Compare commits
8 Commits
a2bfccd1be
...
69c2b2b207
Author | SHA1 | Date |
---|---|---|
Glenn Strauss | 69c2b2b207 | |
Glenn Strauss | cf5644e0c2 | |
Glenn Strauss | 8d13233b69 | |
Glenn Strauss | b1d1202af8 | |
Glenn Strauss | f5b5537ef1 | |
Glenn Strauss | 0e093d66ba | |
Glenn Strauss | 16f16dbfd5 | |
Glenn Strauss | a5581b0319 |
1
INSTALL
1
INSTALL
|
@ -141,6 +141,7 @@ required packages to run test harness ::
|
||||||
perl-HTTP-Message
|
perl-HTTP-Message
|
||||||
perl-IO-HTML
|
perl-IO-HTML
|
||||||
perl-LWP-MediaTypes
|
perl-LWP-MediaTypes
|
||||||
|
perl-Test-Harness
|
||||||
perl-Tie-Function
|
perl-Tie-Function
|
||||||
perl-TimeDate
|
perl-TimeDate
|
||||||
|
|
||||||
|
|
5
src/ck.c
5
src/ck.c
|
@ -270,6 +270,11 @@ ck_memeq_const_time (const void *a, const size_t alen, const void *b, const size
|
||||||
/* rounds to next multiple of 64 to avoid potentially leaking exact
|
/* rounds to next multiple of 64 to avoid potentially leaking exact
|
||||||
* string lengths when subject to high precision timing attacks
|
* string lengths when subject to high precision timing attacks
|
||||||
*/
|
*/
|
||||||
|
/* Note: implementation detail
|
||||||
|
* each string is expected to have a valid char one byte after len,
|
||||||
|
* i.e. a[alen] and b[blen], and which must match if the strings match.
|
||||||
|
* (In most use cases, this char is end of string '\0').
|
||||||
|
*/
|
||||||
/* Note: some libs provide similar funcs but might not obscure length, e.g.
|
/* Note: some libs provide similar funcs but might not obscure length, e.g.
|
||||||
* OpenSSL:
|
* OpenSSL:
|
||||||
* int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
|
* int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
|
||||||
|
|
|
@ -5,12 +5,12 @@
|
||||||
#include "base_decls.h"
|
#include "base_decls.h"
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
|
|
||||||
typedef struct fdlog_st {
|
struct fdlog_st {
|
||||||
enum { FDLOG_FILE, FDLOG_FD, FDLOG_SYSLOG, FDLOG_PIPE } mode;
|
enum { FDLOG_FILE, FDLOG_FD, FDLOG_SYSLOG, FDLOG_PIPE } mode;
|
||||||
int fd;
|
int fd;
|
||||||
buffer b;
|
buffer b;
|
||||||
const char *fn;
|
const char *fn;
|
||||||
} fdlog_st;
|
};
|
||||||
|
|
||||||
__attribute_cold__
|
__attribute_cold__
|
||||||
__attribute_returns_nonnull__
|
__attribute_returns_nonnull__
|
||||||
|
|
3
src/h2.c
3
src/h2.c
|
@ -1742,6 +1742,7 @@ h2_init_con (request_st * const restrict h2r, connection * const restrict con, c
|
||||||
con->read_idle_ts = log_monotonic_secs;
|
con->read_idle_ts = log_monotonic_secs;
|
||||||
con->keep_alive_idle = h2r->conf.max_keep_alive_idle;
|
con->keep_alive_idle = h2r->conf.max_keep_alive_idle;
|
||||||
|
|
||||||
|
/*(h2r->h2_rwin must match value assigned in h2_init_stream())*/
|
||||||
h2r->h2_rwin = 65535; /* h2 connection recv window */
|
h2r->h2_rwin = 65535; /* h2 connection recv window */
|
||||||
h2r->h2_swin = 65535; /* h2 connection send window */
|
h2r->h2_swin = 65535; /* h2 connection send window */
|
||||||
/* settings sent from peer */ /* initial values */
|
/* settings sent from peer */ /* initial values */
|
||||||
|
@ -2552,7 +2553,7 @@ h2_init_stream (request_st * const h2r, connection * const con)
|
||||||
/* XXX: TODO: assign default priority, etc.
|
/* XXX: TODO: assign default priority, etc.
|
||||||
* Perhaps store stream id and priority in separate table */
|
* Perhaps store stream id and priority in separate table */
|
||||||
h2c->r[h2c->rused++] = r;
|
h2c->r[h2c->rused++] = r;
|
||||||
r->h2_rwin = h2c->s_initial_window_size;
|
r->h2_rwin = 65535; /* must keep in sync with h2_init_con() */
|
||||||
r->h2_swin = h2c->s_initial_window_size;
|
r->h2_swin = h2c->s_initial_window_size;
|
||||||
r->http_version = HTTP_VERSION_2;
|
r->http_version = HTTP_VERSION_2;
|
||||||
|
|
||||||
|
|
|
@ -845,6 +845,21 @@ ajp13_recv_parse (request_st * const r, struct http_response_opts_t * const opts
|
||||||
r->conf.stream_response_body &=
|
r->conf.stream_response_body &=
|
||||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||||
}
|
}
|
||||||
|
#if 0
|
||||||
|
else if ((r->conf.stream_response_body &
|
||||||
|
(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN))
|
||||||
|
&& ( r->http_status == 204
|
||||||
|
|| r->http_status == 205
|
||||||
|
|| r->http_status == 304
|
||||||
|
|| r->http_method == HTTP_METHOD_HEAD)) {
|
||||||
|
/* disable streaming to wait for backend protocol to signal
|
||||||
|
* end of response (prevent http_response_write_prepare()
|
||||||
|
* from short-circuiting and finishing responses without
|
||||||
|
* response body) */
|
||||||
|
r->conf.stream_response_body &=
|
||||||
|
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
log_error(errh, __FILE__, __LINE__,
|
log_error(errh, __FILE__, __LINE__,
|
||||||
|
|
|
@ -63,7 +63,7 @@ http_auth_cache_entry_init (const struct http_auth_require_t * const require, co
|
||||||
*(store pointer to http_auth_require_t, which is persistent
|
*(store pointer to http_auth_require_t, which is persistent
|
||||||
* and will be different for each realm + permissions combo)*/
|
* and will be different for each realm + permissions combo)*/
|
||||||
http_auth_cache_entry * const ae =
|
http_auth_cache_entry * const ae =
|
||||||
malloc(sizeof(http_auth_cache_entry) + ulen + pwlen);
|
malloc(sizeof(http_auth_cache_entry) + ulen + pwlen+1);
|
||||||
force_assert(ae);
|
force_assert(ae);
|
||||||
ae->require = require;
|
ae->require = require;
|
||||||
ae->ctime = log_monotonic_secs;
|
ae->ctime = log_monotonic_secs;
|
||||||
|
@ -74,6 +74,7 @@ http_auth_cache_entry_init (const struct http_auth_require_t * const require, co
|
||||||
ae->pwdigest = ae->username + ulen;
|
ae->pwdigest = ae->username + ulen;
|
||||||
memcpy(ae->username, username, ulen);
|
memcpy(ae->username, username, ulen);
|
||||||
memcpy(ae->pwdigest, pw, pwlen);
|
memcpy(ae->pwdigest, pw, pwlen);
|
||||||
|
ae->pwdigest[pwlen] = '\0';
|
||||||
return ae;
|
return ae;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -43,28 +43,13 @@
|
||||||
* config. However "all" has effect only on connecting IP, as the
|
* config. However "all" has effect only on connecting IP, as the
|
||||||
* X-Forwarded-For header can not be trusted.
|
* X-Forwarded-For header can not be trusted.
|
||||||
*
|
*
|
||||||
* Note: The effect of this module is variable on $HTTP["remotip"] directives and
|
* Note: The effect of this module is variable on $HTTP["remoteip"] directives and
|
||||||
* other module's remote ip dependent actions.
|
* other module's remote ip dependent actions.
|
||||||
* Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
|
* Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
|
||||||
* Things done in between these two moments will match on the real client's IP.
|
* Things done in between these two moments will match on the real client's IP.
|
||||||
* The moment things are done by a module depends on in which hook it does things and within the same hook
|
* The moment things are done by a module depends on in which hook it does things and within the same hook
|
||||||
* on whether they are before/after us in the module loading order
|
* on whether they are before/after us in the module loading order
|
||||||
* (order in the server.modules directive in the config file).
|
* (order in the server.modules directive in the config file).
|
||||||
*
|
|
||||||
* Tested behaviours:
|
|
||||||
*
|
|
||||||
* mod_access: Will match on the real client.
|
|
||||||
*
|
|
||||||
* mod_accesslog:
|
|
||||||
* In order to see the "real" ip address in access log ,
|
|
||||||
* you'll have to load mod_extforward after mod_accesslog.
|
|
||||||
* like this:
|
|
||||||
*
|
|
||||||
* server.modules = (
|
|
||||||
* .....
|
|
||||||
* mod_accesslog,
|
|
||||||
* mod_extforward
|
|
||||||
* )
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
@ -1218,7 +1203,6 @@ int mod_extforward_plugin_init(plugin *p) {
|
||||||
p->handle_connection_accept = mod_extforward_handle_con_accept;
|
p->handle_connection_accept = mod_extforward_handle_con_accept;
|
||||||
p->handle_uri_raw = mod_extforward_uri_handler;
|
p->handle_uri_raw = mod_extforward_uri_handler;
|
||||||
p->handle_request_env = mod_extforward_handle_request_env;
|
p->handle_request_env = mod_extforward_handle_request_env;
|
||||||
p->handle_request_done = mod_extforward_restore;
|
|
||||||
p->handle_request_reset = mod_extforward_restore;
|
p->handle_request_reset = mod_extforward_restore;
|
||||||
p->handle_connection_close = mod_extforward_handle_con_close;
|
p->handle_connection_close = mod_extforward_handle_con_close;
|
||||||
p->set_defaults = mod_extforward_set_defaults;
|
p->set_defaults = mod_extforward_set_defaults;
|
||||||
|
|
|
@ -452,6 +452,21 @@ static handler_t fcgi_recv_parse(request_st * const r, struct http_response_opts
|
||||||
r->conf.stream_response_body &=
|
r->conf.stream_response_body &=
|
||||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||||
}
|
}
|
||||||
|
#if 0
|
||||||
|
else if ((r->conf.stream_response_body &
|
||||||
|
(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN))
|
||||||
|
&& ( r->http_status == 204
|
||||||
|
|| r->http_status == 205
|
||||||
|
|| r->http_status == 304
|
||||||
|
|| r->http_method == HTTP_METHOD_HEAD)) {
|
||||||
|
/* disable streaming to wait for backend protocol to signal
|
||||||
|
* end of response (prevent http_response_write_prepare()
|
||||||
|
* from short-circuiting and finishing responses without
|
||||||
|
* response body) */
|
||||||
|
r->conf.stream_response_body &=
|
||||||
|
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
} else if (hctx->send_content_body) {
|
} else if (hctx->send_content_body) {
|
||||||
if (0 != mod_fastcgi_transfer_cqlen(r, hctx->rb, packet.len - packet.padding)) {
|
if (0 != mod_fastcgi_transfer_cqlen(r, hctx->rb, packet.len - packet.padding)) {
|
||||||
/* error writing to tempfile;
|
/* error writing to tempfile;
|
||||||
|
|
|
@ -4014,9 +4014,8 @@ mod_webdav_propfind (request_st * const r, const plugin_config * const pconf)
|
||||||
http_status_set_error(r, 403);
|
http_status_set_error(r, 403);
|
||||||
return HANDLER_FINISHED;
|
return HANDLER_FINISHED;
|
||||||
}
|
}
|
||||||
else if (0 != pb.depth) {
|
else {
|
||||||
http_status_set_error(r, 403);
|
pb.depth = 0;
|
||||||
return HANDLER_FINISHED;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pb.proplist.ptr = NULL;
|
pb.proplist.ptr = NULL;
|
||||||
|
|
Loading…
Reference in New Issue