cvs commit: apache-1.3/src/os/win32 mod_isapi.c
fielding99/01/08 09:54:44 Modified:src CHANGES src/include ap_compat.h httpd.h util_script.h src/main http_protocol.c http_request.c src/modules/standard mod_asis.c src/os/win32 mod_isapi.c Log: Renamed macros status_drops_connection to ap_status_drops_connection and vestigial scan_script_header to ap_scan_script_header_err, mostly for aesthetic reasons. Reviewed by: Ralf S. Engelschall, Dean Gaudet Revision ChangesPath 1.1207+4 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.1206 retrieving revision 1.1207 diff -u -r1.1206 -r1.1207 --- CHANGES 1999/01/08 08:48:44 1.1206 +++ CHANGES 1999/01/08 17:54:37 1.1207 @@ -1,5 +1,9 @@ Changes with Apache 1.3.4 + *) Renamed macros status_drops_connection to ap_status_drops_connection + and vestigial scan_script_header to ap_scan_script_header_err, + mostly for aesthetic reasons. [Roy Fielding] + *) The query switch httpd -S didn't exit after showing the vhost settings. That was inconsistent with the other query functions. [Martin Kraemer] 1.15 +2 -0 apache-1.3/src/include/ap_compat.h Index: ap_compat.h === RCS file: /home/cvs/apache-1.3/src/include/ap_compat.h,v retrieving revision 1.14 retrieving revision 1.15 diff -u -r1.14 -r1.15 --- ap_compat.h 1998/07/13 11:32:33 1.14 +++ ap_compat.h 1999/01/08 17:54:39 1.15 @@ -325,6 +325,7 @@ #define rvputs ap_rvputs #define rwrite ap_rwrite #define satisfies ap_satisfies +#define scan_script_header(a1,a2) ap_scan_script_header_err(a1,a2,NULL) #define scan_script_header_err ap_scan_script_header_err #define scan_script_header_err_buffap_scan_script_header_err_buff #define scoreboard_fname ap_scoreboard_fname @@ -372,6 +373,7 @@ #define standalone ap_standalone #define start_restart ap_start_restart #define start_shutdown ap_start_shutdown +#define status_drops_connectionap_status_drops_connection #define str_tolowerap_str_tolower #define strcasecmp_match ap_strcasecmp_match #define strcmp_match ap_strcmp_match 1.259 +2 -1 apache-1.3/src/include/httpd.h Index: httpd.h === RCS file: /home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.258 retrieving revision 1.259 diff -u -r1.258 -r1.259 --- httpd.h 1999/01/05 08:17:27 1.258 +++ httpd.h 1999/01/08 17:54:39 1.259 @@ -529,7 +529,8 @@ #define ap_is_HTTP_CLIENT_ERROR(x) (((x) = 400)((x) 500)) #define ap_is_HTTP_SERVER_ERROR(x) (((x) = 500)((x) 600)) -#define status_drops_connection(x) (((x) == HTTP_BAD_REQUEST) || \ +#define ap_status_drops_connection(x) \ + (((x) == HTTP_BAD_REQUEST) || \ ((x) == HTTP_REQUEST_TIME_OUT) || \ ((x) == HTTP_LENGTH_REQUIRED) || \ ((x) == HTTP_REQUEST_ENTITY_TOO_LARGE) || \ 1.36 +0 -1 apache-1.3/src/include/util_script.h Index: util_script.h === RCS file: /home/cvs/apache-1.3/src/include/util_script.h,v retrieving revision 1.35 retrieving revision 1.36 diff -u -r1.35 -r1.36 --- util_script.h 1999/01/01 19:04:42 1.35 +++ util_script.h 1999/01/08 17:54:40 1.36 @@ -74,7 +74,6 @@ API_EXPORT(int) ap_find_path_info(const char *uri, const char *path_info); API_EXPORT(void) ap_add_cgi_vars(request_rec *r); API_EXPORT(void) ap_add_common_vars(request_rec *r); -#define scan_script_header(a1,a2) ap_scan_script_header_err(a1,a2,NULL) API_EXPORT(int) ap_scan_script_header_err(request_rec *r, FILE *f, char *buffer); API_EXPORT(int) ap_scan_script_header_err_buff(request_rec *r, BUFF *f, char *buffer); 1.253 +1 -1 apache-1.3/src/main/http_protocol.c Index: http_protocol.c === RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.252 retrieving revision 1.253 diff -u -r1.252 -r1.253 --- http_protocol.c 1999/01/01 19:04:49 1.252 +++ http_protocol.c 1999/01/08 17:54:41 1.253 @@ -305,7 +305,7 @@ (r-server-keep_alive_timeout
cvs commit: apache-1.3/src/os/win32 mod_isapi.c
dgaudet 98/08/10 09:26:33
Modified:src/os/win32 mod_isapi.c
Log:
another O(n^2) attack
Revision ChangesPath
1.15 +1 -0 apache-1.3/src/os/win32/mod_isapi.c
Index: mod_isapi.c
===
RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- mod_isapi.c 1998/08/06 17:31:34 1.14
+++ mod_isapi.c 1998/08/10 16:26:31 1.15
@@ -365,6 +365,7 @@
return TRUE;
}
+/* XXX: There is an O(n^2) attack possible here. */
BOOL WINAPI ServerSupportFunction (HCONN hConn, DWORD dwHSERequest,
LPVOID lpvBuffer, LPDWORD lpdwSize,
LPDWORD lpdwDataType) {
cvs commit: apache-1.3/src/os/win32 mod_isapi.c
ben 98/06/13 08:23:19 Modified:src CHANGES src/include alloc.h httpd.h util_script.h src/main alloc.c http_config.c http_protocol.c http_request.c util.c util_script.c src/modules/proxy mod_proxy.c mod_proxy.h proxy_cache.c proxy_http.c proxy_util.c src/modules/standard mod_actions.c mod_asis.c mod_autoindex.c mod_cern_meta.c mod_cgi.c mod_imap.c mod_include.c mod_log_config.c mod_mime.c mod_negotiation.c mod_rewrite.c mod_speling.c mod_usertrack.c src/os/win32 mod_isapi.c Log: Constify tables. Revision ChangesPath 1.914 +2 -0 apache-1.3/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v retrieving revision 1.913 retrieving revision 1.914 diff -u -r1.913 -r1.914 --- CHANGES 1998/06/13 12:05:58 1.913 +++ CHANGES 1998/06/13 15:22:46 1.914 @@ -1,5 +1,7 @@ Changes with Apache 1.3.1 + *) Make table elements const. This may prevent obscure errors. [Ben Laurie] + *) Fix parsing of FTP `SIZE' responses in proxy module: The newline was not truncated which forced following HTTP headers to be data in the HTTP reponse. Although the reponse now is copied out from the response buffer 1.60 +1 -1 apache-1.3/src/include/alloc.h Index: alloc.h === RCS file: /export/home/cvs/apache-1.3/src/include/alloc.h,v retrieving revision 1.59 retrieving revision 1.60 diff -u -r1.59 -r1.60 --- alloc.h 1998/05/28 22:09:45 1.59 +++ alloc.h 1998/06/13 15:22:48 1.60 @@ -179,7 +179,7 @@ API_EXPORT(table *) ap_make_table(pool *p, int nelts); API_EXPORT(table *) ap_copy_table(pool *p, const table *); API_EXPORT(void) ap_clear_table(table *); -API_EXPORT(char *) ap_table_get(const table *, const char *); +API_EXPORT(const char *) ap_table_get(const table *, const char *); API_EXPORT(void) ap_table_set(table *, const char *name, const char *val); API_EXPORT(void) ap_table_setn(table *, const char *name, const char *val); API_EXPORT(void) ap_table_merge(table *, const char *name, const char *more_val); 1.224 +7 -7 apache-1.3/src/include/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v retrieving revision 1.223 retrieving revision 1.224 diff -u -r1.223 -r1.224 --- httpd.h 1998/06/10 09:02:02 1.223 +++ httpd.h 1998/06/13 15:22:49 1.224 @@ -600,7 +600,7 @@ int header_only; /* HEAD request, as opposed to GET */ char *protocol; /* Protocol, as given to us, or HTTP/0.9 */ int proto_num; /* Number version of protocol; 1.1 = 1001 */ -char *hostname; /* Host, as set by full URI or Host: */ +const char *hostname;/* Host, as set by full URI or Host: */ time_t request_time; /* When the request started */ @@ -645,7 +645,7 @@ int chunked; /* sending chunked transfer-coding */ int byterange; /* number of byte ranges */ char *boundary; /* multipart/byteranges boundary */ -char *range; /* The Range: header */ +const char *range; /* The Range: header */ long clength;/* The real content length */ long remaining; /* bytes left to read */ @@ -675,11 +675,11 @@ * content_languages MUST be lowercased strings. They may be pointers * to static strings; they should not be modified in place. */ -char *content_type; /* Break these out --- we dispatch on 'em */ -char *handler; /* What we *really* dispatch on */ +const char *content_type;/* Break these out --- we dispatch on 'em */ +const char *handler; /* What we *really* dispatch on */ -char *content_encoding; -char *content_language; /* for back-compat. only -- do not use */ +const char *content_encoding; +const char *content_language;/* for back-compat. only -- do not use */ array_header *content_languages; /* array of (char*) */ int no_cache; @@ -862,7 +862,7 @@ API_EXPORT(char *) ap_getword_conf(pool *p, const char **line); API_EXPORT(char *) ap_getword_conf_nc(pool *p, char **line); -API_EXPORT(char *) ap_get_token(pool *p, char **accept_line, int accept_white); +API_EXPORT(char *) ap_get_token(pool *p, const char **accept_line, int accept_white); API_EXPORT(int) ap_find_token(pool *p, const char *line, const char
cvs commit: apache-1.3/src/os/win32 mod_isapi.c
ben 98/05/09 08:09:31
Modified:src CHANGES
src/os/win32 mod_isapi.c
Log:
Don't force ISAPI headers to finish with \n.
PR: 2060
Submitted by: Jim Patterson [EMAIL PROTECTED], Ben Laurie
Revision ChangesPath
1.839 +6 -0 apache-1.3/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.838
retrieving revision 1.839
diff -u -r1.838 -r1.839
--- CHANGES 1998/05/09 14:27:24 1.838
+++ CHANGES 1998/05/09 15:09:29 1.839
@@ -1,5 +1,11 @@
Changes with Apache 1.3b7
+ *) WIN32: Check for buffer overflows in ap_os_canonical_filename.
+ [Ben Laurie]
+
+ *) WIN32: Don't force ISAPI headers to finish with \n.
+ [Jim Patterson [EMAIL PROTECTED], Ben Laurie] PR#2060
+
*) When opening configuration files (like httpd.conf, htaccess
and htpasswd), Apache will not allow them to be non-/dev/null
device files. This closes a DoS hole. At the same time,
1.11 +19 -1 apache-1.3/src/os/win32/mod_isapi.c
Index: mod_isapi.c
===
RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- mod_isapi.c 1998/04/11 12:01:05 1.10
+++ mod_isapi.c 1998/05/09 15:09:31 1.11
@@ -85,6 +85,10 @@
/* We use the exact same header file as the original */
#include HttpExt.h
+/* Seems IIS does not enforce the requirement for \r\n termination on
HSE_REQ_SEND_RESPONSE_HEADER,
+ define this to conform */
+#define RELAX_HEADER_RULE
+
module isapi_module;
/* Our Connection ID structure */
@@ -421,6 +425,10 @@
char *value, *lf = strchr(data, '\n');
int p;
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+ *lf = '\0';
+#else
if (!lf) { /* Huh? Invalid data, I think */
ap_log_error(APLOG_MARK, APLOG_ERR, r-server,
ISA sent invalid headers: %s, r-filename);
@@ -430,12 +438,16 @@
/* Get rid of \n and \r */
*lf = '\0';
+#endif
p = strlen(data);
if (p 0 data[p-1] == '\r') data[p-1] = '\0';
/* End of headers */
if (*data == '\0') {
- data = lf + 1; /* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (lf)
+#endif
+ data = lf + 1; /* Reset data */
break;
}
@@ -477,6 +489,12 @@
}
/* Reset data */
+#ifdef RELAX_HEADER_RULE
+ if (!lf) {
+ data += p;
+ break;
+ }
+#endif
data = lf + 1;
}
cvs commit: apache-1.3/src/os/win32 mod_isapi.c
dgaudet 98/02/02 23:29:54 Modified:src/os/win32 mod_isapi.c Log: r-finfo.st_mode == 0 should be the first test before using r-finfo in a handler Revision ChangesPath 1.7 +3 -3 apache-1.3/src/os/win32/mod_isapi.c Index: mod_isapi.c === RCS file: /export/home/cvs/apache-1.3/src/os/win32/mod_isapi.c,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- mod_isapi.c 1998/01/07 16:47:08 1.6 +++ mod_isapi.c 1998/02/03 07:29:53 1.7 @@ -129,11 +129,11 @@ if (!(allow_options(r) OPT_EXECCGI)) return FORBIDDEN; -if (S_ISDIR(r-finfo.st_mode)) - return FORBIDDEN; - if (r-finfo.st_mode == 0) return NOT_FOUND; + +if (S_ISDIR(r-finfo.st_mode)) + return FORBIDDEN; /* Load the module */
