pool/apache2
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30b44e65be
apache2/httpd-2.4.x-fate317766-config-control-two-protocol-options.diff
Petr Gajdos 1403855591 - update to 2.4.25: fixed several security issues (CVE-2016-8740, 
CVE-2016-5387, CVE-2016-2161, CVE-2016-0736, CVE-2016-8743), many
  fixes and improvements of mod_http2 and other modules; see CHANGES 
  for full change log

OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=494
2017-01-02 10:31:04 +00:00

202 lines
8.2 KiB
Diff
Raw Blame History

From 530b5797af919d6d7ab7d6418d9feeb1abb914ae Mon Sep 17 00:00:00 2001
From: Justin Erenkrantz <jerenkrantz@apache.org>
Date: Mon, 30 Dec 2013 20:01:14 +0000
Subject: [PATCH] Add directives to control two protocol options:
HttpContentLengthHeadZero - allow Content-Length of 0 to be returned on HEAD
HttpExpectStrict - allow admin to control whether we must see "100-continue"
This is helpful when using Ceph's radosgw and httpd.
Inspired by: Yehuda Sadeh <yehuda@inktank.com>
See https://github.com/ceph/apache2/commits/precise
* include/http_core.h
(core_server_config): Add http_cl_head_zero and http_expect_strict fields.
* modules/http/http_filters.c
(ap_http_header_filter): Only clear out the C-L if http_cl_head_zero is not
explictly set.
* server/core.c
(merge_core_server_configs): Add new fields.
(set_cl_head_zero, set_expect_strict): New config helpers.
(HttpContentLengthHeadZero, HttpExpectStrict): Declare new directives.
* server/protocol.c
(ap_read_request): Allow http_expect_strict to control if we return 417.
* include/ap_mmn.h
(MODULE_MAGIC_NUMBER_MAJOR, MODULE_MAGIC_NUMBER_MINOR): Bump.
* CHANGES: Add a brief description.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1554303 13f79535-47bb-0310-9956-ffa450edef68
Conflicts:
CHANGES
include/ap_mmn.h
include/http_core.h
server/core.c
---
CHANGES | 3 +++
include/ap_mmn.h | 4 +++-
include/http_core.h | 9 +++++++++
modules/http/http_filters.c | 10 +++++++++-
server/core.c | 36 ++++++++++++++++++++++++++++++++++++
server/protocol.c | 25 +++++++++++++++++--------
6 files changed, 77 insertions(+), 10 deletions(-)
Index: httpd-2.4.25/modules/http/http_filters.c
===================================================================
--- httpd-2.4.25.orig/modules/http/http_filters.c 2016-12-15 13:18:59.000000000 +0100
+++ httpd-2.4.25/modules/http/http_filters.c 2017-01-02 10:54:37.608517377 +0100
@@ -1260,6 +1260,7 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
const char *ctype;
ap_bucket_error *eb = NULL;
apr_bucket *eos = NULL;
+ core_server_config *conf;
AP_DEBUG_ASSERT(!r->main);
@@ -1441,10 +1442,17 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_
* zero C-L to the client. We can't just remove the C-L filter,
* because well behaved 2.0 handlers will send their data down the stack,
* and we will compute a real C-L for the head request. RBB
+ *
+ * Allow modification of this behavior through the
+ * HttpContentLengthHeadZero directive.
+ *
+ * The default (unset) behavior is to squelch the C-L in this case.
*/
+ conf = ap_get_core_module_config(r->server->module_config);
if (r->header_only
&& (clheader = apr_table_get(r->headers_out, "Content-Length"))
- && !strcmp(clheader, "0")) {
+ && !strcmp(clheader, "0")
+ && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
apr_table_unset(r->headers_out, "Content-Length");
}
Index: httpd-2.4.25/server/core.c
===================================================================
--- httpd-2.4.25.orig/server/core.c 2016-12-05 15:34:29.000000000 +0100
+++ httpd-2.4.25/server/core.c 2017-01-02 10:54:37.608517377 +0100
@@ -528,6 +528,12 @@ static void *merge_core_server_configs(a
if (virt->http_methods != AP_HTTP_METHODS_UNSET)
conf->http_methods = virt->http_methods;
+ if (virt->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_UNSET)
+ conf->http_cl_head_zero = virt->http_cl_head_zero;
+
+ if (virt->http_expect_strict != AP_HTTP_EXPECT_STRICT_UNSET)
+ conf->http_expect_strict = virt->http_expect_strict;
+
/* no action for virt->accf_map, not allowed per-vhost */
if (virt->protocol)
@@ -3955,6 +3961,32 @@ static const char *set_http_method(cmd_p
return NULL;
}
+static const char *set_cl_head_zero(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_ENABLE;
+ } else {
+ conf->http_cl_head_zero = AP_HTTP_CL_HEAD_ZERO_DISABLE;
+ }
+ return NULL;
+}
+
+static const char *set_expect_strict(cmd_parms *cmd, void *dummy, int arg)
+{
+ core_server_config *conf =
+ ap_get_core_module_config(cmd->server->module_config);
+
+ if (arg) {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_ENABLE;
+ } else {
+ conf->http_expect_strict = AP_HTTP_EXPECT_STRICT_DISABLE;
+ }
+ return NULL;
+}
+
static apr_hash_t *errorlog_hash;
static int log_constant_item(const ap_errorlog_info *info, const char *arg,
@@ -4474,6 +4506,10 @@ AP_INIT_TAKE1("TraceEnable", set_trace_e
"'on' (default), 'off' or 'extended' to trace request body content"),
AP_INIT_FLAG("MergeTrailers", set_merge_trailers, NULL, RSRC_CONF,
"merge request trailers into request headers or not"),
+AP_INIT_FLAG("HttpContentLengthHeadZero", set_cl_head_zero, NULL, OR_OPTIONS,
+ "whether to permit Content-Length of 0 responses to HEAD requests"),
+AP_INIT_FLAG("HttpExpectStrict", set_expect_strict, NULL, OR_OPTIONS,
+ "whether to return a 417 if a client doesn't send 100-Continue"),
AP_INIT_ITERATE("Protocols", set_protocols, NULL, RSRC_CONF,
"Controls which protocols are allowed"),
AP_INIT_TAKE1("ProtocolsHonorOrder", set_protocols_honor_order, NULL, RSRC_CONF,
Index: httpd-2.4.25/server/protocol.c
===================================================================
--- httpd-2.4.25.orig/server/protocol.c 2016-12-12 16:22:49.000000000 +0100
+++ httpd-2.4.25/server/protocol.c 2017-01-02 10:54:37.608517377 +0100
@@ -1416,14 +1416,23 @@ request_rec *ap_read_request(conn_rec *c
r->expecting_100 = 1;
}
else {
- r->status = HTTP_EXPECTATION_FAILED;
- ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
- "client sent an unrecognized expectation value of "
- "Expect: %s", expect);
- ap_send_error_response(r, 0);
- ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
- ap_run_log_transaction(r);
- goto traceout;
+ core_server_config *conf;
+
+ conf = ap_get_core_module_config(r->server->module_config);
+ if (conf->http_expect_strict != AP_HTTP_EXPECT_STRICT_DISABLE) {
+ r->status = HTTP_EXPECTATION_FAILED;
+ ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(00570)
+ "client sent an unrecognized expectation value "
+ "of Expect: %s", expect);
+ ap_send_error_response(r, 0);
+ ap_update_child_status(conn->sbh, SERVER_BUSY_LOG, r);
+ ap_run_log_transaction(r);
+ goto traceout;
+ } else {
+ ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00570)
+ "client sent an unrecognized expectation value "
+ "of Expect (not fatal): %s", expect);
+ }
}
}
Index: httpd-2.4.25/include/http_core.h
===================================================================
--- httpd-2.4.25.orig/include/http_core.h 2016-12-05 15:34:29.000000000 +0100
+++ httpd-2.4.25/include/http_core.h 2017-01-02 10:55:18.613603512 +0100
@@ -723,6 +723,16 @@ typedef struct {
#define AP_MERGE_TRAILERS_DISABLE 2
int merge_trailers;
+#define AP_HTTP_CL_HEAD_ZERO_UNSET 0
+#define AP_HTTP_CL_HEAD_ZERO_ENABLE 1
+#define AP_HTTP_CL_HEAD_ZERO_DISABLE 2
+ int http_cl_head_zero;
+
+#define AP_HTTP_EXPECT_STRICT_UNSET 0
+#define AP_HTTP_EXPECT_STRICT_ENABLE 1
+#define AP_HTTP_EXPECT_STRICT_DISABLE 2
+ int http_expect_strict;
+
apr_array_header_t *protocols;
int protocols_honor_order;
@@ -762,7 +772,6 @@ apr_status_t ap_core_input_filter(ap_fil
apr_off_t readbytes);
apr_status_t ap_core_output_filter(ap_filter_t *f, apr_bucket_brigade *b);
-
AP_DECLARE(const char*) ap_get_server_protocol(server_rec* s);
AP_DECLARE(void) ap_set_server_protocol(server_rec* s, const char* proto);
Reference in New Issue View Git Blame Copy Permalink