Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
apache2
httpd-2.4.x-fate317766-config-control-two-proto...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.4.x-fate317766-config-control-two-protocol-options.diff of Package apache2
From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001 From: Justin Erenkrantz <jerenkrantz@apache.org> Date: Mon, 30 Dec 2013 20:01:14 +0000 Subject: [PATCH] Add directives to control two protocol options: HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD HttpExpectStrict - allow admin to control whether we must see "100-continue" This is helpful when using Ceph's radosgw and httpd. Inspired by: Yehuda Sadeh <yehuda@inktank.com> See https://github.com/ceph/apache2/commits/precise * include/http_core.h (core_server_config): Add http_cl_head_zero and http_expect_strict fields. * modules/http/http_filters.c (ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not explictly set. * server/core.c (merge_core_server_configs): Add new fields. (set_cl_head_zero, set_expect_strict): New config helpers. (HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives. * server/protocol.c (ap_read_request): Allow http_expect_strict to control if we return 417. * include/ap_mmn.h (MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump. * CHANGES: Add a brief description. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68 Conflicts: CHANGES include/ap_mmn.h include/http_core.h server/core.c --- CHANGES | 3 +++ include/ap_mmn.h | 4 +++- include/http_core.h | 9 +++++++++ modules/http/http_filters.c | 10 +++++++++- server/core.c | 36 ++++++++++++++++++++++++++++++++++++ server/protocol.c | 25 +++++++++++++++++-------- 6 files changed, 77 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 14ede61..6fd8b9d 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,9 @@ Changes with Apache 2.4.10 + *) Add HttpContentLengthHeadZero and HttpExpectStrict directives. + [Yehuda Sadeh <yehuda inktank com>, Justin Erenkrantz] + *) SECURITY: CVE-2014-0117 (cve.mitre.org) mod_proxy: Fix crash in Connection header handling which allowed a denial of service attack against a reverse proxy diff --git a/include/http_core.h b/include/http_core.h index 8730d1f..d3b2152 100644 --- a/include/http_core.h +++ b/include/http_core.h @@ -668,6 +668,15 @@ typedef struct { #define AP_TRACE_EXTENDED 2 int trace_enable; +#define AP_HTTP_CL_HEAD_ZERO_UNSET 0 +#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1 +#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2 + int http_cl_head_zero; + +#define AP_HTTP_EXPECT_STRICT_UNSET 0 +#define AP_HTTP_EXPECT_STRICT_ENABLE 1 +#define AP_HTTP_EXPECT_STRICT_DISABLE 2 + int http_expect_strict; } core_server_config; /* for AddOutputFiltersByType in core.c */ diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c index 2a0a979..e564fb4 100644 --- a/modules/http/http_filters.c +++ b/modules/http/http_filters.c @@ -1177,6 +1177,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, header_filter_ctx *ctx = f->ctx; const char *ctype; ap_bucket_error *eb = NULL; + core_server_config *conf; AP_DEBUG_ASSERT(!r->main); @@ -1317,10 +1318,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f, * zero C-L to the client. We can't just remove the C-L filter, * because well behaved 2.0 handlers will send their data down the stack, * and we will compute a real C-L for the head request. RBB + * + * Allow modification of this behavior through the + * HttpContentLengthHeadZero directive. + * + * The default (unset) behavior is to squelch the C-L in this case. */ + conf = ap_get_core_module_config(r->server->module_config); if (r->header_only && (clheader = apr_table_get(r->headers_out, "Content-Length")) - && !strcmp(clheader, "0")) { + && !strcmp(clheader, "0") + && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) { apr_table_unset(r->headers_out, "Content-Length"); } diff --git a/server/core.c b/server/core.c index dd1a375..c63c5fd 100644 --- a/server/core.c +++ b/server/core.c @@ -503,6 +503,12 @@ static void *merge_core_server_configs(apr_pool_t *p, void *basev, void *virtv) if (virt->trace_enable != AP_TRACE_UNSET) conf->trace_enable = virt->trace_enable; + if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET) + conf->http_cl_head_zero = virt->http_cl_head_zero; + + if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET) + conf->http_expect_strict = virt->http_expect_strict; + /* no action for virt->accf_map, not allowed per-vhost */ if (virt->protocol) @@ -3630,6 +3636,32 @@ static const char *set_trace_enable(cmd_parms *cmd, void *dummy, return NULL; } +static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + + if (arg) { + conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE; + } else { + conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE; + } + return NULL; +} + +static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg) +{ + core_server_config *conf = + ap_get_core_module_config(cmd->server->module_config); + + if (arg) { + conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE; + } else { + conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE; + } + return NULL; +} + static apr_hash_t *errorlog_hash; static int log_constant_item(const ap_errorlog_info *info, const char *arg, @@ -4129,6 +4161,10 @@ AP_INIT_TAKE1("EnableExceptionHook", ap_mpm_set_exception_hook, NULL, RSRC_CONF, #endif AP_INIT_TAKE1("TraceEnable", set_trace_enable, NULL, RSRC_CONF, "'on' (default), 'off' or 'extended' to trace request body content"), +AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS, + "whether to permit Content-Length of 0 responses to HEAD requests"), +AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS, + "whether to return a 417 if a client doesn't send 100-Continue"), { NULL } }; diff --git a/server/protocol.c b/server/protocol.c index bf915a0..5b35e0c 100644 --- a/server/protocol.c +++ b/server/protocol.c @@ -1126,14 +1126,23 @@ request_rec *ap_read_request(conn_rec *conn) r->expecting_100 = 1; } else { - r->status = HTTP_EXPECTATION_FAILED; - ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) - "client sent an unrecognized expectation value of " - "Expect: %s", expect); - ap_send_error_response(r, 0); - ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); - ap_run_log_transaction(r); - goto traceout; + core_server_config *conf; + + conf = ap_get_core_module_config(r->server->module_config); + if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) { + r->status = HTTP_EXPECTATION_FAILED; + ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570) + "client sent an unrecognized expectation value " + "of Expect: %s", expect); + ap_send_error_response(r, 0); + ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r); + ap_run_log_transaction(r); + goto traceout; + } else { + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570) + "client sent an unrecognized expectation value " + "of Expect (not fatal): %s", expect); + } } } -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor