dgaudet 99/06/04 10:15:53
Modified: htdocs/manual content-negotiation.html
src CHANGES
src/modules/standard mod_negotiation.c
Log:
This patch removes the processing of `mxb' parameters in Accept
headers in mod_negotiation. A second patch updates the manual to
reflect this (mxb is not documented directly in the manual but support
for it is implied in one place).
Reasons for removing this feature:
1) As currently implemented, the 'mxb' feature makes possible certain
denial-of-service attacks on negotiated content. These attacks are
posssible for user communities which access an Apache server from
behind a HTTP/1.1 proxy which implements `Vary' related optimisations.
Plugging this denial of service hole without removing `mxb' is fairly
expensive in terms of degrading caching efficiency.
2) `mxb' is not in HTTP/1.0 or HTTP/1.1 or any other standard
3) Nobody seems to make use of 'mxb'. (Balachander Krishnamurthy
kindly offered to grep some of his web traffic traces -- he did not
find a single Accept with mxb in a whole day of recent traffic, nor in
older traces)
4) Removing a feature makes a nice change from adding features.
Submitted by: Koen Holtman <[EMAIL PROTECTED]>
Revision Changes Path
1.22 +3 -4 apache-1.3/htdocs/manual/content-negotiation.html
Index: content-negotiation.html
===================================================================
RCS file: /home/cvs/apache-1.3/htdocs/manual/content-negotiation.html,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- content-negotiation.html 1999/03/19 21:23:19 1.21
+++ content-negotiation.html 1999/06/04 17:15:48 1.22
@@ -196,10 +196,9 @@
for compress'd files, and <CODE>x-gzip</CODE> for gzip'd files.
The <CODE>x-</CODE> prefix is ignored for encoding comparisons.
<DT> <CODE>Content-Length:</CODE>
- <DD> The size of the file. Clients can ask to receive a given media
- type only if the variant isn't too big; specifying a content
- length in the map allows the server to compare against these
- thresholds without checking the actual file.
+ <DD> The size of the file. Specifying content
+ lengths in the type-map allows the server to compare file sizes
+ without checking the actual files.
<DT> <CODE>Description:</CODE>
<DD> A human-readable textual description of the variant. If Apache cannot
find any appropriate variant to return, it will return an error
1.1369 +4 -0 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1368
retrieving revision 1.1369
diff -u -r1.1368 -r1.1369
--- CHANGES 1999/06/04 00:21:36 1.1368
+++ CHANGES 1999/06/04 17:15:49 1.1369
@@ -1,5 +1,9 @@
Changes with Apache 1.3.7
+ *) Remove "mxb" support from mod_negotiation -- it was a draft feature
+ never accepted into any standard, and it opens up certain DoS
+ attacks. [Koen Holtman <[EMAIL PROTECTED]>]
+
*) The source is now quad (long long) aware as needed. Specifically,
the Configure process determines the correct size of off_t and
*void. When the OS/platform/compiler supports quads, ap_snprintf()
1.99 +0 -23 apache-1.3/src/modules/standard/mod_negotiation.c
Index: mod_negotiation.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_negotiation.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -r1.98 -r1.99
--- mod_negotiation.c 1999/03/19 21:23:24 1.98
+++ mod_negotiation.c 1999/06/04 17:15:51 1.99
@@ -140,7 +140,6 @@
typedef struct accept_rec {
char *name; /* MUST be lowercase */
float quality;
- float max_bytes;
float level;
char *charset; /* for content-type only */
} accept_rec;
@@ -315,7 +314,6 @@
const char *accept_line)
{
result->quality = 1.0f;
- result->max_bytes = 0.0f;
result->level = 0.0f;
result->charset = "";
@@ -392,10 +390,6 @@
&& (parm[1] == '\0' || (parm[1] == 's' && parm[2] == '\0'))) {
result->quality = atof(cp);
}
- else if (parm[0] == 'm' && parm[1] == 'x' &&
- parm[2] == 'b' && parm[3] == '\0') {
- result->max_bytes = atof(cp);
- }
else if (parm[0] == 'l' && !strcmp(&parm[1], "evel")) {
result->level = atof(cp);
}
@@ -613,7 +607,6 @@
new_accept->name = "*/*";
new_accept->quality = 1.0f;
new_accept->level = 0.0f;
- new_accept->max_bytes = 0.0f;
}
new_accept = (accept_rec *) ap_push_array(neg->accepts);
@@ -626,7 +619,6 @@
new_accept->quality = prefer_scripts ? 2.0f : 0.001f;
}
new_accept->level = 0.0f;
- new_accept->max_bytes = 0.0f;
}
/*****************************************************************
@@ -1520,13 +1512,6 @@
}
}
- /* Check maxbytes -- not in HTTP/1.1 or TCN */
-
- if (type->max_bytes > 0
- && (find_content_length(neg, variant) > type->max_bytes)) {
- continue;
- }
-
/* If we are allowed to mess with the q-values
* and have no explicit q= parameters in the accept header,
* make wildcards very low, so we have a low chance
@@ -2206,14 +2191,6 @@
ap_array_pstrcat(r->pool, arr, '\0'));
}
- /* Theoretically the negotiation result _always_ has a dependence on
- * the contents of the Accept header because we do 'mxb='
- * processing in set_accept_quality(). However, variations in mxb
- * only affect the relative quality of several acceptable variants,
- * so there is no reason to worry about an unacceptable variant
- * being mistakenly prioritized. We therefore ignore mxb in deciding
- * whether or not to include Accept in the Vary field value.
- */
if (neg->is_transparent || vary_by_type || vary_by_language ||
vary_by_language || vary_by_charset || vary_by_encoding) {
