dgaudet 99/06/04 10:15:53
Modified: htdocs/manual content-negotiation.html src CHANGES src/modules/standard mod_negotiation.c Log: This patch removes the processing of `mxb' parameters in Accept headers in mod_negotiation. A second patch updates the manual to reflect this (mxb is not documented directly in the manual but support for it is implied in one place). Reasons for removing this feature: 1) As currently implemented, the 'mxb' feature makes possible certain denial-of-service attacks on negotiated content. These attacks are posssible for user communities which access an Apache server from behind a HTTP/1.1 proxy which implements `Vary' related optimisations. Plugging this denial of service hole without removing `mxb' is fairly expensive in terms of degrading caching efficiency. 2) `mxb' is not in HTTP/1.0 or HTTP/1.1 or any other standard 3) Nobody seems to make use of 'mxb'. (Balachander Krishnamurthy kindly offered to grep some of his web traffic traces -- he did not find a single Accept with mxb in a whole day of recent traffic, nor in older traces) 4) Removing a feature makes a nice change from adding features. Submitted by: Koen Holtman <[EMAIL PROTECTED]> Revision Changes Path 1.22 +3 -4 apache-1.3/htdocs/manual/content-negotiation.html Index: content-negotiation.html =================================================================== RCS file: /home/cvs/apache-1.3/htdocs/manual/content-negotiation.html,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- content-negotiation.html 1999/03/19 21:23:19 1.21 +++ content-negotiation.html 1999/06/04 17:15:48 1.22 @@ -196,10 +196,9 @@ for compress'd files, and <CODE>x-gzip</CODE> for gzip'd files. The <CODE>x-</CODE> prefix is ignored for encoding comparisons. <DT> <CODE>Content-Length:</CODE> - <DD> The size of the file. Clients can ask to receive a given media - type only if the variant isn't too big; specifying a content - length in the map allows the server to compare against these - thresholds without checking the actual file. + <DD> The size of the file. Specifying content + lengths in the type-map allows the server to compare file sizes + without checking the actual files. <DT> <CODE>Description:</CODE> <DD> A human-readable textual description of the variant. If Apache cannot find any appropriate variant to return, it will return an error 1.1369 +4 -0 apache-1.3/src/CHANGES Index: CHANGES =================================================================== RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1368 retrieving revision 1.1369 diff -u -r1.1368 -r1.1369 --- CHANGES 1999/06/04 00:21:36 1.1368 +++ CHANGES 1999/06/04 17:15:49 1.1369 @@ -1,5 +1,9 @@ Changes with Apache 1.3.7 + *) Remove "mxb" support from mod_negotiation -- it was a draft feature + never accepted into any standard, and it opens up certain DoS + attacks. [Koen Holtman <[EMAIL PROTECTED]>] + *) The source is now quad (long long) aware as needed. Specifically, the Configure process determines the correct size of off_t and *void. When the OS/platform/compiler supports quads, ap_snprintf() 1.99 +0 -23 apache-1.3/src/modules/standard/mod_negotiation.c Index: mod_negotiation.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_negotiation.c,v retrieving revision 1.98 retrieving revision 1.99 diff -u -r1.98 -r1.99 --- mod_negotiation.c 1999/03/19 21:23:24 1.98 +++ mod_negotiation.c 1999/06/04 17:15:51 1.99 @@ -140,7 +140,6 @@ typedef struct accept_rec { char *name; /* MUST be lowercase */ float quality; - float max_bytes; float level; char *charset; /* for content-type only */ } accept_rec; @@ -315,7 +314,6 @@ const char *accept_line) { result->quality = 1.0f; - result->max_bytes = 0.0f; result->level = 0.0f; result->charset = ""; @@ -392,10 +390,6 @@ && (parm[1] == '\0' || (parm[1] == 's' && parm[2] == '\0'))) { result->quality = atof(cp); } - else if (parm[0] == 'm' && parm[1] == 'x' && - parm[2] == 'b' && parm[3] == '\0') { - result->max_bytes = atof(cp); - } else if (parm[0] == 'l' && !strcmp(&parm[1], "evel")) { result->level = atof(cp); } @@ -613,7 +607,6 @@ new_accept->name = "*/*"; new_accept->quality = 1.0f; new_accept->level = 0.0f; - new_accept->max_bytes = 0.0f; } new_accept = (accept_rec *) ap_push_array(neg->accepts); @@ -626,7 +619,6 @@ new_accept->quality = prefer_scripts ? 2.0f : 0.001f; } new_accept->level = 0.0f; - new_accept->max_bytes = 0.0f; } /***************************************************************** @@ -1520,13 +1512,6 @@ } } - /* Check maxbytes -- not in HTTP/1.1 or TCN */ - - if (type->max_bytes > 0 - && (find_content_length(neg, variant) > type->max_bytes)) { - continue; - } - /* If we are allowed to mess with the q-values * and have no explicit q= parameters in the accept header, * make wildcards very low, so we have a low chance @@ -2206,14 +2191,6 @@ ap_array_pstrcat(r->pool, arr, '\0')); } - /* Theoretically the negotiation result _always_ has a dependence on - * the contents of the Accept header because we do 'mxb=' - * processing in set_accept_quality(). However, variations in mxb - * only affect the relative quality of several acceptable variants, - * so there is no reason to worry about an unacceptable variant - * being mistakenly prioritized. We therefore ignore mxb in deciding - * whether or not to include Accept in the Vary field value. - */ if (neg->is_transparent || vary_by_type || vary_by_language || vary_by_language || vary_by_charset || vary_by_encoding) {