Re: [A-T] adjusting APACHE and APXS env vars
Stas Bekman wrote: Moreover the prefix ideally should be: APACHE_TEST_ and not APACHE_, since we already have a bunch of env vars which start with APACHE_TEST_ Though I'm in favor to just drop them, making everybody move to the better API. +1 --Geoff
Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c
[EMAIL PROTECTED] wrote: nd 2004/01/02 15:35:59 Modified:modules/loggers mod_log_forensic.c Log: prevent module from segfaulting when not configured. Ooops, forgot to bring that forward from 1.3. Thanks. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: cvs commit: httpd-2.0/server gen_test_char.c
On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote: ben 2004/01/03 08:31:32 Modified:server gen_test_char.c Log: Make forensic logging safe for POST data. The issue with strchr and NUL is a red herring. I don't think this is a safe change: 0 is now flagged with T_ESCAPE_FORENSIC|T_ESCAPE_LOGITEM|T_HTTP_TOKEN_STOP|T_ESCAPE_SHELL_CMD. At least ap_find_token() assumes that 0 is not flagged with T_HTTP_TOKEN_STOP. Revision ChangesPath 1.19 +3 -7 httpd-2.0/server/gen_test_char.c Index: gen_test_char.c === RCS file: /home/cvs/httpd-2.0/server/gen_test_char.c,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- gen_test_char.c 3 Jan 2004 15:33:41 - 1.18 +++ gen_test_char.c 3 Jan 2004 16:31:32 - 1.19 @@ -90,8 +90,7 @@ #define T_ESCAPE_LOGITEM (%u)\n #define T_ESCAPE_FORENSIC (%u)\n \n - static const unsigned char test_char_table[256] = {\n - 0,, + static const unsigned char test_char_table[256] = {, T_ESCAPE_SHELL_CMD, T_ESCAPE_PATH_SEGMENT, T_OS_ESCAPE_PATH, @@ -99,10 +98,7 @@ T_ESCAPE_LOGITEM, T_ESCAPE_FORENSIC); -/* we explicitly dealt with NUL above - * in case some strchr() do bogosity with it */ - -for (c = 1; c 256; ++c) { +for (c = 0; c 256; ++c) { flags = 0; if (c % 20 == 0) printf(\n); @@ -154,7 +150,7 @@ * :, | (used as delimiters) and % (used for escaping). */ if (!apr_isprint(c) || c == ':' || c == '|' || c == '%' -|| apr_iscntrl(c)) { +|| apr_iscntrl(c) || !c) { flags |= T_ESCAPE_FORENSIC; }
Re: cvs commit: httpd-2.0/server gen_test_char.c
Joe Orton wrote: On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote: ben 2004/01/03 08:31:32 Modified:server gen_test_char.c Log: Make forensic logging safe for POST data. The issue with strchr and NUL is a red herring. I don't think this is a safe change: 0 is now flagged with T_ESCAPE_FORENSIC|T_ESCAPE_LOGITEM|T_HTTP_TOKEN_STOP|T_ESCAPE_SHELL_CMD. At least ap_find_token() assumes that 0 is not flagged with T_HTTP_TOKEN_STOP. I shall fix it. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Trouble compiling 2.x on Win32 / missing os.h
For some reason, VC6/SP5 exported makefiles don't copy os.h into the include directory. Any idea, someone? Thanks, nd
Copyrights
At 06:32 AM 1/2/2004, you wrote: [EMAIL PROTECTED] wrote: update license to 2004. Why? Unless the file changes in 2004, the copyright doesn't. And, in any case, the earliest date applies, so it gets us nowhere. In fairness this has been Roy's practice, so let's not beat on Andre. Roy's logic is that this is a single work. If someone obtains a new tarball in 2004, all of the files will be marked with 2004, as some changes will have (undoubtedly) been made. Old tarballs of the combined work retain their old copyright dates. One copyright file isn't sufficient, each document must be copyrighted. The License itself will become a single, common document (not repeated in each file) as of the next ASL 2.0, if I understand right, and mentioned by reference in each individual file. But copyrights will be perpetually updated, each file is both separately copyrighted, as well as the combined work as a whole. I think that covers most comments on this thread. Bill
Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c
Since the test_char.h header file is not located in the same place on the NetWare build as it is for Linux, the path can not be hardcoded. This may break the build of mod_log_forensic on Linux until the path is added to the INCLUDE path. Since I am not sure where this should be added on Linux, could somebody that knows more about the Linux makefiles than I do, make this change? Thanks, Brad Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Saturday, January 03, 2004 12:18:54 PM bnicholes2004/01/03 11:18:53 Modified:modules/loggers mod_log_forensic.c Log: Don't hardcode the location of the test_char.h header. The path should be added to the INCLUDE path. Also, use the apr_uint32_t type for next_id which is compatible with the apr_atomic functions. Revision ChangesPath 1.7 +2 -2 httpd-2.0/modules/loggers/mod_log_forensic.c Index: mod_log_forensic.c === RCS file: /home/cvs/httpd-2.0/modules/loggers/mod_log_forensic.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- mod_log_forensic.c3 Jan 2004 16:02:15 - 1.6 +++ mod_log_forensic.c3 Jan 2004 19:18:53 - 1.7 @@ -75,7 +75,7 @@ #include apr_atomic.h #include unistd.h #include http_protocol.h -#include ../../server/test_char.h +#include test_char.h module AP_MODULE_DECLARE_DATA log_forensic_module; @@ -84,7 +84,7 @@ apr_file_t *fd; } fcfg; -static int next_id; +static apr_uint32_t next_id; static void *make_forensic_log_scfg(apr_pool_t *p, server_rec *s) {
Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c
[EMAIL PROTECTED] wrote: bnicholes2004/01/03 11:18:53 Modified:modules/loggers mod_log_forensic.c Log: Don't hardcode the location of the test_char.h header. The path should be added to the INCLUDE path. This patch is broken. Don't make me reverse it. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c
Broken??? jorton already fixed up the INCLUDE path. Brad jorton 2004/01/03 12:15:59 Modified:modules/loggers config.m4 Log: * modules/loggers/config.m4: Add 'server' directory to include path if mod_log_forensic is enabled. Revision ChangesPath 1.8 +5 -0 httpd-2.0/modules/loggers/config.m4 Index: config.m4 === RCS file: /home/cvs/httpd-2.0/modules/loggers/config.m4,v retrieving revision 1.7 retrieving revision 1.8 diff -b -d -u -r1.7 -r1.8 --- config.m41 Jan 2004 15:39:30 - 1.7 +++ config.m43 Jan 2004 20:15:59 - 1.8 @@ -7,6 +7,11 @@ APACHE_MODULE(log_config, logging configuration, , , yes) APACHE_MODULE(log_forensic, forensic logging) +if test $enable_log_forensic != no; then +# mod_log_forensic needs test_char.h +APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server]) +fi + APACHE_MODULE(logio, input and output logging, , , most) APACHE_MODPATH_FINISH Brad Nicholes Senior Software Engineer Novell, Inc., the leading provider of Net business solutions http://www.novell.com [EMAIL PROTECTED] Saturday, January 03, 2004 2:11:55 PM [EMAIL PROTECTED] wrote: bnicholes2004/01/03 11:18:53 Modified:modules/loggers mod_log_forensic.c Log: Don't hardcode the location of the test_char.h header. The path should be added to the INCLUDE path. This patch is broken. Don't make me reverse it. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
httpd-pop3 buffer overflow bug
I have found a major buffer overflow bug... I found this while working on my ftp module for apache 2.0.. http://outoforder.cc/projects/apache/ which was initially based off of the structure of httpd-pop3. the issue is ap_getword_white_nc moves the pointer in buffer up by the number of characters that were extracted and copied in the the allocated return value (on line 135, command). after a number of iterations through the main while(1) loop, buffer gets continually incremented well beyond the initial 255 characters that were originally allocated to it, and starts overwriting other elements allocated afterward by r-pool. This is my solution to fixing the problem.. Here is the patch.. --- pop_protocol.c.bak Tue Nov 4 15:08:10 2003 +++ pop_protocol.c Sat Jan 3 20:27:35 2004 @@ -110,7 +110,8 @@ int process_pop_connection_internal(request_rec *r, apr_bucket_brigade *bb) { -char *buffer = apr_palloc(r-pool, POP_STRING_LENGTH); +char command_buffer[POP_STRING_LENGTH]; +char *buffer; char *command; int invalid_cmd = 0; apr_size_t len; @@ -124,7 +125,7 @@ while (1) { int res; - + buffer = command_buffer; if ((invalid_cmd MAX_INVALID_CMD) || ap_rgetline(buffer, POP_STRING_LENGTH, len, r, 0, bb) != APR_SUCCESS) {