date:19980814

cvs commit: apache-1.3/src/include ap_mmn.h

1998-08-14 Thread dgaudet

dgaudet 98/08/13 19:49:10

  Modified:src/include ap_mmn.h
  Log:
  ap_log_rerror() certainly wasn't a minor change, it happened before that
  concept existed.  Put its correct entry into the list.
  
  Make the minor module number useable... provide a macro that tests the
  version in a more convenient mannor.
  
  Add ap_overlap_tables() (which I'm about to commit).
  
  Revision  ChangesPath
  1.3   +31 -10apache-1.3/src/include/ap_mmn.h
  
  Index: ap_mmn.h
  ===
  RCS file: /export/home/cvs/apache-1.3/src/include/ap_mmn.h,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- ap_mmn.h  1998/08/13 02:51:27 1.2
  +++ ap_mmn.h  1998/08/14 02:49:09 1.3
  @@ -60,8 +60,17 @@
   
   /*
* MODULE_MAGIC_NUMBER_MAJOR
  - * major API changes that could cause compatibility problems for older 
modules
  + * Major API changes that could cause compatibility problems for older 
modules
  + * such as structure size changes.  No binary compatibility is possible 
across
  + * a change in the major version.
*
  + * MODULE_MAGIC_NUMBER_MINOR
  + * Minor API changes that do not cause binary compatibility problems.
  + *
  + * See the MODULE_MAGIC_AT_LEAST macro below for an example.
  + */
  +
  +/*
* 19950525  - original value
* 19960512 (1.1b2)  - updated, 1.1, version.
* 19960526 (1.1b3)  - get_token(), table_unset(), pstrndup()
  @@ -148,24 +157,36 @@
* 3. ap_config.h -> ap_config_auto.h - now merged
* 4. compat.h-> ap_compat.h
* 5. apctype.h   -> ap_ctype.h
  + * 19980806 (1.3.2-dev) - add ap_log_rerror()
* 19980811 (1.3.2-dev)  - added limit_req_line, limit_req_fieldsize, and
* limit_req_fields to server_rec.
* added limit_req_body to core_dir_config and
* ap_get_limit_req_body() to get its value.
  - * 19980812 (1.3.1-dev)  - split of MODULE_MAGIC_NUMBER
  + * 19980812 (1.3.2-dev)  - split off MODULE_MAGIC_NUMBER
  + * 19980812.2   - add ap_overlap_tables()
*/
   
  -/*
  - * MODULE_MAGIC_NUMBER_MINOR
  - * minor API changes that won't cause compatibility problems for older 
modules
  - *
  - * 0001  - Add ap_log_rerror()
  - */
  -
   #ifndef MODULE_MAGIC_NUMBER_MAJOR
   #define MODULE_MAGIC_NUMBER_MAJOR 19980812
   #endif
  -#define MODULE_MAGIC_NUMBER_MINOR 0001
  +#define MODULE_MAGIC_NUMBER_MINOR 2
   #define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR/* backward 
compat */
  +
  +/* Useful for testing for features. */
  +#define MODULE_MAGIC_AT_LEAST(major,minor)   \
  +((major) > MODULE_MAGIC_NUMBER_MAJOR \
  + || ((major) == MODULE_MAGIC_NUMBER_MAJOR\
  + && (minor) >= MODULE_MAGIC_NUMBER_MINOR))
  +
  +/* For example, suppose you wish to use the ap_overlap_tables
  +   function.  You can do this:
  +
  +#if MODULE_MAGIC_AT_LEAST(19980812,2)
  +... use ap_overlap_tables()
  +#else
  +... alternative code which doesn't use ap_overlap_tables()
  +#endif
  +
  +*/
   
   #endif /* !APACHE_AP_MMN_H */

cvs commit: apache-1.3/src/modules/standard mod_cern_meta.c

1998-08-14 Thread dgaudet

dgaudet 98/08/13 19:49:57

  Modified:src  CHANGES
   src/include alloc.h
   src/main alloc.c http_protocol.c util_script.c
   src/modules/standard mod_cern_meta.c
  Log:
  Add ap_overlap_tables.  Fix various O(n^2) attacks using it.
  
  Revision  ChangesPath
  1.1024+3 -1  apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1023
  retrieving revision 1.1024
  diff -u -r1.1023 -r1.1024
  --- CHANGES   1998/08/13 01:54:59 1.1023
  +++ CHANGES   1998/08/14 02:49:42 1.1024
  @@ -22,7 +22,9 @@
[Jim Jagielski]
   
 *) SECURITY: Eliminate O(n^2) space DoS attacks (and other O(n^2)
  - cpu time attacks) in header parsing.  [Dean Gaudet]
  + cpu time attacks) in header parsing.  Add ap_overlap_tables(),
  + a function which can be used to perform bulk update operations
  + on tables in a more efficient manner.  [Dean Gaudet]
   
 *) SECURITY: Added compile-time and configurable limits for
various aspects of reading a client request to avoid some simple
  
  
  
  1.63  +4 -2  apache-1.3/src/include/alloc.h
  
  Index: alloc.h
  ===
  RCS file: /export/home/cvs/apache-1.3/src/include/alloc.h,v
  retrieving revision 1.62
  retrieving revision 1.63
  diff -u -r1.62 -r1.63
  --- alloc.h   1998/08/09 17:36:24 1.62
  +++ alloc.h   1998/08/14 02:49:45 1.63
  @@ -199,7 +199,7 @@
   int i;
   
   for (i = 0; i < barr->nelts; ++i) {
  - if (merge) {
  + if (flags & AP_OVERLAP_TABLES_MERGE) {
ap_table_mergen(a, belt[i].key, belt[i].val);
}
else {
  @@ -214,7 +214,9 @@
   in an ancestor of a's pool.  In practice b and a are usually from
   the same pool.
   */
  -API_EXPORT(void) ap_overlap_tables(table *a, const table *b, int merge);
  +#define AP_OVERLAP_TABLES_SET(0)
  +#define AP_OVERLAP_TABLES_MERGE  (1)
  +API_EXPORT(void) ap_overlap_tables(table *a, const table *b, unsigned flags);
   
   /* XXX: these know about the definition of struct table in alloc.c.  That
* definition is not here because it is supposed to be private, and by not
  
  
  
  1.99  +157 -0apache-1.3/src/main/alloc.c
  
  Index: alloc.c
  ===
  RCS file: /export/home/cvs/apache-1.3/src/main/alloc.c,v
  retrieving revision 1.98
  retrieving revision 1.99
  diff -u -r1.98 -r1.99
  --- alloc.c   1998/08/03 09:14:51 1.98
  +++ alloc.c   1998/08/14 02:49:47 1.99
  @@ -1386,6 +1386,163 @@
   va_end(vp);
   }
   
  +/* Curse libc and the fact that it doesn't guarantee a stable sort.  We
  + * have to enforce stability ourselves by using the order field.  If it
  + * provided a stable sort then we wouldn't even need temporary storage to
  + * do the work below. -djg
  + *
  + * ("stable sort" means that equal keys retain their original relative
  + * ordering in the output.)
  + */
  +typedef struct {
  +char *key;
  +char *val;
  +int order;
  +} overlap_key;
  +
  +static int sort_overlap(const void *va, const void *vb)
  +{
  +const overlap_key *a = va;
  +const overlap_key *b = vb;
  +int r;
  +
  +r = strcasecmp(a->key, b->key);
  +if (r) {
  + return r;
  +}
  +return a->order - b->order;
  +}
  +
  +/* prefer to use the stack for temp storage for overlaps smaller than this */
  +#ifndef AP_OVERLAP_TABLES_ON_STACK
  +#define AP_OVERLAP_TABLES_ON_STACK   (512)
  +#endif
  +
  +API_EXPORT(void) ap_overlap_tables(table *a, const table *b, unsigned flags)
  +{
  +overlap_key cat_keys_buf[AP_OVERLAP_TABLES_ON_STACK];
  +overlap_key *cat_keys;
  +int nkeys;
  +table_entry *e;
  +table_entry *last_e;
  +overlap_key *left;
  +overlap_key *right;
  +overlap_key *last;
  +
  +nkeys = a->a.nelts + b->a.nelts;
  +if (nkeys < AP_OVERLAP_TABLES_ON_STACK) {
  + cat_keys = cat_keys_buf;
  +}
  +else {
  + /* XXX: could use scratch free space in a or b's pool instead...
  +  * which could save an allocation in b's pool.
  +  */
  + cat_keys = ap_palloc(b->a.pool, sizeof(overlap_key) * nkeys);
  +}
  +
  +nkeys = 0;
  +
  +/* Create a list of the entries from a concatenated with the entries
  + * from b.
  + */
  +e = (table_entry *)a->a.elts;
  +last_e = e + a->a.nelts;
  +while (e < last_e) {
  + cat_keys[nkeys].key = e->key;
  + cat_keys[nkeys].val = e->val;
  + cat_keys[nkeys].order = nkeys;
  + ++nkeys;
  + ++e;
  +}
  +
  +e = (table_entry *)b->a.elts;
  +last_e = e + b->a.nelts;
  +while (e < last_e) {
  + cat_keys[nkeys].key = e->key;
  + cat_keys[nkeys].val = e->val;
  + cat_keys[nkeys].order = nkeys;

cvs commit: apache-1.3 STATUS

1998-08-14 Thread dgaudet

dgaudet 98/08/13 19:54:21

  Modified:.STATUS
  Log:
  note about O(n^2) on win32
  
  Revision  ChangesPath
  1.456 +4 -1  apache-1.3/STATUS
  
  Index: STATUS
  ===
  RCS file: /export/home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.455
  retrieving revision 1.456
  diff -u -r1.455 -r1.456
  --- STATUS1998/08/06 00:53:22 1.455
  +++ STATUS1998/08/14 02:54:20 1.456
  @@ -12,11 +12,14 @@
   
   RELEASE SHOWSTOPPERS:
   
  -WIN32 1.3.1 RELEASE SHOWSTOPPERS:
  +WIN32 1.3.2 RELEASE SHOWSTOPPERS:
   
   * can not build tarball until someone verifies the final code
 will build on win32.  Want to avoid changes-after-tag that 
 happened with 1.3.0.
  +
  +* fix O(n^2) attack in mod_isapi.c ... i.e. recopy the code from
  +  scan_script_headers_err_core.
   
   Documentation that needs writing:

cvs commit: apache-1.3/src CHANGES

1998-08-14 Thread dgaudet

dgaudet 98/08/13 20:00:17

  Modified:src  CHANGES
  Log:
  another helpful pointer
  
  Revision  ChangesPath
  1.1025+1 -1  apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===
  RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1024
  retrieving revision 1.1025
  diff -u -r1.1024 -r1.1025
  --- CHANGES   1998/08/14 02:49:42 1.1024
  +++ CHANGES   1998/08/14 03:00:15 1.1025
  @@ -3,7 +3,7 @@
 *) Split MODULE_MAGIC_NUMBER into _MAJOR/_MINOR numbers. This should
provide a way to trace API changes that add functionality but do
not create a compatibility issue for precompiled modules, etc.
  - [Randy Terbush]
  + See include/ap_mmn.h for more details.  [Randy Terbush]
   
 *) Fix suexec installation under `make install root=xxx' situation.
[Ralf S. Engelschall]

cvs commit: apache-1.3/src/include ap_mmn.h

cvs commit: apache-1.3/src/modules/standard mod_cern_meta.c

cvs commit: apache-1.3 STATUS

cvs commit: apache-1.3/src CHANGES

4 matches

Site Navigation

Mail list logo

Footer information