cvs commit: apachen/src/modules/standard mod_digest.c
dgaudet 98/01/02 15:58:29
Modified:.STATUS
src CHANGES
src/modules/standard mod_digest.c
Log:
Using the digest Authentication scheme for proxy authentication, authorization
never succeeds because mod_digest always looks at the Authorization header,
never at the Proxy-Authorization header.
Also, the scheme in the auth header is compared to "Digest" using a case-
sensitive comparison, instead of a case-insensitive comparison.
PR: 1599
Submitted by: Ronald Tschalaer <[EMAIL PROTECTED]>
Reviewed by: Dean Gaudet, Jim Jagielski
Revision ChangesPath
1.47 +1 -5 apachen/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.46
retrieving revision 1.47
diff -u -r1.46 -r1.47
--- STATUS1998/01/02 23:46:06 1.46
+++ STATUS1998/01/02 23:58:24 1.47
@@ -65,6 +65,7 @@
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
* Dean's [PATCH] mod_info minor cleanups (take 2)
* Dean's [PATCH] mod_status cleanups
+* [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
Available Patches:
@@ -72,11 +73,6 @@
<[EMAIL PROTECTED]>
Status: Ken +1, Jim +1
Gregory Lundberg says it's legally invalid
-
-* [PATCH] mod_digest/1599: proxy authentication using the digest auth
- scheme never succeeds (fwd)
- <[EMAIL PROTECTED]>
- Status: Dean +1, Jim +1
* Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe
<[EMAIL PROTECTED]>
1.556 +4 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.555
retrieving revision 1.556
diff -u -r1.555 -r1.556
--- CHANGES 1998/01/02 23:46:07 1.555
+++ CHANGES 1998/01/02 23:58:26 1.556
@@ -1,5 +1,9 @@
Changes with Apache 1.3b4
+ *) mod_digest didn't properly deal with proxy authentication. It
+ also lacked a case-insensitive comparision of the "Digest"
+ token. [Ronald Tschalaer <[EMAIL PROTECTED]>] PR#1599
+
*) A few cleanups in mod_status for efficiency. [Dean Gaudet]
*) A few cleanups in mod_info to make it thread-safe, and remove an
1.28 +4 -2 apachen/src/modules/standard/mod_digest.c
Index: mod_digest.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_digest.c,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- mod_digest.c 1997/12/18 20:39:18 1.27
+++ mod_digest.c 1998/01/02 23:58:28 1.28
@@ -132,7 +132,9 @@
int get_digest_rec(request_rec *r, digest_header_rec * response)
{
-const char *auth_line = table_get(r->headers_in, "Authorization");
+const char *auth_line = table_get(r->headers_in,
+r->proxyreq ? "Proxy-Authorization"
+: "Authorization");
int l;
int s = 0, vk = 0, vv = 0;
char *t, *key, *value;
@@ -151,7 +153,7 @@
return AUTH_REQUIRED;
}
-if (strcmp(getword(r->pool, &auth_line, ' '), "Digest")) {
+if (strcasecmp(getword(r->pool, &auth_line, ' '), "Digest")) {
/* Client tried to authenticate using wrong auth scheme */
aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"client used wrong authentication scheme: %s", r->uri);
cvs commit: apachen/src/modules/standard mod_status.c
dgaudet 98/01/02 15:46:10
Modified:.STATUS
src CHANGES
src/modules/standard mod_status.c
Log:
- remove an unused buffer
- mark a constant structure as const, and make it static, it's a waste to
initialize it on every call
- initialize the status flags once rather than on every call
Reviewed by: Jim Jagielski
Revision ChangesPath
1.46 +1 -4 apachen/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -r1.45 -r1.46
--- STATUS1998/01/02 23:44:42 1.45
+++ STATUS1998/01/02 23:46:06 1.46
@@ -64,6 +64,7 @@
* Dean's [PATCH] 1.3: "DoS" attack
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
* Dean's [PATCH] mod_info minor cleanups (take 2)
+* Dean's [PATCH] mod_status cleanups
Available Patches:
@@ -75,10 +76,6 @@
* [PATCH] mod_digest/1599: proxy authentication using the digest auth
scheme never succeeds (fwd)
<[EMAIL PROTECTED]>
- Status: Dean +1, Jim +1
-
-* Dean's [PATCH] mod_status cleanups
- <[EMAIL PROTECTED]>
Status: Dean +1, Jim +1
* Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe
1.555 +2 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.554
retrieving revision 1.555
diff -u -r1.554 -r1.555
--- CHANGES 1998/01/02 23:44:43 1.554
+++ CHANGES 1998/01/02 23:46:07 1.555
@@ -1,5 +1,7 @@
Changes with Apache 1.3b4
+ *) A few cleanups in mod_status for efficiency. [Dean Gaudet]
+
*) A few cleanups in mod_info to make it thread-safe, and remove an
off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
1.69 +35 -33apachen/src/modules/standard/mod_status.c
Index: mod_status.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_status.c,v
retrieving revision 1.68
retrieving revision 1.69
diff -u -r1.68 -r1.69
--- mod_status.c 1997/12/20 10:21:59 1.68
+++ mod_status.c 1998/01/02 23:46:10 1.69
@@ -158,8 +158,6 @@
static void show_time(request_rec *r, time_t tsecs)
{
long days, hrs, mins, secs;
-char buf[100];
-char *s;
secs = tsecs % 60;
tsecs /= 60;
@@ -167,8 +165,6 @@
tsecs /= 60;
hrs = tsecs % 24;
days = tsecs / 24;
-s = buf;
-*s = '\0';
if (days)
rprintf(r, " %ld day%s", days, days == 1 ? "" : "s");
if (hrs)
@@ -190,19 +186,22 @@
struct stat_opt {
int id;
-char *form_data_str;
-char *hdr_out_str;
+const char *form_data_str;
+const char *hdr_out_str;
};
+static const struct stat_opt status_options[] = /* see #defines above */
+{
+{STAT_OPT_REFRESH, "refresh", "Refresh"},
+{STAT_OPT_NOTABLE, "notable", NULL},
+{STAT_OPT_AUTO, "auto", NULL},
+{STAT_OPT_END, NULL, NULL}
+};
+
+static char status_flags[SERVER_NUM_STATUS];
+
static int status_handler(request_rec *r)
{
-struct stat_opt options[] = /* see #defines above */
-{
- {STAT_OPT_REFRESH, "refresh", "Refresh"},
- {STAT_OPT_NOTABLE, "notable", NULL},
- {STAT_OPT_AUTO, "auto", NULL},
- {STAT_OPT_END, NULL, NULL}
-};
char *loc;
time_t nowtime = time(NULL);
time_t up_time;
@@ -228,22 +227,11 @@
server_rec *server = r->server;
short_score score_record;
parent_score ps_record;
-char status[SERVER_NUM_STATUS];
char stat_buffer[HARD_SERVER_LIMIT];
clock_t tu, ts, tcu, tcs;
tu = ts = tcu = tcs = 0;
-status[SERVER_DEAD] = '.'; /* We don't want to assume these are in
*/
-status[SERVER_READY] = '_'; /* any particular order in scoreboard.h
*/
-status[SERVER_STARTING] = 'S';
-status[SERVER_BUSY_READ] = 'R';
-status[SERVER_BUSY_WRITE] = 'W';
-status[SERVER_BUSY_KEEPALIVE] = 'K';
-status[SERVER_BUSY_LOG] = 'L';
-status[SERVER_BUSY_DNS] = 'D';
-status[SERVER_GRACEFUL] = 'G';
-
if (!exists_scoreboard_image()) {
aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server,
"Server status unavailable in inetd mode");
@@ -261,15 +249,15 @@
if (r->args) {
i = 0;
- while (options[i].id != STAT_OPT_END) {
- if ((loc = strstr(r->args, options[i].form_data_str)) != NULL) {
- switch (options[i].id) {
+ while (status_options[i].id != STAT_OPT_END) {
+ if ((loc = strstr(r
cvs commit: apachen/src/modules/standard mod_info.c
dgaudet 98/01/02 15:44:46
Modified:.STATUS
src CHANGES
src/modules/standard mod_info.c
Log:
- make mod_info_html_cmd_string() thread safe
- fix minor buffer overrun in mod_info_html_cmd_string() (it would only
hammer a \0 up to 5 bytes past the end of the buffer... nothing big)
- mod_info_load_config() switched to use getword_conf() just like the real
config parsing routines
- replace a bunch of ap_snprintf()/rputs() pairs with rprintf() for more
efficiency
Reviewed by: Brian Behlendorf
Revision ChangesPath
1.45 +1 -4 apachen/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.44
retrieving revision 1.45
diff -u -r1.44 -r1.45
--- STATUS1998/01/02 17:03:16 1.44
+++ STATUS1998/01/02 23:44:42 1.45
@@ -63,6 +63,7 @@
* Jim's [PATCH] ap_cpystrn() function (replace strncpy) Take II
* Dean's [PATCH] 1.3: "DoS" attack
* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
+* Dean's [PATCH] mod_info minor cleanups (take 2)
Available Patches:
@@ -79,10 +80,6 @@
* Dean's [PATCH] mod_status cleanups
<[EMAIL PROTECTED]>
Status: Dean +1, Jim +1
-
-* Dean's [PATCH] mod_info minor cleanups (take 2)
- <[EMAIL PROTECTED]>
- Status: Dean +1, Brian +1
* Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe
<[EMAIL PROTECTED]>
1.554 +3 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.553
retrieving revision 1.554
diff -u -r1.553 -r1.554
--- CHANGES 1997/12/30 19:03:16 1.553
+++ CHANGES 1998/01/02 23:44:43 1.554
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) A few cleanups in mod_info to make it thread-safe, and remove an
+ off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet]
+
*) no2slash() was O(n^2) in the length of the input. Make it O(n).
[Dean Gaudet]
1.32 +66 -105 apachen/src/modules/standard/mod_info.c
Index: mod_info.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_info.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- mod_info.c1997/10/26 20:20:05 1.31
+++ mod_info.c1998/01/02 23:44:45 1.32
@@ -119,27 +119,27 @@
return new;
}
-static char *mod_info_html_cmd_string(char *string)
+static char *mod_info_html_cmd_string(const char *string, char *buf, size_t
buf_len)
{
-char *s, *t;
-static char ret[256]; /* What is the max size of a command? */
-char *end_ret;
+const char *s;
+char *t;
+char *end_buf;
-ret[0] = '\0';
s = string;
-t = ret;
-end_ret = t + sizeof(ret);
-while ((*s) && ((t - ret) < sizeof(ret))) {
+t = buf;
+/* keep space for \0 byte */
+end_buf = buf + buf_len - 1;
+while ((*s) && (t < end_buf)) {
if (*s == '<') {
-strncpy(t, "<", end_ret - t);
+strncpy(t, "<", end_buf - t);
t += 4;
}
else if (*s == '>') {
-strncpy(t, ">", end_ret - t);
+strncpy(t, ">", end_buf - t);
t += 4;
}
else if (*s == '&') {
-strncpy(t, "&", end_ret - t);
+strncpy(t, "&", end_buf - t);
t += 5;
}
else {
@@ -147,25 +147,33 @@
}
s++;
}
-*t = '\0';
-return (ret);
+/* oops, overflowed... don't overwrite */
+if (t > end_buf) {
+ *end_buf = '\0';
+}
+else {
+ *t = '\0';
+}
+return (buf);
}
-static info_cfg_lines *mod_info_load_config(pool *p, char *filename,
+static info_cfg_lines *mod_info_load_config(pool *p, const char *filename,
request_rec *r)
{
char s[MAX_STRING_LEN];
configfile_t *fp;
-info_cfg_lines *new, *ret = NULL, *prev = NULL;
-char *t, *tt, o, *msg;
+info_cfg_lines *new, *ret, *prev;
+const char *t;
fp = pcfg_openfile(p, filename);
if (!fp) {
-msg = pstrcat(r->pool, "mod_info: couldn't open config file ",
- filename, NULL);
-aplog_error(APLOG_MARK, APLOG_WARNING, r->server, msg);
+aplog_error(APLOG_MARK, APLOG_WARNING, r->server,
+ "mod_info: couldn't open config file %s",
+ filename);
return NULL;
}
+ret = NULL;
+prev = NULL;
cvs commit: apachen STATUS
coar98/01/02 09:03:16 Modified:.STATUS Log: Add notice of the patch to update the copyright years. Revision ChangesPath 1.44 +5 -0 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- STATUS1998/01/02 13:58:44 1.43 +++ STATUS1998/01/02 17:03:16 1.44 @@ -66,6 +66,11 @@ Available Patches: +* Ken's [PATCH] for copyright year update + <[EMAIL PROTECTED]> + Status: Ken +1, Jim +1 + Gregory Lundberg says it's legally invalid + * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) <[EMAIL PROTECTED]>
cvs commit: apachen STATUS
pcs 98/01/02 05:58:45
Modified:.STATUS
Log:
This has already been committed
Revision ChangesPath
1.43 +1 -4 apachen/STATUS
Index: STATUS
===
RCS file: /export/home/cvs/apachen/STATUS,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -r1.42 -r1.43
--- STATUS1997/12/30 19:03:14 1.42
+++ STATUS1998/01/02 13:58:44 1.43
@@ -62,6 +62,7 @@
* Ken's [PATCH] for PR#1195 (" in realm names)
* Jim's [PATCH] ap_cpystrn() function (replace strncpy) Take II
* Dean's [PATCH] 1.3: "DoS" attack
+* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments
Available Patches:
@@ -97,10 +98,6 @@
* M.D.Parker's [PATCH] mod_status/1448: Status Information have version
<[EMAIL PROTECTED]>
Status: Dean +1, Martin +1, Alexei -1 (shared lib concerns)
-
-* Paul's [PATCH] NT: spaces in argv[]
- <[EMAIL PROTECTED]>
- Status: Paul +1, Ben +1
* Roy's [PATCH] protocol/1399: failing to read body
<[EMAIL PROTECTED]>
