cvs commit: apache-site index.html
brian 98/01/06 19:07:43 Modified:.index.html Log: Updated the front page with 1) 1.2.5 announcement 2) 50% announcement 3) overdue announcement of binary version of 1.3b3 for Win32 Revision ChangesPath 1.47 +17 -39apache-site/index.html Index: index.html === RCS file: /export/home/cvs/apache-site/index.html,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- index.html1997/11/20 16:34:33 1.46 +++ index.html1998/01/07 03:07:42 1.47 @@ -52,25 +52,20 @@ HR -H2 ALIGN=CENTERApache 1.2.4 Now Available/H2 +H2 ALIGN=CENTERApache 1.2.5 Now Available/H2 PBLOCKQUOTE -Apache 1.2.4 is now available. This is a maintenance release, with numerous -bug fixes from 1.2.1 (Apache 1.2.2 was never released and Apache 1.2.3 was -available for two days only). The 1.2 series has been well tested and is a -stable platform. If you are running any beta of 1.2, or any older version of -the Apache HTTP server, you should upgrade to this release for both stability -and security reasons. - -pFONT COLOR=redImportant Note:/FONTWe just discovered a bug in 1.2.3 -for mod_proxy. Proxy users should apply the patch in the -A HREF=dist/patches/apply_to_1.2.3/1.2.3 patch directory/A or directly -use the current 1.2.4 release which includes this patch. +Apache 1.2.5 is now available. This is a maintenance release, with +numerous bug fixes from 1.2.4, including a few security-related fixes. +The 1.2 series has been well tested and is a stable platform. If you +are running any beta of 1.2, or any older version of the Apache HTTP +server, you should upgrade to this release for both stability and +security reasons. /BLOCKQUOTE P ALIGN=CENTER -a href=dist/Download Apache 1.2.4/a | +a href=dist/Download Apache 1.2.5/a | a href=docs/new_features_1_2.htmlNew Features in Apache 1.2/a PHR @@ -81,18 +76,11 @@ PBLOCKQUOTE -Apache 1.3b3 is the second public beta of the forthcoming Apache 1.3 Server. -Apache 1.3 includes several new enhancements, improvements and -performance boosts, but the most visible addition is the ability to run -under Microsoft Windows NT 4.0 and 95. At present it is available in source -format only, so a compiler is neccessary to use it (Microsoft Visual C++ -5.0 for Windows). If you are using, or had previously tried the -1.3a1 or 1.3b2 releases, please upgrade to 1.3b3 at your earliest convenience. - -pFONT COLOR=redImportant Note:/FONT Apache 1.3b1 was never formally -released. Thus, the first public beta release was 1.3b2. Since 1.3b3 is -still a beta release, it undoubtedly has its share of warts and bugs. -Although it has been tested somewhat strenuously, your mileage may vary. +Apache 1.3b3 is the second public beta of the forthcoming Apache 1.3 +Server. Apache 1.3 includes several new enhancements, improvements +and performance boosts, but the most visible addition is the ability +to run under Microsoft Windows NT 4.0 and 95. A compiled NT/95 binary +version of the server is now available as a separate download. /BLOCKQUOTE P ALIGN=CENTER @@ -103,24 +91,14 @@ PHR -H2 ALIGN=CENTERImportant Information about Java and HTTP/1.1/H2 - -PBLOCKQUOTEThere are known problems with older versions of the Java -class libraries and the HTTP/1.1 protocol used by Apache 1.2 and other -servers. See our page describing the -A HREF=info/jdk-102.htmlJDK 1.0.2 compatibility issue/A for -details./BLOCKQUOTE - -PHR - H2 ALIGN=CENTERThe Number One HTTP Server On The Internet/H2 PBLOCKQUOTEApache has been the most popular web server on the -Internet since April of 1996. The November 1997 WWW server a +Internet since April of 1996. The January 1998 WWW server a href=http://www.netcraft.co.uk/Survey/;site survey by Netcraft/a -found that more web servers were using Apache than any other -software. Apache and its derivatives totaled 49.97% of all web -sites on the Internet. +found that over 50% of the web sites on the Internet are using Apache +and its derivatives - thus making it more widely used than all other +web servers combined. PThe Apache project has been organized in an attempt to answer some of the concerns regarding active development of a public domain HTTP
cvs commit: apachen STATUS
coar98/01/06 21:04:17 Modified:.STATUS Log: Wrap a too-long line. Revision ChangesPath 1.53 +2 -1 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.52 retrieving revision 1.53 diff -u -r1.52 -r1.53 --- STATUS1998/01/06 23:42:04 1.52 +++ STATUS1998/01/07 05:04:16 1.53 @@ -66,7 +66,8 @@ * Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments * Dean's [PATCH] mod_info minor cleanups (take 2) * Dean's [PATCH] mod_status cleanups -* [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) +* [PATCH] mod_digest/1599: proxy authentication using the digest auth + scheme never succeeds (fwd) * Paul's [PATCH] a bundle of multithreading changes Available Patches:
cvs commit: apachen STATUS
coar98/01/07 04:50:43 Modified:.STATUS Log: More updates.. Revision ChangesPath 1.54 +2 -0 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.53 retrieving revision 1.54 diff -u -r1.53 -r1.54 --- STATUS1998/01/07 05:04:16 1.53 +++ STATUS1998/01/07 12:50:43 1.54 @@ -85,6 +85,7 @@ Status: Doug +1, Randy +1, Dean would really prefer Ben's proposal of httpd -M config file directive if it works. Jim would prefer Ben's solution as well. + So would Ken (does it obviate -d and -f if present?) * Martin's [PATCH] Location within .htaccess? [EMAIL PROTECTED] @@ -98,6 +99,7 @@ [EMAIL PROTECTED] Status: Ken +1, Jim +1 Gregory Lundberg says it's legally invalid + Alexei disagrees, citing past practice and investigation * Martin's [PATCH] 36kB: Make apache compile run on an EBCDIC mainframe [EMAIL PROTECTED]
cvs commit: apache-devsite binaries.html
martin 98/01/07 05:53:44 Modified:.binaries.html Log: I can build binaries for ReliantUNIX/SINIX/mips-sni-svr4 Revision ChangesPath 1.2 +1 -0 apache-devsite/binaries.html Index: binaries.html === RCS file: /home/cvs/apache-devsite/binaries.html,v retrieving revision 1.1 retrieving revision 1.2 diff -u -u -r1.1 -r1.2 --- binaries.html 1997/06/17 10:43:28 1.1 +++ binaries.html 1998/01/07 13:53:44 1.2 @@ -65,6 +65,7 @@ LIm88k-dg-dgux5.4R2.01:Sameer parekh LIm88k-next-next: Rob Hartill LImips-sgi-irix5.3:Mark Imbrianco +LImips-sni-svr4: Martin Kraemer LIrs6000-ibm-aix3.2.5: Sameer Parekh LIsparc-sun-solaris2.4:Brian Behlendorf LIsparc-sun-solaris2.5:Brian Behlendorf
cvs commit: apachen/src/support apachectl apachectl.1 dbmmanage htpasswd.1 httpd.8 log_server_status split-logfile suexec.c suexec.h
coar98/01/07 08:47:17 Modified:.LICENSE htdocs/manual LICENSE expand.pl src/ap ap_cpystrn.c ap_signal.c ap_slack.c ap_snprintf.c ap_strings.c src/main alloc.c alloc.h buff.c buff.h conf.h http_conf_globals.h http_config.c http_config.h http_core.c http_core.h http_log.c http_log.h http_main.c http_main.h http_protocol.c http_protocol.h http_request.c http_request.h http_vhost.c http_vhost.h httpd.h md5.h md5c.c rfc1413.c rfc1413.h scoreboard.h util.c util_date.c util_date.h util_md5.c util_md5.h util_script.c util_script.h src/modules/example mod_example.c src/modules/proxy mod_proxy.c mod_proxy.h proxy_cache.c proxy_connect.c proxy_ftp.c proxy_http.c proxy_util.c src/modules/standard mod_access.c mod_actions.c mod_alias.c mod_asis.c mod_auth.c mod_auth_anon.c mod_auth_db.c mod_auth_dbm.c mod_autoindex.c mod_cern_meta.c mod_cgi.c mod_digest.c mod_dir.c mod_dld.c mod_env.c mod_expires.c mod_headers.c mod_imap.c mod_include.c mod_info.c mod_log_agent.c mod_log_config.c mod_log_referer.c mod_mime.c mod_mime_magic.c mod_negotiation.c mod_rewrite.c mod_rewrite.h mod_setenvif.c mod_speling.c mod_status.c mod_unique_id.c mod_userdir.c mod_usertrack.c src/os/win32 mod_dll.c mod_isapi.c src/support apachectl apachectl.1 dbmmanage htpasswd.1 httpd.8 log_server_status split-logfile suexec.c suexec.h Log: Update the copyright year of all the various HEAD files to include 1998. Reviewed by: Jim Jagielski, Martin Kraemer Revision ChangesPath 1.8 +1 -1 apachen/LICENSE Index: LICENSE === RCS file: /export/home/cvs/apachen/LICENSE,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- LICENSE 1997/10/15 20:22:47 1.7 +++ LICENSE 1998/01/07 16:45:53 1.8 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-1997 The Apache Group. All rights reserved. + * Copyright (c) 1995-1998 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions 1.5 +1 -1 apachen/htdocs/manual/LICENSE Index: LICENSE === RCS file: /export/home/cvs/apachen/htdocs/manual/LICENSE,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- LICENSE 1997/10/15 20:22:48 1.4 +++ LICENSE 1998/01/07 16:45:53 1.5 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-1997 The Apache Group. All rights reserved. + * Copyright (c) 1995-1998 The Apache Group. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions 1.4 +1 -1 apachen/htdocs/manual/expand.pl Index: expand.pl === RCS file: /export/home/cvs/apachen/htdocs/manual/expand.pl,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- expand.pl 1997/01/01 18:32:14 1.3 +++ expand.pl 1998/01/07 16:45:54 1.4 @@ -11,7 +11,7 @@ # Nov 30, 1996 - Alexei Kosut [EMAIL PROTECTED] # -# Copyright (c) 1996,1997 The Apache Group. All rights reserved. +# Copyright (c) 1996-1998 The Apache Group. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions 1.3 +1 -1 apachen/src/ap/ap_cpystrn.c Index: ap_cpystrn.c === RCS file: /export/home/cvs/apachen/src/ap/ap_cpystrn.c,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- ap_cpystrn.c 1997/12/30 16:42:32 1.2 +++ ap_cpystrn.c 1998/01/07 16:45:55 1.3 @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995-1997
cvs commit: apachen STATUS
coar98/01/07 09:04:02 Modified:.STATUS Log: Note application of copyright year update. Revision ChangesPath 1.56 +1 -6 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.55 retrieving revision 1.56 diff -u -r1.55 -r1.56 --- STATUS1998/01/07 13:52:03 1.55 +++ STATUS1998/01/07 17:04:02 1.56 @@ -69,6 +69,7 @@ * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) * Paul's [PATCH] a bundle of multithreading changes +* Ken's [PATCH] for copyright year update Available Patches: @@ -94,12 +95,6 @@ * Brian Havard's [Patch] OS/2 - fix up shut down [EMAIL PROTECTED] Status: Dean +1 - -* Ken's [PATCH] for copyright year update - [EMAIL PROTECTED] - Status: Ken +1, Jim +1, Martin +1 - Gregory Lundberg says it's legally invalid - Alexei disagrees, citing past practice and investigation * Martin's [PATCH] 36kB: Make apache compile run on an EBCDIC mainframe [EMAIL PROTECTED]
cvs commit: apachen/src/support logresolve.pl
hartill 98/01/07 09:29:01
Added: src/support logresolve.pl
Log:
Adding logresolve.pl - a Perl version of logresolve.c that spawns lots
of low overhead processes to map IP numbers into hostnames concurrently
instead of one by one at a snails pace (logresolve.c).
Nobody said it was shite so here it is.
Submitted by: Rob Hartill
Revision ChangesPath
1.1 apachen/src/support/logresolve.pl
Index: logresolve.pl
===
#!/usr/local/bin/perl
#
# Copyright (c) 1995-1998 The Apache Group. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# 1. Redistributions of source code must retain the above copyright
#notice, this list of conditions and the following disclaimer.
#
# 2. Redistributions in binary form must reproduce the above copyright
#notice, this list of conditions and the following disclaimer in
#the documentation and/or other materials provided with the
#distribution.
#
# 3. All advertising materials mentioning features or use of this
#software must display the following acknowledgment:
#This product includes software developed by the Apache Group
#for use in the Apache HTTP server project (http://www.apache.org/).
#
# 4. The names Apache Server and Apache Group must not be used to
#endorse or promote products derived from this software without
#prior written permission. For written permission, please contact
#[EMAIL PROTECTED]
#
# 5. Redistributions of any form whatsoever must retain the following
#acknowledgment:
#This product includes software developed by the Apache Group
#for use in the Apache HTTP server project (http://www.apache.org/).
#
# THIS SOFTWARE IS PROVIDED BY THE APACHE GROUP ``AS IS'' AND ANY
# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE GROUP OR
# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE.
#
#
# This software consists of voluntary contributions made by many
# individuals on behalf of the Apache Group and was originally based
# on public domain software written at the National Center for
# Supercomputing Applications, University of Illinois, Urbana-Champaign.
# For more information on the Apache Group and the Apache HTTP server
# project, please see http://www.apache.org/.
# logresolve.pl
#
# v 1.0 by robh @ imdb.com
#
# usage: logresolve.pl infile outfile
#
# input = Apache/NCSA/.. logfile with IP numbers at start of lines
# output = same logfile with IP addresses resolved to hostnames where
# name lookups succeeded.
#
# this differs from the C based 'logresolve' in that this script
# spawns a number ($CHILDREN) of subprocesses to resolve addresses
# concurrently and sets a short timeout ($TIMEOUT) for each lookup in
# order to keep things moving quickly.
#
# the parent process handles caching of IP-hostnames using a Perl hash
# it also avoids sending the same IP to multiple child processes to be
# resolved multiple times concurrently.
#
# Depending on the settings of $CHILDREN and $TIMEOUT you should see
# significant reductions in the overall time taken to resolve your
# logfiles. With $CHILDREN=40 and $TIMEOUT=5 I've seen 200,000 - 300,000
# logfile lines processed per hour compared to ~45,000 per hour
# with 'logresolve'.
#
# I haven't yet seen any noticable reduction in the percentage of IPs
# that fail to get resolved. Your mileage will no doubt vary. 5s is long
# enough to wait IMO.
$|=1;
use FileHandle;
use Socket;
use strict;
no strict 'refs';
use vars qw($AF_UNIX $SOCK_STREAM $PROTOCOL);
($AF_UNIX, $SOCK_STREAM, $PROTOCOL) = (1, 1, 0);
my $CHILDREN = 40;
my $TIMEOUT = 5;
my $filename;
my %hash = ();
my $parent = $$;
my @children = ();
for (my $child = 1; $child =$CHILDREN; $child++) {
my $f = fork();
if (!$f) {
$filename = ./.socket.$parent.$child;
if (-e $filename) { unlink($filename) || warn
cvs commit: apache-site info.html
brian 98/01/07 11:46:58 Modified:.info.html Log: update 1.2 mention. Revision ChangesPath 1.10 +1 -1 apache-site/info.html Index: info.html === RCS file: /export/home/cvs/apache-site/info.html,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- info.html 1997/12/13 05:41:10 1.9 +++ info.html 1998/01/07 19:46:57 1.10 @@ -98,7 +98,7 @@ Apache is being maintained./P H2When will Apache be available?/H2 -PApache version 1.2.4 is currently available to everyone, and is +PApache version 1.2.5 is currently available to everyone, and is the most stable version. H2Will Apache be supported?/H2
cvs commit: apachen/src/modules/standard mod_imap.c
dgaudet 98/01/07 14:23:34
Modified:src/modules/standard mod_imap.c
Log:
This is a bit large, but that's deliberate because I took the opportunity
to do the crap that we've been wanting done to mod_imap.
- liberal use of const to help find stack assignments
- remove all constant sized char arrays except input[]; replaced by pool
string functions or by pointers into tokens inside the input[]
array
- in particular, the use of read_quoted() had a stack overrun potential.
Eliminated.
- These changes can chew memory when generating a menu. I don't care,
I'd rather have them do that than have them overrun the stack. It
shouldn't chew more than approx the size of the map file though.
- better error handling
Reviewed by: Jim Jagielski, Martin Kraemer
Revision ChangesPath
1.37 +165 -153 apachen/src/modules/standard/mod_imap.c
Index: mod_imap.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_imap.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -u -r1.36 -r1.37
--- mod_imap.c1998/01/07 16:46:50 1.36
+++ mod_imap.c1998/01/07 22:23:33 1.37
@@ -97,8 +97,6 @@
#include util_script.h
#define IMAP_MAGIC_TYPE application/x-httpd-imap
-#define LARGEBUF 500
-#define SMALLBUF 256
#define MAXVERTS 100
#define X 0
#define Y 1
@@ -159,7 +157,7 @@
{NULL}
};
-static int pointinrect(double point[2], double coords[MAXVERTS][2])
+static int pointinrect(const double point[2], const double
coords[MAXVERTS][2])
{
double max[2], min[2];
if (coords[0][X] coords[1][X]) {
@@ -184,7 +182,7 @@
(point[Y] = min[1] point[Y] = max[1]));
}
-static int pointincircle(double point[2], double coords[MAXVERTS][2])
+static int pointincircle(const double point[2], const double
coords[MAXVERTS][2])
{
double radius1, radius2;
@@ -197,11 +195,12 @@
return (radius2 = radius1);
}
-static int pointinpoly(double point[2], double pgon[MAXVERTS][2])
+static int pointinpoly(const double point[2], const double pgon[MAXVERTS][2])
{
int i, numverts, inside_flag, xflag0;
int crossings;
-double *p, *stop;
+double *p;
+const double *stop;
double tx, ty, y;
for (i = 0; pgon[i][X] != -1 i MAXVERTS; i++);
@@ -271,7 +270,7 @@
}
-static int is_closer(double point[2], double coords[MAXVERTS][2], double
*closest)
+static int is_closer(const double point[2], const double
coords[MAXVERTS][2], double *closest)
{
double dist_squared = ((point[X] - coords[0][X]) * (point[X] -
coords[0][X]))
+ ((point[Y] - coords[0][Y]) * (point[Y] - coords[0][Y]));
@@ -289,7 +288,7 @@
}
-static double get_x_coord(char *args)
+static double get_x_coord(const char *args)
{
char *endptr; /* we want it non-null */
double x_coord = -1;/* -1 is returned if no coordinate is given
*/
@@ -308,7 +307,7 @@
return (-1);/* else if no conversion was made, or if no
args was given */
}
-static double get_y_coord(char *args)
+static double get_y_coord(const char *args)
{
char *endptr; /* we want it non-null */
char *start_of_y = NULL;
@@ -336,107 +335,98 @@
}
-static int read_quoted(char *string, char *quoted_part)
+/* See if string has a quoted part, and if so set *quoted_part to
+ * the first character of the quoted part, then hammer a \0 onto the
+ * trailing quote, and set *string to point at the first character
+ * past the second quote.
+ *
+ * Otherwise set *quoted_part to NULL, and leave *string alone.
+ */
+static void read_quoted(char **string, char **quoted_part)
{
-char *starting_pos = string;
+char *strp = *string;
-while (isspace(*string))
-string++; /* go along string until non-whitespace */
+/* assume there's no quoted part */
+*quoted_part = NULL;
-if (*string == '') { /* if that character is a double quote */
+while (isspace(*strp))
+strp++; /* go along string until non-whitespace
*/
-string++; /* step over it */
+if (*strp == '') { /* if that character is a double quote
*/
+strp++; /* step over it */
+ *quoted_part = strp;/* note where the quoted part begins */
-while (*string *string != '') {
-*quoted_part++ = *string++; /* copy the quoted portion */
+while (*strp *strp != '') {
+ ++strp; /* skip the quoted portion */
}
-*quoted_part = '\0';/* end the string with a SNUL */
+*strp = '\0';
cvs commit: apachen/src/modules/standard mod_include.c
dgaudet 98/01/07 14:24:13
Modified:src/modules/standard mod_include.c
Log:
- There were a few strncpy()s that didn't terminate the string... add
safe_copy() which does strncpy the way it should be.
- switch many MAX_STRING_LENs with sizeof(foo) for the right foo, just in
case
- add const liberally to assist diagnosis
- fix two off-by-1 errors in get_tag() (it could be convinced to hammer
one byte past end of buffer)
- fix buffer overrun in get_directive()
- fix PR#1203 in a way that's fine for 1.2.x, but needs WIN32 support in
1.3
- test a few more error conditions and report them rather than doing
something lame
- buffer overrun and infinite loop in parse_string() eliminated
- removed unneeded test of palloc() and make_sub_pool() results against
NULL
- fix use of strncat which didn't \0 terminate the destination
- handle_else/handle_endif/handle_set/handle_printenv error messages
didn't include the filename
Reviewed by: Jim Jagielski, Martin Kraemer
Revision ChangesPath
1.61 +220 -174 apachen/src/modules/standard/mod_include.c
Index: mod_include.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_include.c,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- mod_include.c 1998/01/07 16:46:50 1.60
+++ mod_include.c 1998/01/07 22:24:11 1.61
@@ -97,6 +97,12 @@
#define SIZEFMT_KMG 1
+static ap_inline void safe_copy(char *dest, const char *src, size_t max_len)
+{
+strncpy(dest, src, max_len - 1);
+dest[max_len - 1] = '\0';
+}
+
/* Environment function --
*/
static void add_include_vars(request_rec *r, char *timefmt)
@@ -196,7 +202,7 @@
c = (char)i; \
}
-static int find_string(FILE *in, char *str, request_rec *r, int printing)
+static int find_string(FILE *in, const char *str, request_rec *r, int
printing)
{
int x, l = strlen(str), p;
char outbuf[OUTBUFSIZE];
@@ -261,8 +267,8 @@
{
int val, i, j;
char *p = s;
-char *ents;
-static char *entlist[MAXENTLEN + 1] =
+const char *ents;
+static const char * const entlist[MAXENTLEN + 1] =
{
NULL, /* 0 */
NULL, /* 1 */
@@ -344,9 +350,9 @@
static char *get_tag(pool *p, FILE *in, char *tag, int tagbuf_len, int
dodecode)
{
char *t = tag, *tag_val, c, term;
-int n;
-n = 0;
+/* makes code below a little less cluttered */
+--tagbuf_len;
do {/* skip whitespace */
GET_CHAR(in, c, NULL, p);
@@ -360,8 +366,7 @@
GET_CHAR(in, c, NULL, p);
} while (isspace(c));
if (c == '') {
-strncpy(tag, done, tagbuf_len - 1);
-tag[tagbuf_len - 1] = '\0';
+safe_copy(tag, done, tagbuf_len);
return tag;
}
}
@@ -370,8 +375,8 @@
/* find end of tag name */
while (1) {
-if (++n == tagbuf_len) {
-t[tagbuf_len - 1] = '\0';
+if (t - tag == tagbuf_len) {
+*t = '\0';
return NULL;
}
if (c == '=' || isspace(c)) {
@@ -404,8 +409,8 @@
term = c;
while (1) {
GET_CHAR(in, c, NULL, p);
-if (++n == tagbuf_len) {
-t[tagbuf_len - 1] = '\0';
+if (t - tag == tagbuf_len) {
+*t = '\0';
return NULL;
}
/* Want to accept \ as a valid character within a string. */
@@ -428,10 +433,14 @@
return pstrdup(p, tag_val);
}
-static int get_directive(FILE *in, char *d, pool *p)
+static int get_directive(FILE *in, char *dest, size_t len, pool *p)
{
+char *d = dest;
char c;
+/* make room for nul terminator */
+--len;
+
/* skip initial whitespace */
while (1) {
GET_CHAR(in, c, 1, p);
@@ -441,6 +450,9 @@
}
/* now get directive */
while (1) {
+ if (d - dest == len) {
+ return 1;
+ }
*d++ = tolower(c);
GET_CHAR(in, c, 1, p);
if (isspace(c)) {
@@ -454,16 +466,24 @@
/*
* Do variable substitution on strings
*/
-static void parse_string(request_rec *r, char *in, char *out, int length,
- int leave_name)
+static void parse_string(request_rec *r, const char *in, char *out,
+ size_t length, int leave_name)
{
char ch;
char *next = out;
-int numchars = 0;
+char *end_out;
+
+/* leave room for nul terminator */
+end_out = out + length - 1;
while ((ch = *in++) != '\0') {
cvs commit: apachen/src CHANGES
dgaudet 98/01/07 14:24:39 Modified:.STATUS src CHANGES Log: mod_include and mod_imap cleanup/security fixes Revision ChangesPath 1.57 +1 -4 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- STATUS1998/01/07 17:04:02 1.56 +++ STATUS1998/01/07 22:24:36 1.57 @@ -70,12 +70,9 @@ scheme never succeeds (fwd) * Paul's [PATCH] a bundle of multithreading changes * Ken's [PATCH] for copyright year update +* Dean's [PATCH] 1.3: security updates for mod_imap and mod_include Available Patches: - -* Dean's [PATCH] 1.3: security updates for mod_imap and mod_include - [EMAIL PROTECTED] - Status: Dean +1, Jim +1, Martin +1 * Dean's [PATCH] yet another slow function [EMAIL PROTECTED] 1.559 +12 -5 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.558 retrieving revision 1.559 diff -u -r1.558 -r1.559 --- CHANGES 1998/01/05 08:41:22 1.558 +++ CHANGES 1998/01/07 22:24:37 1.559 @@ -1,5 +1,12 @@ Changes with Apache 1.3b4 + *) SECURITY: General mod_include cleanup, including fixing several + possible buffer overflows and a possible infinite loop. + [Dean Gaudet, Marc Slemko] + + *) SECURITY: Numerous changes to mod_imap in a general cleanup + including fixing a possible buffer overflow. [Dean Gaudet] + *) WIN32: overhaul of multithreading code. Shutdowns are now graceful (connections are not dropped). Code can handle graceful restarts (but there is as yet no way to signal this to Apache). Various @@ -537,11 +544,11 @@ update_mtime() routine has also been added to advance it if appropriate. [Roy Fielding, Ken Coar] - *) If a htaccess file can not be read due to bad permissions, deny - access to the directory with a HTTP_FORBIDDEN. The previous - behavior was to ignore the htaccess file if it could not - be read. This change may make some setups with unreadable - htaccess files stop working. PR#817 [Marc Slemko] + *) SECURITY: If a htaccess file can not be read due to bad permissions, + deny access to the directory with a HTTP_FORBIDDEN. The previous + behavior was to ignore the htaccess file if it could not be read. + This change may make some setups with unreadable htaccess files + stop working. PR#817 [Marc Slemko] *) Add aplog_error() providing a mechanism to define levels of verbosity to the server error logging. This addition also provides
cvs commit: apachen STATUS
dgaudet 98/01/07 14:26:49 Modified:.STATUS Log: is_only_below Revision ChangesPath 1.58 +2 -0 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.57 retrieving revision 1.58 diff -u -r1.57 -r1.58 --- STATUS1998/01/07 22:24:36 1.57 +++ STATUS1998/01/07 22:26:49 1.58 @@ -163,6 +163,8 @@ * Dean's locale project See [EMAIL PROTECTED] Status: Jim'll look into it + +* os_ abstract is_only_below() in mod_include.c Closed issues:
