This patch breaks the proxy. Specifically, anyone who uses ap_proxy_make_fake_req(). Get a seg fault in ap_get_limit_req_body because r->per_dir_config is NULL. I'll spend some time on this tomorrow unless someone wants to jump on it tonight.
Bill ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, January 02, 2002 2:56 AM Subject: cvs commit: httpd-2.0/server core.c > jerenkrantz 02/01/01 23:56:25 > > Modified: . CHANGES > include http_core.h > modules/http http_protocol.c > server core.c > Log: > Fix LimitRequestBody directive by moving the relevant code from > ap_*_client_block to ap_http_filter (aka HTTP_IN). This is the > only appropriate place for limit checking to occur (otherwise, > chunked input is not correctly limited). > > Also changed the type of limit_req_body to apr_off_t to match the > other types inside of HTTP_IN. Also made the strtol call for > limit_req_body a bit more robust. > > Revision Changes Path > 1.499 +4 -0 httpd-2.0/CHANGES > > Index: CHANGES > =================================================================== > RCS file: /home/cvs/httpd-2.0/CHANGES,v > retrieving revision 1.498 > retrieving revision 1.499 > diff -u -r1.498 -r1.499 > --- CHANGES 31 Dec 2001 21:03:12 -0000 1.498 > +++ CHANGES 2 Jan 2002 07:56:24 -0000 1.499 > @@ -1,4 +1,8 @@ > Changes with Apache 2.0.30-dev > + > + *) Fix LimitRequestBody directive by placing it in the HTTP > + filter. [Justin Erenkrantz] > + > *) Fix mod_proxy seg fault when the proxied server returns > an HTTP/0.9 response or a bogus status line. > [Adam Sussman] > > > > 1.58 +3 -3 httpd-2.0/include/http_core.h > > Index: http_core.h > =================================================================== > RCS file: /home/cvs/httpd-2.0/include/http_core.h,v > retrieving revision 1.57 > retrieving revision 1.58 > diff -u -r1.57 -r1.58 > --- http_core.h 1 Jan 2002 20:36:18 -0000 1.57 > +++ http_core.h 2 Jan 2002 07:56:24 -0000 1.58 > @@ -234,9 +234,9 @@ > * Return the limit on bytes in request msg body > * @param r The current request > * @return the maximum number of bytes in the request msg body > - * @deffunc unsigned long ap_get_limit_req_body(const request_rec *r) > + * @deffunc apr_off_t ap_get_limit_req_body(const request_rec *r) > */ > -AP_DECLARE(unsigned long) ap_get_limit_req_body(const request_rec *r); > +AP_DECLARE(apr_off_t) ap_get_limit_req_body(const request_rec *r); > > /** > * Return the limit on bytes in XML request msg body > @@ -471,7 +471,7 @@ > #ifdef RLIMIT_NPROC > struct rlimit *limit_nproc; > #endif > - unsigned long limit_req_body; /* limit on bytes in request msg body */ > + apr_off_t limit_req_body; /* limit on bytes in request msg body */ > long limit_xml_body; /* limit on bytes in XML request msg body */ > > /* logging options */ > > > > 1.383 +33 -11 httpd-2.0/modules/http/http_protocol.c > > Index: http_protocol.c > =================================================================== > RCS file: /home/cvs/httpd-2.0/modules/http/http_protocol.c,v > retrieving revision 1.382 > retrieving revision 1.383 > diff -u -r1.382 -r1.383 > --- http_protocol.c 6 Dec 2001 02:57:19 -0000 1.382 > +++ http_protocol.c 2 Jan 2002 07:56:24 -0000 1.383 > @@ -510,6 +510,8 @@ > > typedef struct http_filter_ctx { > apr_off_t remaining; > + apr_off_t limit; > + apr_off_t limit_used; > enum { > BODY_NONE, > BODY_LENGTH, > @@ -536,6 +538,9 @@ > const char *tenc, *lenp; > f->ctx = ctx = apr_palloc(f->r->pool, sizeof(*ctx)); > ctx->state = BODY_NONE; > + ctx->remaining = 0; > + ctx->limit_used = 0; > + ctx->limit = ap_get_limit_req_body(f->r); > > tenc = apr_table_get(f->r->headers_in, "Transfer-Encoding"); > lenp = apr_table_get(f->r->headers_in, "Content-Length"); > @@ -562,6 +567,18 @@ > ctx->state = BODY_LENGTH; > ctx->remaining = atol(lenp); > } > + > + /* If we have a limit in effect and we know the C-L ahead of > + * time, stop it here if it is invalid. > + */ > + if (ctx->limit && ctx->limit < ctx->remaining) { > + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, f->r, > + "Requested content-length of %" APR_OFF_T_FMT > + " is larger than the configured limit" > + " of %" APR_OFF_T_FMT, ctx->remaining, ctx->limit); > + ap_die(HTTP_REQUEST_ENTITY_TOO_LARGE, f->r); > + return APR_EGENERAL; > + } > } > } > > @@ -620,6 +637,22 @@ > ctx->remaining -= *readbytes; > } > > + /* We have a limit in effect. */ > + if (ctx->limit) { > + /* FIXME: Note that we might get slightly confused on chunked inputs > + * as we'd need to compensate for the chunk lengths which may not > + * really count. This seems to be up for interpretation. */ > + ctx->limit_used += *readbytes; > + if (ctx->limit < ctx->limit_used) { > + ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, f->r, > + "Read content-length of %" APR_OFF_T_FMT > + " is larger than the configured limit" > + " of %" APR_OFF_T_FMT, ctx->limit_used, ctx->limit); > + ap_die(HTTP_REQUEST_ENTITY_TOO_LARGE, f->r); > + return APR_EGENERAL; > + } > + } > + > return APR_SUCCESS; > } > > @@ -1283,7 +1316,6 @@ > { > const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding"); > const char *lenp = apr_table_get(r->headers_in, "Content-Length"); > - apr_off_t max_body; > > r->read_body = read_policy; > r->read_chunked = 0; > @@ -1322,16 +1354,6 @@ > && (r->read_chunked || (r->remaining > 0))) { > ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, > "%s with body is not allowed for %s", r->method, r->uri); > - return HTTP_REQUEST_ENTITY_TOO_LARGE; > - } > - > - max_body = ap_get_limit_req_body(r); > - if (max_body && (r->remaining > max_body)) { > - /* XXX shouldn't we enforce this for chunked encoding too? */ > - ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r, > - "Request content-length of %s is larger than " > - "the configured limit of %" APR_OFF_T_FMT, lenp, > - max_body); > return HTTP_REQUEST_ENTITY_TOO_LARGE; > } > > > > > 1.126 +6 -2 httpd-2.0/server/core.c > > Index: core.c > =================================================================== > RCS file: /home/cvs/httpd-2.0/server/core.c,v > retrieving revision 1.125 > retrieving revision 1.126 > diff -u -r1.125 -r1.126 > --- core.c 2 Jan 2002 05:29:08 -0000 1.125 > +++ core.c 2 Jan 2002 07:56:25 -0000 1.126 > @@ -778,7 +778,7 @@ > return apr_psprintf(p, "%s://%s:%u%s", ap_http_method(r), host, port, uri); > } > > -AP_DECLARE(unsigned long) ap_get_limit_req_body(const request_rec *r) > +AP_DECLARE(apr_off_t) ap_get_limit_req_body(const request_rec *r) > { > core_dir_config *d = > (core_dir_config *)ap_get_module_config(r->per_dir_config, &core_module); > @@ -2093,6 +2093,7 @@ > { > core_dir_config *conf=conf_; > const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT); > + char *errp; > if (err != NULL) { > return err; > } > @@ -2101,7 +2102,10 @@ > * Instead we have an idiotic define in httpd.h that prevents > * it from being used even when it is available. Sheesh. > */ > - conf->limit_req_body = (unsigned long)strtol(arg, (char **)NULL, 10); > + conf->limit_req_body = (apr_off_t)strtol(arg, &errp, 10); > + if (*errp != '\0') { > + return "LimitRequestBody requires a non-negative integer."; > + } > return NULL; > } > > > > >