Re: [A-T] adjusting APACHE and APXS env vars

2004-01-03 Thread Geoffrey Young 


Stas Bekman wrote:
 Moreover the prefix
 ideally should be: APACHE_TEST_ and not APACHE_, since we already have a
 bunch of env vars which start with APACHE_TEST_

 Though I'm in favor to just drop them, making
 everybody move to the better API.

+1

--Geoff

Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c

2004-01-03 Thread Ben Laurie 
[EMAIL PROTECTED] wrote:

nd  2004/01/02 15:35:59

  Modified:modules/loggers mod_log_forensic.c
  Log:
  prevent module from segfaulting when not configured.
Ooops, forgot to bring that forward from 1.3. Thanks.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

Re: cvs commit: httpd-2.0/server gen_test_char.c

2004-01-03 Thread Joe Orton 
On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote:
 ben 2004/01/03 08:31:32
 
   Modified:server   gen_test_char.c
   Log:
   Make forensic logging safe for POST data. The issue with strchr and NUL is
   a red herring.

I don't think this is a safe change: 0 is now flagged with
T_ESCAPE_FORENSIC|T_ESCAPE_LOGITEM|T_HTTP_TOKEN_STOP|T_ESCAPE_SHELL_CMD.  
At least ap_find_token() assumes that 0 is not flagged with
T_HTTP_TOKEN_STOP.

   
   Revision  ChangesPath
   1.19  +3 -7  httpd-2.0/server/gen_test_char.c
   
   Index: gen_test_char.c
   ===
   RCS file: /home/cvs/httpd-2.0/server/gen_test_char.c,v
   retrieving revision 1.18
   retrieving revision 1.19
   diff -u -r1.18 -r1.19
   --- gen_test_char.c 3 Jan 2004 15:33:41 -   1.18
   +++ gen_test_char.c 3 Jan 2004 16:31:32 -   1.19
   @@ -90,8 +90,7 @@
   #define T_ESCAPE_LOGITEM   (%u)\n
   #define T_ESCAPE_FORENSIC  (%u)\n
   \n
   -   static const unsigned char test_char_table[256] = {\n
   -   0,,
   +   static const unsigned char test_char_table[256] = {,
   T_ESCAPE_SHELL_CMD,
   T_ESCAPE_PATH_SEGMENT,
   T_OS_ESCAPE_PATH,
   @@ -99,10 +98,7 @@
   T_ESCAPE_LOGITEM,
   T_ESCAPE_FORENSIC);

   -/* we explicitly dealt with NUL above
   - * in case some strchr() do bogosity with it */
   -
   -for (c = 1; c  256; ++c) {
   +for (c = 0; c  256; ++c) {
flags = 0;
if (c % 20 == 0)
printf(\n);
   @@ -154,7 +150,7 @@
 * :, | (used as delimiters) and % (used for escaping).
 */
if (!apr_isprint(c) || c == ':' || c == '|' || c == '%'
   -|| apr_iscntrl(c)) {
   +|| apr_iscntrl(c) || !c) {
flags |= T_ESCAPE_FORENSIC;
}

Re: cvs commit: httpd-2.0/server gen_test_char.c

2004-01-03 Thread Ben Laurie 
Joe Orton wrote:

On Sat, Jan 03, 2004 at 04:31:32PM -, [EMAIL PROTECTED] wrote:

ben 2004/01/03 08:31:32

 Modified:server   gen_test_char.c
 Log:
 Make forensic logging safe for POST data. The issue with strchr and NUL is
 a red herring.


I don't think this is a safe change: 0 is now flagged with
T_ESCAPE_FORENSIC|T_ESCAPE_LOGITEM|T_HTTP_TOKEN_STOP|T_ESCAPE_SHELL_CMD.  
At least ap_find_token() assumes that 0 is not flagged with
T_HTTP_TOKEN_STOP.
I shall fix it.

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

Trouble compiling 2.x on Win32 / missing os.h

2004-01-03 Thread Andr Malo 
For some reason, VC6/SP5 exported makefiles don't copy os.h into the include
directory. Any idea, someone?

Thanks, nd

Copyrights

2004-01-03 Thread William A. Rowe, Jr. 
At 06:32 AM 1/2/2004, you wrote:
[EMAIL PROTECTED] wrote:
  update license to 2004.

Why? Unless the file changes in 2004, the copyright doesn't. And, in any case, the 
earliest date applies, so it gets us nowhere.

In fairness this has been Roy's practice, so let's not beat on Andre.  Roy's logic
is that this is a single work.  If someone obtains a new tarball in 2004, all of the
files will be marked with 2004, as some changes will have (undoubtedly) been 
made.  Old tarballs of the combined work retain their old copyright dates.

One copyright file isn't sufficient, each document must be copyrighted.  The
License itself will become a single, common document (not repeated in each
file) as of the next ASL 2.0, if I understand right, and mentioned by reference
in each individual file.  But copyrights will be perpetually updated, each file
is both separately copyrighted, as well as the combined work as a whole.

I think that covers most comments on this thread.

Bill

Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c

2004-01-03 Thread Brad Nicholes 
   Since the test_char.h header file is not located in the same place on
the NetWare build as it is for Linux, the path can not be hardcoded. 
This may break the build of mod_log_forensic on Linux until the path is
added to the INCLUDE path.  Since I am not sure where this should be
added on Linux, could somebody that knows more about the Linux makefiles
than I do, make this change?

Thanks,
Brad 

Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

 [EMAIL PROTECTED] Saturday, January 03, 2004 12:18:54 PM 
bnicholes2004/01/03 11:18:53

  Modified:modules/loggers mod_log_forensic.c
  Log:
  Don't hardcode the location of the test_char.h header.  The path
should be added to the INCLUDE path.  Also, use the apr_uint32_t type
for next_id which is compatible with the apr_atomic functions.
  
  Revision  ChangesPath
  1.7   +2 -2  httpd-2.0/modules/loggers/mod_log_forensic.c
  
  Index: mod_log_forensic.c
  ===
  RCS file: /home/cvs/httpd-2.0/modules/loggers/mod_log_forensic.c,v
  retrieving revision 1.6
  retrieving revision 1.7
  diff -u -r1.6 -r1.7
  --- mod_log_forensic.c3 Jan 2004 16:02:15 -   1.6
  +++ mod_log_forensic.c3 Jan 2004 19:18:53 -   1.7
  @@ -75,7 +75,7 @@
   #include apr_atomic.h
   #include unistd.h
   #include http_protocol.h
  -#include ../../server/test_char.h
  +#include test_char.h
   
   module AP_MODULE_DECLARE_DATA log_forensic_module;
   
  @@ -84,7 +84,7 @@
   apr_file_t *fd;
   } fcfg;
   
  -static int next_id;
  +static apr_uint32_t next_id;
   
   static void *make_forensic_log_scfg(apr_pool_t *p, server_rec *s)
   {

Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c

2004-01-03 Thread Ben Laurie 
[EMAIL PROTECTED] wrote:
bnicholes2004/01/03 11:18:53

  Modified:modules/loggers mod_log_forensic.c
  Log:
  Don't hardcode the location of the test_char.h header.  The path should be added to 
the INCLUDE path.
This patch is broken. Don't make me reverse it.

--
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/
There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

Re: cvs commit: httpd-2.0/modules/loggers mod_log_forensic.c

2004-01-03 Thread Brad Nicholes 
  Broken??? jorton already fixed up the INCLUDE path.

Brad

jorton  2004/01/03 12:15:59

  Modified:modules/loggers config.m4
  Log:
  * modules/loggers/config.m4: Add 'server' directory to include path
if
  mod_log_forensic is enabled.
  
  Revision  ChangesPath
  1.8   +5 -0  httpd-2.0/modules/loggers/config.m4
  
  Index: config.m4
  ===
  RCS file: /home/cvs/httpd-2.0/modules/loggers/config.m4,v
  retrieving revision 1.7
  retrieving revision 1.8
  diff -b -d -u -r1.7 -r1.8
  --- config.m41 Jan 2004 15:39:30 -   1.7
  +++ config.m43 Jan 2004 20:15:59 -   1.8
  @@ -7,6 +7,11 @@
   APACHE_MODULE(log_config, logging configuration, , , yes)
   APACHE_MODULE(log_forensic, forensic logging)
   
  +if test $enable_log_forensic != no; then
  +# mod_log_forensic needs test_char.h
  +APR_ADDTO(INCLUDES, [-I\$(top_builddir)/server])
  +fi   
  +
   APACHE_MODULE(logio, input and output logging, , , most)
   
   APACHE_MODPATH_FINISH
  


Brad Nicholes
Senior Software Engineer
Novell, Inc., the leading provider of Net business solutions
http://www.novell.com 

 [EMAIL PROTECTED] Saturday, January 03, 2004 2:11:55 PM 
[EMAIL PROTECTED] wrote:
 bnicholes2004/01/03 11:18:53
 
   Modified:modules/loggers mod_log_forensic.c
   Log:
   Don't hardcode the location of the test_char.h header.  The path
should be added to the INCLUDE path.

This patch is broken. Don't make me reverse it.

-- 
http://www.apache-ssl.org/ben.html   http://www.thebunker.net/ 

There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit. - Robert Woodruff

httpd-pop3 buffer overflow bug

2004-01-03 Thread Edward Rudd 
I have found a major buffer overflow bug... I found this while working on
my ftp module for apache 2.0.. http://outoforder.cc/projects/apache/
 which was initially based off of the structure of httpd-pop3.

the issue is ap_getword_white_nc moves the pointer in buffer up by the
number of characters that were extracted and copied in the the allocated
return value (on line 135, command). after a number of iterations through
the main while(1) loop, buffer gets continually incremented well beyond
the initial 255 characters that were originally allocated to it, and
starts overwriting other elements allocated afterward by r-pool.

This is my solution to fixing the problem..

Here is the patch..
--- pop_protocol.c.bak  Tue Nov  4 15:08:10 2003
+++ pop_protocol.c  Sat Jan  3 20:27:35 2004
@@ -110,7 +110,8 @@

 int process_pop_connection_internal(request_rec *r, apr_bucket_brigade *bb)
 {
-char *buffer = apr_palloc(r-pool, POP_STRING_LENGTH);
+char command_buffer[POP_STRING_LENGTH];
+char *buffer;
 char *command;
 int invalid_cmd = 0;
 apr_size_t len;
@@ -124,7 +125,7 @@

 while (1) {
 int res;
-
+   buffer = command_buffer;
 if ((invalid_cmd  MAX_INVALID_CMD) ||
 ap_rgetline(buffer, POP_STRING_LENGTH, len, r, 0, bb) != APR_SUCCESS)
 {