, we don't have the information to do that, so we have to * leave it to an upper layer. */ if (w[0] == '\0') { int cond_status = OK; /* PR#38070: This fails because it gets confused when a * CGI Status header overrides ap_meets_conditions. * * We can fix that by dropping ap_meets_conditions when * Status has been set. Since this is the only place * cgi_status gets used, let's test it explicitly. * * The alternative would be to ignore CGI Status when * ap_meets_conditions returns anything interesting. * That would be safer wrt HTTP, but would break CGI. */ if ((cgi_status == HTTP_UNSET) && (r->method_number == M_GET)) { cond_status = ap_meets_conditions(r); } apr_table_overlap(r->err_headers_out, merge, APR_OVERLAP_TABLES_MERGE); if (!apr_is_empty_table(cookie_table)) { /* the cookies have already been copied to the cookie_table */ apr_table_unset(r->err_headers_out, "Set-Cookie"); r->err_headers_out = apr_table_overlay(r->pool, r->err_headers_out, cookie_table); } return cond_status; } if (trace_log) { if (first_header) ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE4, 0, r, "Headers from script '%s':", apr_filepath_name_get(r->filename)); ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE4, 0, r, " %s", w); } /* if we see a bogus header don't ignore it. Shout and scream */ #if APR_CHARSET_EBCDIC /* Chances are that we received an ASCII header text instead of * the expected EBCDIC header lines. Try to auto-detect: */ if (!(l = strchr(w, ':'))) { int maybeASCII = 0, maybeEBCDIC = 0; unsigned char *cp, native; apr_size_t inbytes_left, outbytes_left; for (cp = w; *cp != '\0'; ++cp) { native = apr_xlate_conv_byte(ap_hdrs_from_ascii, *cp); if (apr_isprint(*cp) && !apr_isprint(native)) ++maybeEBCDIC; if (!apr_isprint(*cp) && apr_isprint(native)) ++maybeASCII; } if (maybeASCII > maybeEBCDIC) { ap_log_error(SCRIPT_LOG_MARK, APLOG_ERR, 0, r->server, "CGI Interface Error: Script headers apparently ASCII: (CGI = %s)", r->filename); inbytes_left = outbytes_left = cp - w; apr_xlate_conv_buffer(ap_hdrs_from_ascii, w, &inbytes_left, w, &outbytes_left); } } #endif /*APR_CHARSET_EBCDIC*/ if (!(l = strchr(w, ':'))) { if (!buffer) { /* Soak up all the script output - may save an outright kill */ - while ((*getsfunc)(w, MAX_STRING_LEN - 1, getsfunc_data) > 0) { + while ((*getsfunc) (w, wlen - 1, getsfunc_data)) { continue; } - } + } else if (w != buffer) { + strncpy(buffer, w, MAX_STRING_LEN - 1); + buffer[MAX_STRING_LEN - 1] = 0; + } ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, "malformed header from script '%s': Bad header: %.30s", apr_filepath_name_get(r->filename), w); return HTTP_INTERNAL_SERVER_ERROR; } *l++ = '\0'; while (apr_isspace(*l)) { ++l; } if (!strcasecmp(w, "Content-type")) { char *tmp; /* Nuke trailing whitespace */ char *endp = l + strlen(l) - 1; while (endp > l && apr_isspace(*endp)) { *endp-- = '\0'; } tmp = apr_pstrdup(r->pool, l); ap_content_type_tolower(tmp); ap_set_content_type(r, tmp); } /* * If the script returned a specific status, that's what * we'll use - otherwise we assume 200 OK. */ else if (!strcasecmp(w, "Status")) { r->status = cgi_status = atoi(l); if (!ap_is_HTTP_VALID_RESPONSE(cgi_status)) ap_log_rerror(SCRIPT_LOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r, "Invalid status line from script '%s': %.30s", apr_filepath_name_get(r->filename), l); else if (APLOGrtrace1(r)) ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE1, 0, r, "Status line from script '%s': %.30s", apr_filepath_name_get(r->filename), l); r->status_line = apr_pstrdup(r->pool, l); } else if (!strcasecmp(w, "Location")) { apr_table_set(r->headers_out, w, l); } else if (!strcasecmp(w, "Content-Length")) { apr_table_set(r->headers_out, w, l); } else if (!strcasecmp(w, "Content-Range")) { apr_table_set(r->headers_out, w, l); } else if (!strcasecmp(w, "Transfer-Encoding")) { apr_table_set(r->headers_out, w, l); } else if (!strcasecmp(w, "ETag")) { apr_table_set(r->headers_out, w, l); } /* * If the script gave us a Last-Modified header, we can't just * pass it on blindly because of restrictions on future values. */ else if (!strcasecmp(w, "Last-Modified")) { ap_update_mtime(r, apr_date_parse_http(l)); ap_set_last_modified(r); } else if (!strcasecmp(w, "Set-Cookie")) { apr_table_add(cookie_table, w, l); } else { apr_table_add(merge, w, l); } first_header = 0; } /* never reached - we leave this function within the while loop above */ return OK; } AP_DECLARE(int) ap_scan_script_header_err_core(request_rec *r, char *buffer, int (*getsfunc) (char *, int, void *), void *getsfunc_data) { return ap_scan_script_header_err_core_ex(r, buffer, getsfunc, getsfunc_data, APLOG_MODULE_INDEX); } static int getsfunc_FILE(char *buf, int len, void *f) { return apr_file_gets(buf, len, (apr_file_t *) f) == APR_SUCCESS; } AP_DECLARE(int) ap_scan_script_header_err(request_rec *r, apr_file_t *f, char *buffer) { return ap_scan_script_header_err_core_ex(r, buffer, getsfunc_FILE, f, APLOG_MODULE_INDEX); } AP_DECLARE(int) ap_scan_script_header_err_ex(request_rec *r, apr_file_t *f,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor