Compare commits
8 Commits
a2bfccd1be
...
69c2b2b207
Author | SHA1 | Date |
---|---|---|
Glenn Strauss | 69c2b2b207 | |
Glenn Strauss | cf5644e0c2 | |
Glenn Strauss | 8d13233b69 | |
Glenn Strauss | b1d1202af8 | |
Glenn Strauss | f5b5537ef1 | |
Glenn Strauss | 0e093d66ba | |
Glenn Strauss | 16f16dbfd5 | |
Glenn Strauss | a5581b0319 |
1
INSTALL
1
INSTALL
|
@ -141,6 +141,7 @@ required packages to run test harness ::
|
|||
perl-HTTP-Message
|
||||
perl-IO-HTML
|
||||
perl-LWP-MediaTypes
|
||||
perl-Test-Harness
|
||||
perl-Tie-Function
|
||||
perl-TimeDate
|
||||
|
||||
|
|
5
src/ck.c
5
src/ck.c
|
@ -270,6 +270,11 @@ ck_memeq_const_time (const void *a, const size_t alen, const void *b, const size
|
|||
/* rounds to next multiple of 64 to avoid potentially leaking exact
|
||||
* string lengths when subject to high precision timing attacks
|
||||
*/
|
||||
/* Note: implementation detail
|
||||
* each string is expected to have a valid char one byte after len,
|
||||
* i.e. a[alen] and b[blen], and which must match if the strings match.
|
||||
* (In most use cases, this char is end of string '\0').
|
||||
*/
|
||||
/* Note: some libs provide similar funcs but might not obscure length, e.g.
|
||||
* OpenSSL:
|
||||
* int CRYPTO_memcmp(const void * in_a, const void * in_b, size_t len)
|
||||
|
|
|
@ -5,12 +5,12 @@
|
|||
#include "base_decls.h"
|
||||
#include "buffer.h"
|
||||
|
||||
typedef struct fdlog_st {
|
||||
struct fdlog_st {
|
||||
enum { FDLOG_FILE, FDLOG_FD, FDLOG_SYSLOG, FDLOG_PIPE } mode;
|
||||
int fd;
|
||||
buffer b;
|
||||
const char *fn;
|
||||
} fdlog_st;
|
||||
};
|
||||
|
||||
__attribute_cold__
|
||||
__attribute_returns_nonnull__
|
||||
|
|
3
src/h2.c
3
src/h2.c
|
@ -1742,6 +1742,7 @@ h2_init_con (request_st * const restrict h2r, connection * const restrict con, c
|
|||
con->read_idle_ts = log_monotonic_secs;
|
||||
con->keep_alive_idle = h2r->conf.max_keep_alive_idle;
|
||||
|
||||
/*(h2r->h2_rwin must match value assigned in h2_init_stream())*/
|
||||
h2r->h2_rwin = 65535; /* h2 connection recv window */
|
||||
h2r->h2_swin = 65535; /* h2 connection send window */
|
||||
/* settings sent from peer */ /* initial values */
|
||||
|
@ -2552,7 +2553,7 @@ h2_init_stream (request_st * const h2r, connection * const con)
|
|||
/* XXX: TODO: assign default priority, etc.
|
||||
* Perhaps store stream id and priority in separate table */
|
||||
h2c->r[h2c->rused++] = r;
|
||||
r->h2_rwin = h2c->s_initial_window_size;
|
||||
r->h2_rwin = 65535; /* must keep in sync with h2_init_con() */
|
||||
r->h2_swin = h2c->s_initial_window_size;
|
||||
r->http_version = HTTP_VERSION_2;
|
||||
|
||||
|
|
|
@ -845,6 +845,21 @@ ajp13_recv_parse (request_st * const r, struct http_response_opts_t * const opts
|
|||
r->conf.stream_response_body &=
|
||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||
}
|
||||
#if 0
|
||||
else if ((r->conf.stream_response_body &
|
||||
(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN))
|
||||
&& ( r->http_status == 204
|
||||
|| r->http_status == 205
|
||||
|| r->http_status == 304
|
||||
|| r->http_method == HTTP_METHOD_HEAD)) {
|
||||
/* disable streaming to wait for backend protocol to signal
|
||||
* end of response (prevent http_response_write_prepare()
|
||||
* from short-circuiting and finishing responses without
|
||||
* response body) */
|
||||
r->conf.stream_response_body &=
|
||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
log_error(errh, __FILE__, __LINE__,
|
||||
|
|
|
@ -63,7 +63,7 @@ http_auth_cache_entry_init (const struct http_auth_require_t * const require, co
|
|||
*(store pointer to http_auth_require_t, which is persistent
|
||||
* and will be different for each realm + permissions combo)*/
|
||||
http_auth_cache_entry * const ae =
|
||||
malloc(sizeof(http_auth_cache_entry) + ulen + pwlen);
|
||||
malloc(sizeof(http_auth_cache_entry) + ulen + pwlen+1);
|
||||
force_assert(ae);
|
||||
ae->require = require;
|
||||
ae->ctime = log_monotonic_secs;
|
||||
|
@ -74,6 +74,7 @@ http_auth_cache_entry_init (const struct http_auth_require_t * const require, co
|
|||
ae->pwdigest = ae->username + ulen;
|
||||
memcpy(ae->username, username, ulen);
|
||||
memcpy(ae->pwdigest, pw, pwlen);
|
||||
ae->pwdigest[pwlen] = '\0';
|
||||
return ae;
|
||||
}
|
||||
|
||||
|
|
|
@ -43,28 +43,13 @@
|
|||
* config. However "all" has effect only on connecting IP, as the
|
||||
* X-Forwarded-For header can not be trusted.
|
||||
*
|
||||
* Note: The effect of this module is variable on $HTTP["remotip"] directives and
|
||||
* Note: The effect of this module is variable on $HTTP["remoteip"] directives and
|
||||
* other module's remote ip dependent actions.
|
||||
* Things done by modules before we change the remoteip or after we reset it will match on the proxy's IP.
|
||||
* Things done in between these two moments will match on the real client's IP.
|
||||
* The moment things are done by a module depends on in which hook it does things and within the same hook
|
||||
* on whether they are before/after us in the module loading order
|
||||
* (order in the server.modules directive in the config file).
|
||||
*
|
||||
* Tested behaviours:
|
||||
*
|
||||
* mod_access: Will match on the real client.
|
||||
*
|
||||
* mod_accesslog:
|
||||
* In order to see the "real" ip address in access log ,
|
||||
* you'll have to load mod_extforward after mod_accesslog.
|
||||
* like this:
|
||||
*
|
||||
* server.modules = (
|
||||
* .....
|
||||
* mod_accesslog,
|
||||
* mod_extforward
|
||||
* )
|
||||
*/
|
||||
|
||||
|
||||
|
@ -1218,7 +1203,6 @@ int mod_extforward_plugin_init(plugin *p) {
|
|||
p->handle_connection_accept = mod_extforward_handle_con_accept;
|
||||
p->handle_uri_raw = mod_extforward_uri_handler;
|
||||
p->handle_request_env = mod_extforward_handle_request_env;
|
||||
p->handle_request_done = mod_extforward_restore;
|
||||
p->handle_request_reset = mod_extforward_restore;
|
||||
p->handle_connection_close = mod_extforward_handle_con_close;
|
||||
p->set_defaults = mod_extforward_set_defaults;
|
||||
|
|
|
@ -452,6 +452,21 @@ static handler_t fcgi_recv_parse(request_st * const r, struct http_response_opts
|
|||
r->conf.stream_response_body &=
|
||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||
}
|
||||
#if 0
|
||||
else if ((r->conf.stream_response_body &
|
||||
(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN))
|
||||
&& ( r->http_status == 204
|
||||
|| r->http_status == 205
|
||||
|| r->http_status == 304
|
||||
|| r->http_method == HTTP_METHOD_HEAD)) {
|
||||
/* disable streaming to wait for backend protocol to signal
|
||||
* end of response (prevent http_response_write_prepare()
|
||||
* from short-circuiting and finishing responses without
|
||||
* response body) */
|
||||
r->conf.stream_response_body &=
|
||||
~(FDEVENT_STREAM_RESPONSE|FDEVENT_STREAM_RESPONSE_BUFMIN);
|
||||
}
|
||||
#endif
|
||||
} else if (hctx->send_content_body) {
|
||||
if (0 != mod_fastcgi_transfer_cqlen(r, hctx->rb, packet.len - packet.padding)) {
|
||||
/* error writing to tempfile;
|
||||
|
|
|
@ -4014,9 +4014,8 @@ mod_webdav_propfind (request_st * const r, const plugin_config * const pconf)
|
|||
http_status_set_error(r, 403);
|
||||
return HANDLER_FINISHED;
|
||||
}
|
||||
else if (0 != pb.depth) {
|
||||
http_status_set_error(r, 403);
|
||||
return HANDLER_FINISHED;
|
||||
else {
|
||||
pb.depth = 0;
|
||||
}
|
||||
|
||||
pb.proplist.ptr = NULL;
|
||||
|
|
Loading…
Reference in New Issue