There have been a number of glitches with our canned error message support (ap_send_error_response) which are caused by us trying to use two different request_recs to send them, believe it or not. We get into this situation when an ErrorDocument specifies an internal redirect to a bad URI. Current external symptoms include the wrong Content-Type if the ErrorDocument URI points to a bad CGI, and garbled canned error text on ebcdic boxes due to ascii data being sent thru a charset-lite filter which expects ebcdic input.
When ap_die detects a recursive error caused by an internal redirect to an ErrorDocument, it saves and processes the recursive error status code, backs up to the request_rec for the first error, and passes that to ap_send_error_response. We then initialize this request_rec as appropriate for a canned error message. But just before we start emitting the text of the message, we switch to the newest request_rec by chasing r->next, which gets us out of sync. It looks like this code was added to be compatible with similar code in ap_finalize_request_protocol. I can't tell from the commit logs why the code to chase r->next was added to ap_finalize_request_protocol (rev 1.207 of modules/http/http_protocol.c). It takes away the caller's ability to back out to an earlier request_rec after an internal redirect failure. Is that important? Dunno, but we support in 1.3 and I see no reason to remove that support. It's probably why the r->prev and r->next pointers exist. We need to send the canned error text on the same request_rec that we initialize for that purpose in order to fix the glitches. This patch chooses to consistantly use the request_rec passed into ap_send_error_message to be compatible with 1.3. In order for that to work properly, the filter chains must be updated to point to the earlier request_rec, backing out the changes done by internal_internal_redirect. Comments? Thanks, Greg
Index: modules/http/http_protocol.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v retrieving revision 1.453 diff -u -d -b -r1.453 http_protocol.c --- modules/http/http_protocol.c 8 Aug 2002 20:39:15 -0000 1.453 +++ modules/http/http_protocol.c 12 Aug 2002 13:41:07 -0000 @@ -2301,16 +2301,6 @@ const char *title = status_lines[idx]; const char *h1; - /* XXX This is a major hack that should be fixed cleanly. The - * problem is that we have the information we need in a previous - * request, but the text of the page must be sent down the last - * request_rec's filter stack. rbb - */ - request_rec *rlast = r; - while (rlast->next) { - rlast = rlast->next; - } - /* Accept a status_line set by a module, but only if it begins * with the 3 digit status code */ @@ -2331,24 +2321,24 @@ * so do ebcdic->ascii translation explicitly (if needed) */ - ap_rvputs_proto_in_ascii(rlast, + ap_rvputs_proto_in_ascii(r, DOCTYPE_HTML_2_0 "<html><head>\n<title>", title, "</title>\n</head><body>\n<h1>", h1, "</h1>\n", NULL); - ap_rvputs_proto_in_ascii(rlast, + ap_rvputs_proto_in_ascii(r, get_canned_error_string(status, r, location), NULL); if (recursive_error) { - ap_rvputs_proto_in_ascii(rlast, "<p>Additionally, a ", + ap_rvputs_proto_in_ascii(r, "<p>Additionally, a ", status_lines[ap_index_of_response(recursive_error)], "\nerror was encountered while trying to use an " "ErrorDocument to handle the request.</p>\n", NULL); } - ap_rvputs_proto_in_ascii(rlast, ap_psignature("<hr />\n", r), NULL); - ap_rvputs_proto_in_ascii(rlast, "</body></html>\n", NULL); + ap_rvputs_proto_in_ascii(r, ap_psignature("<hr />\n", r), NULL); + ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL); } ap_finalize_request_protocol(r); } Index: modules/http/http_request.c =================================================================== RCS file: /home/cvs/httpd-2.0/modules/http/http_request.c,v retrieving revision 1.151 diff -u -d -b -r1.151 http_request.c --- modules/http/http_request.c 27 Jun 2002 04:40:47 -0000 1.151 +++ modules/http/http_request.c 12 Aug 2002 13:41:07 -0000 @@ -96,6 +96,23 @@ * Mainline request processing... */ +/* XXX A cleaner and faster way to do this might be to pass the request_rec + * down the filter chain as a parameter. It would need to change for + * subrequest vs. main request filters; perhaps the subrequest filter could + * make the switch. + */ +static void update_r_in_filters(ap_filter_t *f, + request_rec *from, + request_rec *to) +{ + while (f) { + if (f->r == from) { + f->r = to; + } + f = f->next; + } +} + AP_DECLARE(void) ap_die(int type, request_rec *r) { int error_index = ap_index_of_response(type); @@ -124,6 +141,20 @@ while (r_1st_err->prev && (r_1st_err->prev->status != HTTP_OK)) r_1st_err = r_1st_err->prev; /* Get back to original error */ + if (r_1st_err != r) { + /* The recursive error was caused by an ErrorDocument specifying + * an internal redirect to a bad URI. ap_internal_redirect has + * changed the filter chains to point to the ErrorDocument's + * request_rec. Back out those changes so we can safely use the + * original failing request_rec to send the canned error message. + * + * ap_send_error_response gets rid of existing resource filters + * on the output side, so we can skip those. + */ + update_r_in_filters(r_1st_err->proto_output_filters, r, r_1st_err); + update_r_in_filters(r_1st_err->input_filters, r, r_1st_err); + } + custom_response = NULL; /* Do NOT retry the custom thing! */ } @@ -301,7 +332,6 @@ static request_rec *internal_internal_redirect(const char *new_uri, request_rec *r) { int access_status; - ap_filter_t *f; request_rec *new = (request_rec *) apr_pcalloc(r->pool, sizeof(request_rec)); @@ -367,21 +397,8 @@ new->output_filters = new->proto_output_filters; new->input_filters = new->proto_input_filters; - f = new->input_filters; - while (f) { - if (f->r == r) { - f->r = new; - } - f = f->next; - } - - f = new->output_filters; - while (f) { - if (f->r == r) { - f->r = new; - } - f = f->next; - } + update_r_in_filters(new->input_filters, r, new); + update_r_in_filters(new->output_filters, r, new); apr_table_setn(new->subprocess_env, "REDIRECT_STATUS", apr_itoa(r->pool, r->status)); Index: server/protocol.c =================================================================== RCS file: /home/cvs/httpd-2.0/server/protocol.c,v retrieving revision 1.114 diff -u -d -b -r1.114 protocol.c --- server/protocol.c 17 Jul 2002 13:50:26 -0000 1.114 +++ server/protocol.c 12 Aug 2002 13:41:07 -0000 @@ -1101,10 +1101,6 @@ { (void) ap_discard_request_body(r); - while (r->next) { - r = r->next; - } - /* tell the filter chain there is no more content coming */ if (!r->eos_sent) { end_output_stream(r);