cvs commit: apache-1.3/src/modules/standard mod_status.c
fanf00/01/12 07:55:04
Modified:htdocs/manual/mod core.html
src CHANGES
src/include ap_mmn.h scoreboard.h
src/main http_main.c
src/modules/standard mod_status.c
Log:
Revert the scoreboard change because Jim doesn't like it.
Revision ChangesPath
1.161 +1 -1 apache-1.3/htdocs/manual/mod/core.html
Index: core.html
===
RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
retrieving revision 1.160
retrieving revision 1.161
diff -u -r1.160 -r1.161
--- core.html 2000/01/12 01:18:07 1.160
+++ core.html 2000/01/12 15:54:46 1.161
@@ -3146,7 +3146,7 @@
that the client connected to in order to work out self-referential URLs.
This can have adverse performance implications, especially if you use
%V in a CustomLog
-directive or have ExtendedStatus on.
+directive.
Warning: if CGIs make assumptions about the values of
SERVER_NAME they may be broken by this option. The client
1.1497+0 -5 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1496
retrieving revision 1.1497
diff -u -r1.1496 -r1.1497
--- CHANGES 2000/01/12 03:38:14 1.1496
+++ CHANGES 2000/01/12 15:54:51 1.1497
@@ -5,11 +5,6 @@
another 16 seconds beyond the initial SIGTERM waiting period.
[Ed Korthof]
- *) Revert to the 1.3.3 way of getting the server name from the
- scoreboard, with a modification to make it respect the
- UseCanonicalName setting. This makes things work better with
- mass vhosting setups. [Cliff Woolley <[EMAIL PROTECTED]>]
-
*) Add --suexec-umask option to configure, and severity levels
to suexec log messages. Also clarify a couple of those messages,
which were perhaps a bit too cryptic. [Ken Coar] PR#4178
1.43 +2 -4 apache-1.3/src/include/ap_mmn.h
Index: ap_mmn.h
===
RCS file: /home/cvs/apache-1.3/src/include/ap_mmn.h,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- ap_mmn.h 2000/01/12 01:13:06 1.42
+++ ap_mmn.h 2000/01/12 15:54:56 1.43
@@ -226,16 +226,14 @@
*ap_base64encode_len(), ap_base64decode(),
*ap_base64decode_binary(), ap_base64decode_len(),
*ap_pbase64decode(), ap_pbase64encode()
- * (1.3.10-dev)
- * 2112 - put the vhostname back into the scoreboard itself
*/
#define MODULE_MAGIC_COOKIE 0x41503133UL /* "AP13" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 2112
+#define MODULE_MAGIC_NUMBER_MAJOR 19990320
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 6 /* 0...n */
#define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR/* backward
compat */
/* Useful for testing for features. */
1.50 +0 -1 apache-1.3/src/include/scoreboard.h
Index: scoreboard.h
===
RCS file: /home/cvs/apache-1.3/src/include/scoreboard.h,v
retrieving revision 1.49
retrieving revision 1.50
diff -u -r1.49 -r1.50
--- scoreboard.h 2000/01/12 01:13:09 1.49
+++ scoreboard.h 2000/01/12 15:54:56 1.50
@@ -160,7 +160,6 @@
char request[64];/* We just want an idea... */
server_rec *vhostrec;/* What virtual host is being accessed? */
/* SEE ABOVE FOR SAFE USAGE! */
-char vhostname[32]; /* more useful status with mass vhosting */
} short_score;
typedef struct {
1.489 +0 -2 apache-1.3/src/main/http_main.c
Index: http_main.c
===
RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.488
retrieving revision 1.489
diff -u -r1.488 -r1.489
--- http_main.c 2000/01/12 03:38:19 1.488
+++ http_main.c 2000/01/12 15:54:58 1.489
@@ -2256,8 +2256,6 @@
sizeof(ss->request));
}
ss->vhostrec = r->server;
- ap_cpystrn(ss->vhostname, ap_get_server_name(r),
-sizeof(ss->vhostname));
}
}
if (status == SERVER_STARTING && r == NULL) {
1.110 +2 -2 apache-1.3/src/modules/standard/mod_status.c
Index: mod_status.c
===
RCS file: /home/cvs/ap
cvs commit: apache-1.3/src/modules/standard mod_digest.c mod_rewrite.c mod_speling.c
fanf00/01/12 07:23:29
Modified:src/modules/experimental mod_auth_digest.c
src/modules/standard mod_digest.c mod_rewrite.c
mod_speling.c
Log:
Don't convert auth to proxy auth when it shouldn't be.
Revision ChangesPath
1.13 +9 -8 apache-1.3/src/modules/experimental/mod_auth_digest.c
Index: mod_auth_digest.c
===
RCS file: /home/cvs/apache-1.3/src/modules/experimental/mod_auth_digest.c,v
retrieving revision 1.12
retrieving revision 1.13
diff -u -r1.12 -r1.13
--- mod_auth_digest.c 1999/12/09 05:21:00 1.12
+++ mod_auth_digest.c 2000/01/12 15:23:23 1.13
@@ -826,14 +826,14 @@
/* Parse the Authorization header, if it exists */
static int get_digest_rec(request_rec *r, digest_header_rec *resp)
{
-const char *auth_line = ap_table_get(r->headers_in,
- r->proxyreq ? "Proxy-Authorization"
- : "Authorization");
+const char *auth_line;
size_t l;
int vk = 0, vv = 0;
char *key, *value;
-
+auth_line = ap_table_get(r->headers_in,
+ r->proxyreq == STD_PROXY ? "Proxy-Authorization"
+ : "Authorization");
if (!auth_line) {
resp->auth_hdr_sts = NO_HEADER;
return !OK;
@@ -1270,7 +1270,7 @@
* unneccessarily (it's usually > 200 bytes!).
*/
-if (r->proxyreq)
+if (r->proxyreq != NOT_PROXY)
domain = NULL; /* don't send domain for proxy requests */
else if (conf->uri_list)
domain = conf->uri_list;
@@ -1285,7 +1285,8 @@
}
ap_table_mergen(r->err_headers_out,
- r->proxyreq ? "Proxy-Authenticate" : "WWW-Authenticate",
+ r->proxyreq == STD_PROXY ? "Proxy-Authenticate"
+ : "WWW-Authenticate",
ap_psprintf(r->pool, "Digest realm=\"%s\", nonce=\"%s\", "
"algorithm=%s%s%s%s%s",
ap_auth_name(r), nonce, conf->algorithm,
@@ -1986,8 +1987,8 @@
if (ai && ai[0])
ap_table_mergen(r->headers_out,
- r->proxyreq ? "Proxy-Authentication-Info" :
- "Authentication-Info",
+ r->proxyreq == STD_PROXY ? "Proxy-Authentication-Info"
+ : "Authentication-Info",
ai);
return OK;
}
1.43 +4 -3 apache-1.3/src/modules/standard/mod_digest.c
Index: mod_digest.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_digest.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- mod_digest.c 1999/10/21 20:45:24 1.42
+++ mod_digest.c 2000/01/12 15:23:24 1.43
@@ -136,9 +136,7 @@
static int get_digest_rec(request_rec *r, digest_header_rec * response)
{
-const char *auth_line = ap_table_get(r->headers_in,
-r->proxyreq ? "Proxy-Authorization"
-: "Authorization");
+const char *auth_line;
int l;
int s, vk = 0, vv = 0;
const char *t;
@@ -154,6 +152,9 @@
return SERVER_ERROR;
}
+auth_line = ap_table_get(r->headers_in,
+ r->proxyreq == STD_PROXY ? "Proxy-Authorization"
+ : "Authorization");
if (!auth_line) {
ap_note_digest_auth_failure(r);
return AUTH_REQUIRED;
1.154 +2 -2 apache-1.3/src/modules/standard/mod_rewrite.c
Index: mod_rewrite.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v
retrieving revision 1.153
retrieving revision 1.154
diff -u -r1.153 -r1.154
--- mod_rewrite.c 1999/12/04 11:43:17 1.153
+++ mod_rewrite.c 2000/01/12 15:23:25 1.154
@@ -1123,7 +1123,7 @@
}
/* now make sure the request gets handled by the proxy handler */
-r->proxyreq = 1;
+r->proxyreq = STD_PROXY;
r->handler = "proxy-server";
rewritelog(r, 1, "go-ahead with proxy request %s [OK]",
@@ -1387,7 +1387,7 @@
}
cvs commit: apache-1.3/htdocs/manual/mod core.html
fanf00/01/11 17:18:09 Modified:htdocs/manual/mod core.html Log: Be more explicit about the performance of UseCanonicalName DNS after the scoreboard change. Revision ChangesPath 1.160 +3 -0 apache-1.3/htdocs/manual/mod/core.html Index: core.html === RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.159 retrieving revision 1.160 diff -u -r1.159 -r1.160 --- core.html 1999/12/21 07:52:51 1.159 +++ core.html 2000/01/12 01:18:07 1.160 @@ -3144,6 +3144,9 @@ ancient clients that do not provide a Host: header. With this option Apache does a reverse DNS lookup on the server IP address that the client connected to in order to work out self-referential URLs. +This can have adverse performance implications, especially if you use +%V in a CustomLog +directive or have ExtendedStatus on. Warning: if CGIs make assumptions about the values of SERVER_NAME they may be broken by this option. The client
cvs commit: apache-1.3/src CHANGES
fanf00/01/11 17:15:24 Modified:src CHANGES Log: Revert to the 1.3.3 way of getting the server name from the scoreboard, with a modification to make it respect the UseCanonicalName setting. This makes things work better with mass vhosting setups. Submitted by: Cliff Woolley <[EMAIL PROTECTED]> Reviewed by:Tony Finch Revision ChangesPath 1.1495+5 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1494 retrieving revision 1.1495 diff -u -r1.1494 -r1.1495 --- CHANGES 2000/01/11 19:47:50 1.1494 +++ CHANGES 2000/01/12 01:15:20 1.1495 @@ -1,5 +1,10 @@ Changes with Apache 1.3.10 + *) Revert to the 1.3.3 way of getting the server name from the + scoreboard, with a modification to make it respect the + UseCanonicalName setting. This makes things work better with + mass vhosting setups. [Cliff Woolley <[EMAIL PROTECTED]>] + *) Add --suexec-umask option to configure, and severity levels to suexec log messages. Also clarify a couple of those messages, which were perhaps a bit too cryptic. [Ken Coar] PR#4178
cvs commit: apache-1.3/src/modules/standard mod_status.c
fanf00/01/11 17:13:39
Modified:src/include ap_mmn.h scoreboard.h
src/main http_main.c
src/modules/standard mod_status.c
Log:
Revert to the 1.3.3 way of getting the server name from the scoreboard,
with a modification to make it respect the UseCanonicalName setting.
This makes things work better with mass vhosting setups.
Submitted by: Cliff Woolley <[EMAIL PROTECTED]>
Reviewed by: Tony Finch
Revision ChangesPath
1.42 +4 -2 apache-1.3/src/include/ap_mmn.h
Index: ap_mmn.h
===
RCS file: /home/cvs/apache-1.3/src/include/ap_mmn.h,v
retrieving revision 1.41
retrieving revision 1.42
diff -u -r1.41 -r1.42
--- ap_mmn.h 1999/08/14 08:53:48 1.41
+++ ap_mmn.h 2000/01/12 01:13:06 1.42
@@ -226,14 +226,16 @@
*ap_base64encode_len(), ap_base64decode(),
*ap_base64decode_binary(), ap_base64decode_len(),
*ap_pbase64decode(), ap_pbase64encode()
+ * (1.3.10-dev)
+ * 2112 - put the vhostname back into the scoreboard itself
*/
#define MODULE_MAGIC_COOKIE 0x41503133UL /* "AP13" */
#ifndef MODULE_MAGIC_NUMBER_MAJOR
-#define MODULE_MAGIC_NUMBER_MAJOR 19990320
+#define MODULE_MAGIC_NUMBER_MAJOR 2112
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 6 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 0 /* 0...n */
#define MODULE_MAGIC_NUMBER MODULE_MAGIC_NUMBER_MAJOR/* backward
compat */
/* Useful for testing for features. */
1.49 +1 -0 apache-1.3/src/include/scoreboard.h
Index: scoreboard.h
===
RCS file: /home/cvs/apache-1.3/src/include/scoreboard.h,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- scoreboard.h 1999/10/21 20:44:23 1.48
+++ scoreboard.h 2000/01/12 01:13:09 1.49
@@ -160,6 +160,7 @@
char request[64];/* We just want an idea... */
server_rec *vhostrec;/* What virtual host is being accessed? */
/* SEE ABOVE FOR SAFE USAGE! */
+char vhostname[32]; /* more useful status with mass vhosting */
} short_score;
typedef struct {
1.487 +2 -0 apache-1.3/src/main/http_main.c
Index: http_main.c
===
RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.486
retrieving revision 1.487
diff -u -r1.486 -r1.487
--- http_main.c 2000/01/01 17:07:34 1.486
+++ http_main.c 2000/01/12 01:13:23 1.487
@@ -2256,6 +2256,8 @@
sizeof(ss->request));
}
ss->vhostrec = r->server;
+ ap_cpystrn(ss->vhostname, ap_get_server_name(r),
+sizeof(ss->vhostname));
}
}
if (status == SERVER_STARTING && r == NULL) {
1.109 +2 -2 apache-1.3/src/modules/standard/mod_status.c
Index: mod_status.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_status.c,v
retrieving revision 1.108
retrieving revision 1.109
diff -u -r1.108 -r1.109
--- mod_status.c 1999/10/21 20:45:42 1.108
+++ mod_status.c 2000/01/12 01:13:34 1.109
@@ -599,7 +599,7 @@
ap_rprintf(r, " %s {%s} [%s]\n\n",
score_record.client,
ap_escape_html(r->pool, score_record.request),
- vhost ? vhost->server_hostname : "(unavailable)");
+ vhost ? score_record.vhostname : "(unavailable)");
}
else { /* !no_table_report */
if (score_record.status == SERVER_DEAD)
@@ -672,7 +672,7 @@
ap_rprintf(r,
"%s%s%s\n\n",
score_record.client,
- vhost ? vhost->server_hostname : "(unavailable)",
+ vhost ? score_record.vhostname : "(unavailable)",
ap_escape_html(r->pool, score_record.request));
} /* no_table_report */
} /* !short_report */
cvs commit: apache-2.0/src/main http_protocol.c http_vhost.c
fanf99/12/21 03:33:23
Modified:src CHANGES
src/main http_protocol.c http_vhost.c
Log:
Fix the mass vhosting security problem spotted by Lars, as in 1.3
Submitted by: Ben Hyde
Reviewed by: Tony Finch
Revision ChangesPath
1.19 +5 -0 apache-2.0/src/CHANGES
Index: CHANGES
===
RCS file: /home/cvs/apache-2.0/src/CHANGES,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -r1.18 -r1.19
--- CHANGES 1999/12/21 07:54:07 1.18
+++ CHANGES 1999/12/21 11:33:21 1.19
@@ -1,4 +1,9 @@
Changes with Apache 2.0-dev
+
+ *) More rigorous checking of Host: headers to fix security problems
+ with mass name-based virtual hosting (whether using mod_rewrite
+ or mod_vhost_alias).
+ [Ben Hyde, Tony Finch]
*) Add back support for UseCanonicalName in containers.
[Manoj Kasichainula]
1.43 +3 -1 apache-2.0/src/main/http_protocol.c
Index: http_protocol.c
===
RCS file: /home/cvs/apache-2.0/src/main/http_protocol.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- http_protocol.c 1999/12/20 16:38:34 1.42
+++ http_protocol.c 1999/12/21 11:33:22 1.43
@@ -1033,7 +1033,7 @@
r->status = HTTP_OK; /* Until further notice. */
/* update what we think the virtual host is based on the headers we've
- * now read
+ * now read. may update status.
*/
ap_update_vhost_from_headers(r);
@@ -1056,6 +1056,8 @@
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,
"client sent HTTP/1.1 request without hostname "
"(see RFC2068 section 9, and 14.23): %s", r->uri);
+}
+if (r->status != HTTP_OK) {
ap_send_error_response(r, 0);
ap_run_log_transaction(r);
return r;
1.10 +41 -10apache-2.0/src/main/http_vhost.c
Index: http_vhost.c
===
RCS file: /home/cvs/apache-2.0/src/main/http_vhost.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- http_vhost.c 1999/12/15 00:59:56 1.9
+++ http_vhost.c 1999/12/21 11:33:23 1.10
@@ -658,22 +658,51 @@
* run-time vhost matching functions
*/
-/* Remove :port and optionally a single trailing . from the hostname, this
- * canonicalizes it somewhat.
+/* Lowercase and remove any trailing dot and/or :port from the hostname,
+ * and check that it is sane.
*/
static void fix_hostname(request_rec *r)
{
-const char *hostname = r->hostname;
-char *host = ap_getword(r->pool, &hostname, ':');/* get rid of
port */
-size_t l;
-
-/* trim a trailing . */
-l = strlen(host);
-if (l > 0 && host[l-1] == '.') {
-host[l-1] = '\0';
+char *host = ap_palloc(r->pool, strlen(r->hostname) + 1);
+const char *src;
+char *dst;
+
+/* check and copy the host part */
+src = r->hostname;
+dst = host;
+while (*src) {
+ if (!isalnum(*src) && *src != '.' && *src != '-') {
+ if (*src == ':')
+ break;
+ else
+ goto bad;
+ } else {
+ *dst++ = *src++;
+ }
+}
+/* check the port part */
+if (*src++ == ':') {
+ while (*src) {
+ if (!isdigit(*src++)) {
+ goto bad;
+ }
+ }
+}
+/* strip trailing gubbins */
+if (dst > host && dst[-1] == '.') {
+ dst[-1] = '\0';
+} else {
+ dst[0] = '\0';
}
r->hostname = host;
+return;
+
+bad:
+r->status = HTTP_BAD_REQUEST;
+ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "Client sent malformed Host header");
+return;
}
@@ -876,6 +905,8 @@
/* must set this for HTTP/1.1 support */
if (r->hostname || (r->hostname = ap_table_get(r->headers_in, "Host"))) {
fix_hostname(r);
+ if (r->status != HTTP_OK)
+ return;
}
/* check if we tucked away a name_chain */
if (r->connection->vhost_lookup_data) {
cvs commit: apache-1.3/src/modules/standard mod_vhost_alias.c
fanf99/12/20 10:16:55
Modified:src/main http_vhost.c
src/modules/standard mod_vhost_alias.c
Log:
Leave the case-insensitivity stuff as it was before.
Revision ChangesPath
1.17 +1 -1 apache-1.3/src/main/http_vhost.c
Index: http_vhost.c
===
RCS file: /home/cvs/apache-1.3/src/main/http_vhost.c,v
retrieving revision 1.16
retrieving revision 1.17
diff -u -r1.16 -r1.17
--- http_vhost.c 1999/12/20 17:43:37 1.16
+++ http_vhost.c 1999/12/20 18:16:50 1.17
@@ -676,7 +676,7 @@
else
goto bad;
} else {
- *dst++ = tolower(*src++);
+ *dst++ = *src++;
}
}
/* check the port part */
1.5 +3 -2 apache-1.3/src/modules/standard/mod_vhost_alias.c
Index: mod_vhost_alias.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_vhost_alias.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- mod_vhost_alias.c 1999/12/20 17:43:40 1.4
+++ mod_vhost_alias.c 1999/12/20 18:16:54 1.5
@@ -390,8 +390,9 @@
}
}
vhost_alias_checkspace(r, buf, &dest, end - start);
- memcpy(dest, start, end-start);
- dest += end-start;
+ for (p = start; p < end; ++p) {
+ *dest++ = ap_tolower(*p);
+ }
}
*dest = '\0';
/* no double slashes */
cvs commit: apache-1.3/src/modules/standard mod_vhost_alias.c
fanf99/12/20 09:43:41
Modified:src CHANGES
src/main http_protocol.c http_vhost.c
src/modules/standard mod_vhost_alias.c
Log:
A better fix for the mass virtual hosting security problem spotted by Lars.
This solves the problem for mod_rewrite setups as well as mod_vhost_alias.
Submitted by: Ben Hyde
Reviewed by: Tony Finch
Revision ChangesPath
1.1484+5 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1483
retrieving revision 1.1484
diff -u -r1.1483 -r1.1484
--- CHANGES 1999/12/17 22:25:11 1.1483
+++ CHANGES 1999/12/20 17:43:25 1.1484
@@ -1,5 +1,10 @@
Changes with Apache 1.3.10
+ *) More rigorous checking of Host: headers to fix security problems
+ with mass name-based virtual hosting (whether using mod_rewrite
+ or mod_vhost_alias).
+ [Ben Hyde, Tony Finch]
+
*) Updated README.config to reflect current APACI state.
[Brian Slesinsky <[EMAIL PROTECTED]>] PR#5397
1.284 +3 -1 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===
RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.283
retrieving revision 1.284
diff -u -r1.283 -r1.284
--- http_protocol.c 1999/12/09 12:05:03 1.283
+++ http_protocol.c 1999/12/20 17:43:35 1.284
@@ -1045,7 +1045,7 @@
r->status = HTTP_OK; /* Until further notice. */
/* update what we think the virtual host is based on the headers we've
- * now read
+ * now read. may update status.
*/
ap_update_vhost_from_headers(r);
@@ -1068,6 +1068,8 @@
ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
"client sent HTTP/1.1 request without hostname "
"(see RFC2068 section 9, and 14.23): %s", r->uri);
+}
+if (r->status != HTTP_OK) {
ap_send_error_response(r, 0);
ap_log_transaction(r);
return r;
1.16 +41 -10apache-1.3/src/main/http_vhost.c
Index: http_vhost.c
===
RCS file: /home/cvs/apache-1.3/src/main/http_vhost.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- http_vhost.c 1999/01/01 19:04:51 1.15
+++ http_vhost.c 1999/12/20 17:43:37 1.16
@@ -657,22 +657,51 @@
* run-time vhost matching functions
*/
-/* Remove :port and optionally a single trailing . from the hostname, this
- * canonicalizes it somewhat.
+/* Lowercase and remove any trailing dot and/or :port from the hostname,
+ * and check that it is sane.
*/
static void fix_hostname(request_rec *r)
{
-const char *hostname = r->hostname;
-char *host = ap_getword(r->pool, &hostname, ':');/* get rid of
port */
-size_t l;
-
-/* trim a trailing . */
-l = strlen(host);
-if (l > 0 && host[l-1] == '.') {
-host[l-1] = '\0';
+char *host = ap_palloc(r->pool, strlen(r->hostname) + 1);
+const char *src;
+char *dst;
+
+/* check and copy the host part */
+src = r->hostname;
+dst = host;
+while (*src) {
+ if (!isalnum(*src) && *src != '.' && *src != '-') {
+ if (*src == ':')
+ break;
+ else
+ goto bad;
+ } else {
+ *dst++ = tolower(*src++);
+ }
+}
+/* check the port part */
+if (*src++ == ':') {
+ while (*src) {
+ if (!isdigit(*src++)) {
+ goto bad;
+ }
+ }
+}
+/* strip trailing gubbins */
+if (dst > host && dst[-1] == '.') {
+ dst[-1] = '\0';
+} else {
+ dst[0] = '\0';
}
r->hostname = host;
+return;
+
+bad:
+r->status = HTTP_BAD_REQUEST;
+ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "Client sent malformed Host header");
+return;
}
@@ -874,6 +903,8 @@
/* must set this for HTTP/1.1 support */
if (r->hostname || (r->hostname = ap_table_get(r->headers_in, "Host"))) {
fix_hostname(r);
+ if (r->status != HTTP_OK)
+ return;
}
/* check if we tucked away a name_chain */
if (r->connection->vhost_lookup_data) {
1.4 +6 -12 apache-1.3/src/modules/standard/mod_vhost_alias.c
Index: mod_vhost_alias.c
==
cvs commit: apache-1.3 STATUS
fanf99/12/19 21:27:31 Modified:.STATUS Log: too cold to be hacking this late at night, but the Host: header problem is gone Revision ChangesPath 1.773 +1 -4 apache-1.3/STATUS Index: STATUS === RCS file: /home/cvs/apache-1.3/STATUS,v retrieving revision 1.772 retrieving revision 1.773 diff -u -r1.772 -r1.773 --- STATUS1999/12/20 02:11:15 1.772 +++ STATUS1999/12/20 05:27:25 1.773 @@ -1,5 +1,5 @@ 1.3 STATUS: - Last modified at [$Date: 1999/12/20 02:11:15 $] + Last modified at [$Date: 1999/12/20 05:27:25 $] Release: @@ -19,9 +19,6 @@ 2.0 : In pre-alpha development, see apache-2.0 repository RELEASE SHOWSTOPPERS: - -* mod_vhost_alias "Host:" header check - Message-ID: <[EMAIL PROTECTED]> RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
cvs commit: apache-1.3/src/modules/standard mod_vhost_alias.c
fanf99/12/19 21:24:28
Modified:src/modules/standard mod_vhost_alias.c
Log:
Fix for the security problem spotted by Lars Eilebrecht <[EMAIL PROTECTED]>
Revision ChangesPath
1.3 +9 -4 apache-1.3/src/modules/standard/mod_vhost_alias.c
Index: mod_vhost_alias.c
===
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_vhost_alias.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_vhost_alias.c 1999/06/22 15:33:17 1.2
+++ mod_vhost_alias.c 1999/12/20 05:24:22 1.3
@@ -278,8 +278,8 @@
}
}
-static void vhost_alias_interpolate(request_rec *r, const char *name,
- const char *map, const char *uri)
+static int vhost_alias_interpolate(request_rec *r, const char *name,
+const char *map, const char *uri)
{
/* 0..9 9..0 */
enum { MAXDOTS = 19 };
@@ -391,6 +391,8 @@
}
vhost_alias_checkspace(r, buf, &dest, end - start);
for (p = start; p < end; ++p) {
+ if (!isalnum(*p) && *p != '-' && *p != '.')
+ return HTTP_BAD_REQUEST;
*dest++ = ap_tolower(*p);
}
}
@@ -405,6 +407,7 @@
else {
r->filename = ap_pstrcat(r->pool, buf, uri, NULL);
}
+return OK;
}
static int mva_translate(request_rec *r)
@@ -412,7 +415,7 @@
mva_sconf_t *conf;
const char *name, *map, *uri;
mva_mode_e mode;
-int cgi;
+int cgi, bad;
conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
&vhost_alias_module);
@@ -446,7 +449,9 @@
return DECLINED;
}
-vhost_alias_interpolate(r, name, map, uri);
+bad = vhost_alias_interpolate(r, name, map, uri);
+if (bad != OK)
+ return bad;
if (cgi) {
/* see is_scriptaliased() in mod_cgi */
cvs commit: apache-devsite devnotes.html
fanf99/12/14 09:46:15 Modified:.devnotes.html Log: the agent may have more than one key Revision ChangesPath 1.14 +1 -1 apache-devsite/devnotes.html Index: devnotes.html === RCS file: /home/cvs/apache-devsite/devnotes.html,v retrieving revision 1.13 retrieving revision 1.14 diff -u -r1.13 -r1.14 --- devnotes.html 1999/12/14 17:45:17 1.13 +++ devnotes.html 1999/12/14 17:46:15 1.14 @@ -225,7 +225,7 @@ without having to enter a password for each CVS operation. Use ssh-add and enter your passphrase once when you start a session, and ssh-add -D at the end of the session to -delete your unencrypted key from the agent. +delete your unencrypted key(s) from the agent.
cvs commit: apache-devsite devnotes.html
fanf99/12/14 09:45:17 Modified:.devnotes.html Log: One of my colleages noted that this page recommends using unencrypted ssh keys. It's better to use the ssh-agent. Submitted by: Mike Bristow <[EMAIL PROTECTED]> Revision ChangesPath 1.13 +6 -5 apache-devsite/devnotes.html Index: devnotes.html === RCS file: /home/cvs/apache-devsite/devnotes.html,v retrieving revision 1.12 retrieving revision 1.13 diff -u -r1.12 -r1.13 --- devnotes.html 1999/10/12 21:47:08 1.12 +++ devnotes.html 1999/12/14 17:45:17 1.13 @@ -220,11 +220,12 @@ On your local system generate your SSH public key file ~/.ssh/identity.pub via ssh-keygen and then put -it in ~/.ssh/authorized_keys on the repository system. This -will allow you to access the repository without having to enter a password -for each CVS operation. But make sure that you didn't enter a passphrase -when running ssh-keygen or you need to enter that one -instead of the password (which would be no gain). +it in ~/.ssh/authorized_keys on the repository system. If you +use the ssh-agent this will allow you to access the repository +without having to enter a password for each CVS operation. Use +ssh-add and enter your passphrase once when you start a +session, and ssh-add -D at the end of the session to +delete your unencrypted key from the agent.
cvs commit: apache-1.3/htdocs/manual/mod core.html
fanf99/11/16 04:16:21 Modified:htdocs/manual/mod core.html Log: explain how ServerName interacts with NameVirtualHost better Revision ChangesPath 1.156 +13 -3 apache-1.3/htdocs/manual/mod/core.html Index: core.html === RCS file: /home/cvs/apache-1.3/htdocs/manual/mod/core.html,v retrieving revision 1.155 retrieving revision 1.156 diff -u -r1.155 -r1.156 --- core.html 1999/08/15 06:55:48 1.155 +++ core.html 1999/11/16 12:16:20 1.156 @@ -2768,16 +2768,26 @@ REL="Help" >Status: core -The ServerName directive sets the hostname of the server; this is only +The ServerName directive sets the hostname of the server; this is used when creating redirection URLs. If it is not specified, then the server attempts to deduce it from its own IP address; however this may not work reliably, or may not return the preferred hostname. For example: -ServerName www.wibble.com +ServerName www.example.com would be used if the canonical (main) name of the actual machine -were monster.wibble.com. +were simple.example.com. + +If you are using name-based +virtual hosts, the ServerName inside a +<VirtualHost> +section specifies what hostname must appear in the request's +Host: header to match this virtual host. + See Also: DNS Issues +Apache virtual host documentation UseCanonicalName +NameVirtualHost +ServerAlias
cvs commit: apache-1.3/htdocs/manual/misc security_tips.html
fanf99/11/14 14:22:38 Modified:htdocs/manual/misc security_tips.html Log: remove a superfluous tag that I just spotted Revision ChangesPath 1.21 +0 -1 apache-1.3/htdocs/manual/misc/security_tips.html Index: security_tips.html === RCS file: /home/cvs/apache-1.3/htdocs/manual/misc/security_tips.html,v retrieving revision 1.20 retrieving revision 1.21 diff -u -r1.20 -r1.21 --- security_tips.html1999/01/28 18:22:03 1.20 +++ security_tips.html1999/11/14 22:22:38 1.21 @@ -225,7 +225,6 @@ know. -
cvs commit: apache-1.3/htdocs index.html.en
fanf99/11/02 04:18:18 Modified:htdocs index.html.en Log: link directly to the http server project home page rather than the ASF homepage because that's what the surrounding text refers to. Revision ChangesPath 1.3 +1 -1 apache-1.3/htdocs/index.html.en Index: index.html.en === RCS file: /home/cvs/apache-1.3/htdocs/index.html.en,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- index.html.en 1999/11/01 21:48:49 1.2 +++ index.html.en 1999/11/02 12:18:17 1.3 @@ -14,7 +14,7 @@ -If you can see this, it means that the installation of the http://www.apache.org/";>Apache web server software on this system was successful. You may now add content to this directory and replace this page. +If you can see this, it means that the installation of the http://www.apache.org/httpd";>Apache web server software on this system was successful. You may now add content to this directory and replace this page.
cvs commit: apache-1.3/htdocs/manual index.html
fanf99/11/01 07:01:41 Modified:htdocs/manual index.html Log: I had to chase too many links to find the content negotiation docs just now so this'll make it easier to get to. Revision ChangesPath 1.29 +1 -0 apache-1.3/htdocs/manual/index.html Index: index.html === RCS file: /home/cvs/apache-1.3/htdocs/manual/index.html,v retrieving revision 1.28 retrieving revision 1.29 diff -u -r1.28 -r1.29 --- index.html1999/03/01 02:45:56 1.28 +++ index.html1999/11/01 15:01:40 1.29 @@ -37,6 +37,7 @@ Virtual Hosts Dynamic Shared Object (DSO) support Handlers +Content negotiation Special purpose environment variables The Apache API Using SetUserID Execution for CGI
cvs commit: apache-2.0/conf mime.types
fanf99/10/28 07:09:14 Modified:conf mime.types Log: Include all the registered media types as of today. Revision ChangesPath 1.2 +97 -0 apache-2.0/conf/mime.types Index: mime.types === RCS file: /home/cvs/apache-2.0/conf/mime.types,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- mime.types1999/08/24 05:33:46 1.1 +++ mime.types1999/10/28 14:09:12 1.2 @@ -16,22 +16,33 @@ application/andrew-inset ez application/applefile application/atomicmail +application/batch-smtp application/cals-1840 application/commonground application/cybercash application/dca-rft application/dec-dx application/eshop +application/http application/hyperstudio application/iges +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/ipp application/mac-binhex40 hqx application/mac-compactpro cpt application/macwriteii application/marc application/mathematica +application/mathematica-old application/msword doc application/news-message-id application/news-transmission +application/ocsp-request +application/ocsp-response application/octet-stream bin dms lha lzh exe class application/oda oda application/pdf pdf @@ -41,6 +52,9 @@ application/pkcs10 application/pkcs7-mime application/pkcs7-signature +application/pkix-cert +application/pkix-crl +application/pkixcmp application/postscript ai eps ps application/prs.alvestrand.titrax-sheet application/prs.cww @@ -48,6 +62,7 @@ application/remote-printing application/riscos application/rtf rtf +application/sdp application/set-payment application/set-payment-initiation application/set-registration @@ -59,14 +74,24 @@ application/vemmi application/vnd.3M.Post-it-Notes application/vnd.FloGraphIt +application/vnd.accpac.simply.aso +application/vnd.accpac.simply.imp application/vnd.acucobol application/vnd.anser-web-certificate-issue-initiation application/vnd.anser-web-funds-transfer-initiation application/vnd.audiograph application/vnd.businessobjects application/vnd.claymore +application/vnd.commerce-battelle +application/vnd.commonspace application/vnd.comsocaller +application/vnd.cosmocaller +application/vnd.cups-postscript +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.cybank application/vnd.dna +application/vnd.dpgraph application/vnd.dxr application/vnd.ecdis-update application/vnd.ecowin.chart @@ -76,7 +101,10 @@ application/vnd.ecowin.seriesrequest application/vnd.ecowin.seriesupdate application/vnd.enliven +application/vnd.epson.msf +application/vnd.epson.quickanime application/vnd.epson.salt +application/vnd.epson.ssf application/vnd.fdf application/vnd.ffsns application/vnd.framemaker @@ -86,15 +114,19 @@ application/vnd.fujitsu.oasysgp application/vnd.fujitsu.oasysprs application/vnd.fujixerox.docuworks +application/vnd.fut-misnet application/vnd.hp-HPGL application/vnd.hp-PCL application/vnd.hp-PCLXL +application/vnd.hp-hpid application/vnd.hp-hps application/vnd.ibm.MiniPay application/vnd.ibm.modcap application/vnd.intercon.formnet application/vnd.intertrust.digibox application/vnd.intertrust.nncp +application/vnd.intu.qbo +application/vnd.intu.qfx application/vnd.is-xpr application/vnd.japannet-directory-service application/vnd.japannet-jpnstore-wakeup @@ -108,13 +140,27 @@ application/vnd.lotus-1-2-3 application/vnd.lotus-approach application/vnd.lotus-freelance +application/vnd.lotus-notes application/vnd.lotus-organizer application/vnd.lotus-screencam application/vnd.lotus-wordpro +application/vnd.mediastation.cdkey application/vnd.meridian-slingshot application/vnd.mif mif application/vnd.minisoft-hp3000-save application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf +application/vnd.mobius.dis +application/vnd.mobius.msl +application/vnd.mobius.plc +application/vnd.mobius.txf +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem application/vnd.ms-artgalry application/vnd.ms-asf application/vnd.ms-excel xls @@ -132,22 +178,51 @@ application/vnd.novadigm.EDX application/vnd.novadigm.EXT application/vnd.osa.netdeploy +application/vnd.pg.format +application/vnd.pg.osasli application
cvs commit: apache-1.3/conf mime.types
fanf99/10/28 07:04:50 Modified:conf mime.types Log: Revision ChangesPath 1.25 +97 -0 apache-1.3/conf/mime.types Index: mime.types === RCS file: /home/cvs/apache-1.3/conf/mime.types,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- mime.types1999/04/20 23:19:33 1.24 +++ mime.types1999/10/28 14:04:49 1.25 @@ -16,22 +16,33 @@ application/andrew-inset ez application/applefile application/atomicmail +application/batch-smtp application/cals-1840 application/commonground application/cybercash application/dca-rft application/dec-dx application/eshop +application/http application/hyperstudio application/iges +application/index +application/index.cmd +application/index.obj +application/index.response +application/index.vnd +application/ipp application/mac-binhex40 hqx application/mac-compactpro cpt application/macwriteii application/marc application/mathematica +application/mathematica-old application/msword doc application/news-message-id application/news-transmission +application/ocsp-request +application/ocsp-response application/octet-stream bin dms lha lzh exe class application/oda oda application/pdf pdf @@ -41,6 +52,9 @@ application/pkcs10 application/pkcs7-mime application/pkcs7-signature +application/pkix-cert +application/pkix-crl +application/pkixcmp application/postscript ai eps ps application/prs.alvestrand.titrax-sheet application/prs.cww @@ -48,6 +62,7 @@ application/remote-printing application/riscos application/rtf rtf +application/sdp application/set-payment application/set-payment-initiation application/set-registration @@ -59,14 +74,24 @@ application/vemmi application/vnd.3M.Post-it-Notes application/vnd.FloGraphIt +application/vnd.accpac.simply.aso +application/vnd.accpac.simply.imp application/vnd.acucobol application/vnd.anser-web-certificate-issue-initiation application/vnd.anser-web-funds-transfer-initiation application/vnd.audiograph application/vnd.businessobjects application/vnd.claymore +application/vnd.commerce-battelle +application/vnd.commonspace application/vnd.comsocaller +application/vnd.cosmocaller +application/vnd.cups-postscript +application/vnd.cups-raster +application/vnd.cups-raw +application/vnd.cybank application/vnd.dna +application/vnd.dpgraph application/vnd.dxr application/vnd.ecdis-update application/vnd.ecowin.chart @@ -76,7 +101,10 @@ application/vnd.ecowin.seriesrequest application/vnd.ecowin.seriesupdate application/vnd.enliven +application/vnd.epson.msf +application/vnd.epson.quickanime application/vnd.epson.salt +application/vnd.epson.ssf application/vnd.fdf application/vnd.ffsns application/vnd.framemaker @@ -86,15 +114,19 @@ application/vnd.fujitsu.oasysgp application/vnd.fujitsu.oasysprs application/vnd.fujixerox.docuworks +application/vnd.fut-misnet application/vnd.hp-HPGL application/vnd.hp-PCL application/vnd.hp-PCLXL +application/vnd.hp-hpid application/vnd.hp-hps application/vnd.ibm.MiniPay application/vnd.ibm.modcap application/vnd.intercon.formnet application/vnd.intertrust.digibox application/vnd.intertrust.nncp +application/vnd.intu.qbo +application/vnd.intu.qfx application/vnd.is-xpr application/vnd.japannet-directory-service application/vnd.japannet-jpnstore-wakeup @@ -108,13 +140,27 @@ application/vnd.lotus-1-2-3 application/vnd.lotus-approach application/vnd.lotus-freelance +application/vnd.lotus-notes application/vnd.lotus-organizer application/vnd.lotus-screencam application/vnd.lotus-wordpro +application/vnd.mediastation.cdkey application/vnd.meridian-slingshot application/vnd.mif mif application/vnd.minisoft-hp3000-save application/vnd.mitsubishi.misty-guard.trustweb +application/vnd.mobius.daf +application/vnd.mobius.dis +application/vnd.mobius.msl +application/vnd.mobius.plc +application/vnd.mobius.txf +application/vnd.motorola.flexsuite +application/vnd.motorola.flexsuite.adsi +application/vnd.motorola.flexsuite.fis +application/vnd.motorola.flexsuite.gotap +application/vnd.motorola.flexsuite.kmr +application/vnd.motorola.flexsuite.ttc +application/vnd.motorola.flexsuite.wem application/vnd.ms-artgalry application/vnd.ms-asf application/vnd.ms-excel xls @@ -132,22 +178,51 @@ application/vnd.novadigm.EDX application/vnd.novadigm.EXT application/vnd.osa.netdeploy +application/vnd.pg.format +application/vnd.pg.osasli application/vnd.powerbuilder6 application/vnd.powerbuilder6-s
cvs commit: apache-site/contributors index.html
fanf99/10/28 06:18:31 Modified:contributors index.html Log: Actually, make that a mailto: link Revision ChangesPath 1.81 +1 -1 apache-site/contributors/index.html Index: index.html === RCS file: /home/cvs/apache-site/contributors/index.html,v retrieving revision 1.80 retrieving revision 1.81 diff -u -r1.80 -r1.81 --- index.html1999/10/28 13:09:45 1.80 +++ index.html1999/10/28 13:18:29 1.81 @@ -288,7 +288,7 @@ Name: Tony Finch -Email: [EMAIL PROTECTED] +Email: mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED] URL: http://www.inch.demon.co.uk/";> http://www.inch.demon.co.uk/ Organization: Demon Internet Ltd
cvs commit: apache-site/contributors index.html
fanf99/10/28 06:09:45 Modified:contributors index.html Log: Add my details Revision ChangesPath 1.80 +13 -1 apache-site/contributors/index.html Index: index.html === RCS file: /home/cvs/apache-site/contributors/index.html,v retrieving revision 1.79 retrieving revision 1.80 diff -u -r1.79 -r1.80 --- index.html1999/10/26 01:29:24 1.79 +++ index.html1999/10/28 13:09:45 1.80 @@ -50,7 +50,8 @@ Roy T. Fielding Standards Cop. - Tony Finch + Tony Finch + Mass virtual hosting Dean Gaudet Performance freak. @@ -283,6 +284,17 @@ conforms to those worth conforming to. On a good day, he'll even test the code, dabble in software engineering practice, submit a few patches, and squeeze out an agenda. + + + +Name: Tony Finch +Email: [EMAIL PROTECTED] +URL: http://www.inch.demon.co.uk/";> + http://www.inch.demon.co.uk/ +Organization: Demon Internet Ltd +Occupation: Computer programmer +Location: London +Contributions: Simplified mass virtual hosting
