At 6:05 PM +0100 12/11/02, Martin Kraemer wrote:
>
>I gotta hurry back home now to see the kids - dunno yet when I'll have
>time. Feel free to do it - (and: adding php to the server makes for
>the easiest test bed for the leaking).
>
Here it is:
Index: src/CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1866
diff -u -r1.1866 CHANGES
--- src/CHANGES 9 Dec 2002 20:21:00 -0000 1.1866
+++ src/CHANGES 11 Dec 2002 18:28:30 -0000
@@ -1,5 +1,14 @@
Changes with Apache 1.3.28
+ *) Certain 3rd party modules would bypass the Apache API and not
+ invoke ap_cleanup_for_exec() before creating sub-processes.
+ To such a child process, Apache's file descriptors (lock
+ fd's, log files, sockets) were accessible, allowing them
+ direct access to Apache log file etc. Where the OS allows,
+ we now add proactive close functions to prevent these file
+ descriptors from leaking to the child processes.
+ [Jim Jagielski, Martin Kraemer]
+
*) Prevent obscenely large values of precision in ap_vformatter
from clobbering a buffer. [Sander Striker, Jim Jagielski]
Index: src/include/ap_alloc.h
===================================================================
RCS file: /home/cvs/apache-1.3/src/include/ap_alloc.h,v
retrieving revision 1.80
diff -u -r1.80 ap_alloc.h
--- src/include/ap_alloc.h 8 Dec 2002 19:09:55 -0000 1.80
+++ src/include/ap_alloc.h 11 Dec 2002 18:28:31 -0000
@@ -337,6 +337,8 @@
API_EXPORT(FILE *) ap_pfopen(struct pool *, const char *name, const char *fmode);
API_EXPORT(FILE *) ap_pfdopen(struct pool *, int fd, const char *fmode);
API_EXPORT(int) ap_popenf(struct pool *, const char *name, int flg, int mode);
+API_EXPORT(int) ap_popenf_ex(struct pool *, const char *name, int flg,
+ int mode, int domagic);
API_EXPORT(void) ap_note_cleanups_for_file(pool *, FILE *);
API_EXPORT(void) ap_note_cleanups_for_file_ex(pool *, FILE *, int);
@@ -351,6 +353,7 @@
API_EXPORT(void) ap_note_cleanups_for_socket_ex(pool *, int, int);
API_EXPORT(void) ap_kill_cleanups_for_socket(pool *p, int sock);
API_EXPORT(int) ap_psocket(pool *p, int, int, int);
+API_EXPORT(int) ap_psocket_ex(pool *p, int, int, int, int);
API_EXPORT(int) ap_pclosesocket(pool *a, int sock);
API_EXPORT(regex_t *) ap_pregcomp(pool *p, const char *pattern, int cflags);
Index: src/include/ap_mmn.h
===================================================================
RCS file: /home/cvs/apache-1.3/src/include/ap_mmn.h,v
retrieving revision 1.61
diff -u -r1.61 ap_mmn.h
--- src/include/ap_mmn.h 8 Dec 2002 19:09:55 -0000 1.61
+++ src/include/ap_mmn.h 11 Dec 2002 18:28:31 -0000
@@ -239,8 +239,9 @@
* 19990320.13 - add ap_strtol()
* 19990320.14 - add ap_register_cleanup_ex(),
* ap_note_cleanups_for_fd_ex(),
- * ap_note_cleanups_for_socket_ex() and
- * ap_note_cleanups_for_file_ex()
+ * ap_note_cleanups_for_socket_ex(),
+ * ap_note_cleanups_for_file_ex(),
+ * ap_popenf_ex() and ap_psocket_ex().
*/
#define MODULE_MAGIC_COOKIE 0x41503133UL /* "AP13" */
Index: src/main/alloc.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/alloc.c,v
retrieving revision 1.134
diff -u -r1.134 alloc.c
--- src/main/alloc.c 11 Dec 2002 12:24:27 -0000 1.134
+++ src/main/alloc.c 11 Dec 2002 18:28:33 -0000
@@ -1687,12 +1687,17 @@
void (*child_cleanup) (void *),
int (*magic_cleanup) (void *))
{
- struct cleanup *c = (struct cleanup *) ap_palloc(p, sizeof(struct cleanup));
- c->data = data;
- c->plain_cleanup = plain_cleanup;
- c->child_cleanup = child_cleanup;
- c->next = p->cleanups;
- p->cleanups = c;
+ struct cleanup *c;
+ if (p) {
+ c = (struct cleanup *) ap_palloc(p, sizeof(struct cleanup));
+ c->data = data;
+ c->plain_cleanup = plain_cleanup;
+ c->child_cleanup = child_cleanup;
+ c->next = p->cleanups;
+ p->cleanups = c;
+ }
+ /* attempt to do magic even if not passed a pool. Allows us
+ * to perform the magic, therefore, "whenever" we want/need */
if(magic_cleanup) {
if(!magic_cleanup(data))
ap_log_error(APLOG_MARK, APLOG_WARNING, NULL,
@@ -1827,7 +1832,8 @@
ap_kill_cleanup(p, (void *) (long) fd, fd_cleanup);
}
-API_EXPORT(int) ap_popenf(pool *a, const char *name, int flg, int mode)
+API_EXPORT(int) ap_popenf_ex(pool *a, const char *name, int flg, int mode,
+ int domagic)
{
int fd;
int save_errno;
@@ -1837,13 +1843,18 @@
save_errno = errno;
if (fd >= 0) {
fd = ap_slack(fd, AP_SLACK_HIGH);
- ap_note_cleanups_for_fd(a, fd);
+ ap_note_cleanups_for_fd_ex(a, fd, domagic);
}
ap_unblock_alarms();
errno = save_errno;
return fd;
}
+API_EXPORT(int) ap_popenf(pool *a, const char *name, int flg, int mode)
+{
+ return ap_popenf_ex(a, name, flg, mode, 0);
+}
+
API_EXPORT(int) ap_pclosef(pool *a, int fd)
{
int res;
@@ -2047,7 +2058,8 @@
ap_kill_cleanup(p, (void *) (long) sock, socket_cleanup);
}
-API_EXPORT(int) ap_psocket(pool *p, int domain, int type, int protocol)
+API_EXPORT(int) ap_psocket_ex(pool *p, int domain, int type, int protocol,
+ int domagic)
{
int fd;
@@ -2059,9 +2071,14 @@
errno = save_errno;
return -1;
}
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, domagic);
ap_unblock_alarms();
return fd;
+}
+
+API_EXPORT(int) ap_psocket(pool *p, int domain, int type, int protocol)
+{
+ return ap_psocket_ex(p, domain, type, protocol, 0);
}
API_EXPORT(int) ap_pclosesocket(pool *a, int sock)
Index: src/main/http_main.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_main.c,v
retrieving revision 1.596
diff -u -r1.596 http_main.c
--- src/main/http_main.c 25 Oct 2002 21:12:23 -0000 1.596
+++ src/main/http_main.c 11 Dec 2002 18:28:37 -0000
@@ -876,7 +876,7 @@
unlock_it.l_pid = 0; /* pid not actually interesting */
expand_lock_fname(p);
- lock_fd = ap_popenf(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644);
+ lock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0644, 1);
if (lock_fd == -1) {
perror("open");
fprintf(stderr, "Cannot open lock file: %s\n", ap_lock_fname);
@@ -943,7 +943,7 @@
static void accept_mutex_child_init_flock(pool *p)
{
- flock_fd = ap_popenf(p, ap_lock_fname, O_WRONLY, 0600);
+ flock_fd = ap_popenf_ex(p, ap_lock_fname, O_WRONLY, 0600, 1);
if (flock_fd == -1) {
ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
"Child cannot open lock file: %s", ap_lock_fname);
@@ -959,7 +959,7 @@
{
expand_lock_fname(p);
unlink(ap_lock_fname);
- flock_fd = ap_popenf(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600);
+ flock_fd = ap_popenf_ex(p, ap_lock_fname, O_CREAT | O_WRONLY | O_EXCL, 0600, 1);
if (flock_fd == -1) {
ap_log_error(APLOG_MARK, APLOG_EMERG, server_conf,
"Parent cannot open lock file: %s", ap_lock_fname);
@@ -2457,7 +2457,7 @@
#ifdef TPF
ap_scoreboard_fname = ap_server_root_relative(p, ap_scoreboard_fname);
#endif /* TPF */
- scoreboard_fd = ap_popenf(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR,
0666);
+ scoreboard_fd = ap_popenf_ex(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR,
+0666, 1);
if (scoreboard_fd == -1) {
perror(ap_scoreboard_fname);
fprintf(stderr, "Cannot open scoreboard file:\n");
@@ -2483,7 +2483,7 @@
ap_scoreboard_image = &_scoreboard_image;
ap_scoreboard_fname = ap_server_root_relative(p, ap_scoreboard_fname);
- scoreboard_fd = ap_popenf(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR,
0644);
+ scoreboard_fd = ap_popenf_ex(p, ap_scoreboard_fname, O_CREAT | O_BINARY | O_RDWR,
+0644, 1);
if (scoreboard_fd == -1) {
perror(ap_scoreboard_fname);
fprintf(stderr, "Cannot open scoreboard file:\n");
@@ -3655,7 +3655,7 @@
s = ap_slack(s, AP_SLACK_HIGH);
#endif
- ap_note_cleanups_for_socket(p, s); /* arrange to close on exec or restart */
+ ap_note_cleanups_for_socket_ex(p, s, 1); /* arrange to close on exec or restart
+*/
#ifdef TPF
os_note_additional_cleanups(p, s);
#endif /* TPF */
@@ -3796,7 +3796,7 @@
#ifdef WORKAROUND_SOLARIS_BUG
s = ap_slack(s, AP_SLACK_HIGH);
- ap_note_cleanups_for_socket(p, s); /* arrange to close on exec or restart */
+ ap_note_cleanups_for_socket_ex(p, s, 1); /* arrange to close on exec or restart
+*/
#endif
ap_unblock_alarms();
@@ -3903,7 +3903,7 @@
fd = make_sock(p, &lr->local_addr);
}
else {
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, 1);
}
/* if we get here, (fd >= 0) && (fd < FD_SETSIZE) */
FD_SET(fd, &listenfds);
@@ -4517,7 +4517,7 @@
*/
signal(SIGUSR1, SIG_IGN);
- ap_note_cleanups_for_socket(ptrans, csd);
+ ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
/* protect various fd_sets */
#ifdef CHECK_FD_SETSIZE
@@ -4565,7 +4565,7 @@
"dup: couldn't duplicate csd");
dupped_csd = csd; /* Oh well... */
}
- ap_note_cleanups_for_socket(ptrans, dupped_csd);
+ ap_note_cleanups_for_socket_ex(ptrans, dupped_csd, 1);
/* protect various fd_sets */
#ifdef CHECK_FD_SETSIZE
@@ -5092,7 +5092,7 @@
#ifdef SCOREBOARD_FILE
else {
ap_scoreboard_fname = ap_server_root_relative(pconf, ap_scoreboard_fname);
- ap_note_cleanups_for_fd(pconf, scoreboard_fd);
+ ap_note_cleanups_for_fd_ex(pconf, scoreboard_fd, 1); /* close on exec */
}
#endif
@@ -5892,7 +5892,7 @@
requests_this_child++;
- ap_note_cleanups_for_socket(ptrans, csd);
+ ap_note_cleanups_for_socket_ex(ptrans, csd, 1);
/*
* We now have a connection, so set it up with the appropriate
@@ -5924,7 +5924,7 @@
"dup: couldn't duplicate csd");
dupped_csd = csd; /* Oh well... */
}
- ap_note_cleanups_for_socket(ptrans, dupped_csd);
+ ap_note_cleanups_for_socket_ex(ptrans, dupped_csd, 1);
#endif
ap_bpushfd(conn_io, csd, dupped_csd);
@@ -6140,7 +6140,7 @@
if (fd > listenmaxfd)
listenmaxfd = fd;
}
- ap_note_cleanups_for_socket(p, fd);
+ ap_note_cleanups_for_socket_ex(p, fd, 1);
lr->fd = fd;
if (lr->next == NULL) {
/* turn the list into a ring */
Index: src/main/rfc1413.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/rfc1413.c,v
retrieving revision 1.39
diff -u -r1.39 rfc1413.c
--- src/main/rfc1413.c 13 Mar 2002 21:05:31 -0000 1.39
+++ src/main/rfc1413.c 11 Dec 2002 18:28:37 -0000
@@ -243,7 +243,7 @@
result = FROM_UNKNOWN;
- sock = ap_psocket(conn->pool, AF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(conn->pool, AF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock < 0) {
ap_log_error(APLOG_MARK, APLOG_CRIT, srv,
"socket: rfc1413: error creating socket");
Index: src/modules/proxy/proxy_connect.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_connect.c,v
retrieving revision 1.49
diff -u -r1.49 proxy_connect.c
--- src/modules/proxy/proxy_connect.c 25 Mar 2002 09:21:58 -0000 1.49
+++ src/modules/proxy/proxy_connect.c 11 Dec 2002 18:28:37 -0000
@@ -182,7 +182,7 @@
return ap_proxyerror(r,
proxyhost ? HTTP_BAD_GATEWAY : HTTP_INTERNAL_SERVER_ERROR, err);
- sock = ap_psocket(r->pool, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(r->pool, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r, "proxy: error creating socket");
return HTTP_INTERNAL_SERVER_ERROR;
Index: src/modules/proxy/proxy_ftp.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_ftp.c,v
retrieving revision 1.98
diff -u -r1.98 proxy_ftp.c
--- src/modules/proxy/proxy_ftp.c 7 Apr 2002 18:57:36 -0000 1.98
+++ src/modules/proxy/proxy_ftp.c 11 Dec 2002 18:28:39 -0000
@@ -665,7 +665,7 @@
if (err != NULL)
return ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR, err);
- sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
@@ -944,7 +944,7 @@
}
/* try to set up PASV data connection first */
- dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (dsock == -1) {
return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
@@ -1032,7 +1032,7 @@
"proxy: error getting socket address"));
}
- dsock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ dsock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (dsock == -1) {
return ftp_cleanup_and_return(r, ctrl, data, sock, dsock,
ap_proxyerror(r, HTTP_INTERNAL_SERVER_ERROR,
Index: src/modules/proxy/proxy_http.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_http.c,v
retrieving revision 1.101
diff -u -r1.101 proxy_http.c
--- src/modules/proxy/proxy_http.c 3 Sep 2002 07:12:46 -0000 1.101
+++ src/modules/proxy/proxy_http.c 11 Dec 2002 18:28:39 -0000
@@ -241,7 +241,7 @@
* we have worked out who exactly we are going to connect to, now make
* that connection...
*/
- sock = ap_psocket(p, PF_INET, SOCK_STREAM, IPPROTO_TCP);
+ sock = ap_psocket_ex(p, PF_INET, SOCK_STREAM, IPPROTO_TCP, 1);
if (sock == -1) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
"proxy: error creating socket");
Index: src/modules/standard/mod_log_agent.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_log_agent.c,v
retrieving revision 1.36
diff -u -r1.36 mod_log_agent.c
--- src/modules/standard/mod_log_agent.c 13 Mar 2002 21:05:33 -0000 1.36
+++ src/modules/standard/mod_log_agent.c 11 Dec 2002 18:28:39 -0000
@@ -125,7 +125,8 @@
cls->agent_fd = ap_piped_log_write_fd(pl);
}
else if (*cls->fname != '\0') {
- if ((cls->agent_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->agent_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open agent log file %s.", fname);
exit(1);
Index: src/modules/standard/mod_log_config.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_log_config.c,v
retrieving revision 1.88
diff -u -r1.88 mod_log_config.c
--- src/modules/standard/mod_log_config.c 21 May 2002 13:03:56 -0000 1.88
+++ src/modules/standard/mod_log_config.c 11 Dec 2002 18:28:40 -0000
@@ -1069,7 +1069,8 @@
}
else {
char *fname = ap_server_root_relative(p, cls->fname);
- if ((cls->log_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->log_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open transfer log file %s.", fname);
exit(1);
Index: src/modules/standard/mod_log_referer.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_log_referer.c,v
retrieving revision 1.39
diff -u -r1.39 mod_log_referer.c
--- src/modules/standard/mod_log_referer.c 13 Mar 2002 21:05:33 -0000 1.39
+++ src/modules/standard/mod_log_referer.c 11 Dec 2002 18:28:40 -0000
@@ -142,7 +142,8 @@
cls->referer_fd = ap_piped_log_write_fd(pl);
}
else if (*cls->fname != '\0') {
- if ((cls->referer_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->referer_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1))
+ < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open referer log file %s.", fname);
exit(1);
Index: src/modules/standard/mod_mime_magic.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_mime_magic.c,v
retrieving revision 1.48
diff -u -r1.48 mod_mime_magic.c
--- src/modules/standard/mod_mime_magic.c 18 Jun 2002 01:00:00 -0000 1.48
+++ src/modules/standard/mod_mime_magic.c 11 Dec 2002 18:28:42 -0000
@@ -880,6 +880,7 @@
* try looking at the first HOWMANY bytes
*/
if ((nbytes = read(fd, (char *) buf, sizeof(buf) - 1)) == -1) {
+ (void) ap_pclosef(r->pool, fd);
ap_log_rerror(APLOG_MARK, APLOG_ERR, r,
MODNAME ": read failed: %s", r->filename);
return HTTP_INTERNAL_SERVER_ERROR;
Index: src/modules/standard/mod_rewrite.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v
retrieving revision 1.178
diff -u -r1.178 mod_rewrite.c
--- src/modules/standard/mod_rewrite.c 8 Jul 2002 17:18:32 -0000 1.178
+++ src/modules/standard/mod_rewrite.c 11 Dec 2002 18:28:45 -0000
@@ -3105,8 +3105,8 @@
conf->rewritelogfp = ap_piped_log_write_fd(pl);
}
else if (*conf->rewritelogfile != '\0') {
- if ((conf->rewritelogfp = ap_popenf(p, fname, rewritelog_flags,
- rewritelog_mode)) < 0) {
+ if ((conf->rewritelogfp = ap_popenf_ex(p, fname, rewritelog_flags,
+ rewritelog_mode, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: could not open RewriteLog "
@@ -3253,8 +3253,8 @@
/* create the lockfile */
unlink(lockname);
- if ((lockfd = ap_popenf(p, lockname, O_WRONLY|O_CREAT,
- REWRITELOCK_MODE)) < 0) {
+ if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY|O_CREAT,
+ REWRITELOCK_MODE, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: Parent could not create RewriteLock "
"file %s", lockname);
@@ -3281,8 +3281,8 @@
}
/* open the lockfile (once per child) to get a unique fd */
- if ((lockfd = ap_popenf(p, lockname, O_WRONLY,
- REWRITELOCK_MODE)) < 0) {
+ if ((lockfd = ap_popenf_ex(p, lockname, O_WRONLY,
+ REWRITELOCK_MODE, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"mod_rewrite: Child could not open RewriteLock "
"file %s", lockname);
Index: src/os/netware/mod_log_nw.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/netware/mod_log_nw.c,v
retrieving revision 1.3
diff -u -r1.3 mod_log_nw.c
--- src/os/netware/mod_log_nw.c 2 Apr 2002 16:51:01 -0000 1.3
+++ src/os/netware/mod_log_nw.c 11 Dec 2002 18:28:46 -0000
@@ -1161,7 +1161,7 @@
fname = ap_server_root_relative(p, cls->fname);
}
- if ((cls->log_fd = ap_popenf(p, fname, xfer_flags, xfer_mode)) < 0) {
+ if ((cls->log_fd = ap_popenf_ex(p, fname, xfer_flags, xfer_mode, 1)) < 0) {
ap_log_error(APLOG_MARK, APLOG_ERR, s,
"could not open transfer log file %s.", fname);
exit(1);
--
===========================================================================
Jim Jagielski [|] [EMAIL PROTECTED] [|] http://www.jaguNET.com/
"A society that will trade a little liberty for a little order
will lose both and deserve neither" - T.Jefferson
