cvs commit: apachen/src/modules/standard mod_digest.c
dgaudet 98/01/02 15:58:29 Modified:.STATUS src CHANGES src/modules/standard mod_digest.c Log: Using the digest Authentication scheme for proxy authentication, authorization never succeeds because mod_digest always looks at the Authorization header, never at the Proxy-Authorization header. Also, the scheme in the auth header is compared to "Digest" using a case- sensitive comparison, instead of a case-insensitive comparison. PR: 1599 Submitted by: Ronald Tschalaer <[EMAIL PROTECTED]> Reviewed by: Dean Gaudet, Jim Jagielski Revision ChangesPath 1.47 +1 -5 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.46 retrieving revision 1.47 diff -u -r1.46 -r1.47 --- STATUS1998/01/02 23:46:06 1.46 +++ STATUS1998/01/02 23:58:24 1.47 @@ -65,6 +65,7 @@ * Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments * Dean's [PATCH] mod_info minor cleanups (take 2) * Dean's [PATCH] mod_status cleanups +* [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) Available Patches: @@ -72,11 +73,6 @@ <[EMAIL PROTECTED]> Status: Ken +1, Jim +1 Gregory Lundberg says it's legally invalid - -* [PATCH] mod_digest/1599: proxy authentication using the digest auth - scheme never succeeds (fwd) - <[EMAIL PROTECTED]> - Status: Dean +1, Jim +1 * Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe <[EMAIL PROTECTED]> 1.556 +4 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.555 retrieving revision 1.556 diff -u -r1.555 -r1.556 --- CHANGES 1998/01/02 23:46:07 1.555 +++ CHANGES 1998/01/02 23:58:26 1.556 @@ -1,5 +1,9 @@ Changes with Apache 1.3b4 + *) mod_digest didn't properly deal with proxy authentication. It + also lacked a case-insensitive comparision of the "Digest" + token. [Ronald Tschalaer <[EMAIL PROTECTED]>] PR#1599 + *) A few cleanups in mod_status for efficiency. [Dean Gaudet] *) A few cleanups in mod_info to make it thread-safe, and remove an 1.28 +4 -2 apachen/src/modules/standard/mod_digest.c Index: mod_digest.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_digest.c,v retrieving revision 1.27 retrieving revision 1.28 diff -u -r1.27 -r1.28 --- mod_digest.c 1997/12/18 20:39:18 1.27 +++ mod_digest.c 1998/01/02 23:58:28 1.28 @@ -132,7 +132,9 @@ int get_digest_rec(request_rec *r, digest_header_rec * response) { -const char *auth_line = table_get(r->headers_in, "Authorization"); +const char *auth_line = table_get(r->headers_in, +r->proxyreq ? "Proxy-Authorization" +: "Authorization"); int l; int s = 0, vk = 0, vv = 0; char *t, *key, *value; @@ -151,7 +153,7 @@ return AUTH_REQUIRED; } -if (strcmp(getword(r->pool, &auth_line, ' '), "Digest")) { +if (strcasecmp(getword(r->pool, &auth_line, ' '), "Digest")) { /* Client tried to authenticate using wrong auth scheme */ aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "client used wrong authentication scheme: %s", r->uri);
cvs commit: apachen/src/modules/standard mod_status.c
dgaudet 98/01/02 15:46:10 Modified:.STATUS src CHANGES src/modules/standard mod_status.c Log: - remove an unused buffer - mark a constant structure as const, and make it static, it's a waste to initialize it on every call - initialize the status flags once rather than on every call Reviewed by: Jim Jagielski Revision ChangesPath 1.46 +1 -4 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.45 retrieving revision 1.46 diff -u -r1.45 -r1.46 --- STATUS1998/01/02 23:44:42 1.45 +++ STATUS1998/01/02 23:46:06 1.46 @@ -64,6 +64,7 @@ * Dean's [PATCH] 1.3: "DoS" attack * Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments * Dean's [PATCH] mod_info minor cleanups (take 2) +* Dean's [PATCH] mod_status cleanups Available Patches: @@ -75,10 +76,6 @@ * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) <[EMAIL PROTECTED]> - Status: Dean +1, Jim +1 - -* Dean's [PATCH] mod_status cleanups - <[EMAIL PROTECTED]> Status: Dean +1, Jim +1 * Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe 1.555 +2 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.554 retrieving revision 1.555 diff -u -r1.554 -r1.555 --- CHANGES 1998/01/02 23:44:43 1.554 +++ CHANGES 1998/01/02 23:46:07 1.555 @@ -1,5 +1,7 @@ Changes with Apache 1.3b4 + *) A few cleanups in mod_status for efficiency. [Dean Gaudet] + *) A few cleanups in mod_info to make it thread-safe, and remove an off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet] 1.69 +35 -33apachen/src/modules/standard/mod_status.c Index: mod_status.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_status.c,v retrieving revision 1.68 retrieving revision 1.69 diff -u -r1.68 -r1.69 --- mod_status.c 1997/12/20 10:21:59 1.68 +++ mod_status.c 1998/01/02 23:46:10 1.69 @@ -158,8 +158,6 @@ static void show_time(request_rec *r, time_t tsecs) { long days, hrs, mins, secs; -char buf[100]; -char *s; secs = tsecs % 60; tsecs /= 60; @@ -167,8 +165,6 @@ tsecs /= 60; hrs = tsecs % 24; days = tsecs / 24; -s = buf; -*s = '\0'; if (days) rprintf(r, " %ld day%s", days, days == 1 ? "" : "s"); if (hrs) @@ -190,19 +186,22 @@ struct stat_opt { int id; -char *form_data_str; -char *hdr_out_str; +const char *form_data_str; +const char *hdr_out_str; }; +static const struct stat_opt status_options[] = /* see #defines above */ +{ +{STAT_OPT_REFRESH, "refresh", "Refresh"}, +{STAT_OPT_NOTABLE, "notable", NULL}, +{STAT_OPT_AUTO, "auto", NULL}, +{STAT_OPT_END, NULL, NULL} +}; + +static char status_flags[SERVER_NUM_STATUS]; + static int status_handler(request_rec *r) { -struct stat_opt options[] = /* see #defines above */ -{ - {STAT_OPT_REFRESH, "refresh", "Refresh"}, - {STAT_OPT_NOTABLE, "notable", NULL}, - {STAT_OPT_AUTO, "auto", NULL}, - {STAT_OPT_END, NULL, NULL} -}; char *loc; time_t nowtime = time(NULL); time_t up_time; @@ -228,22 +227,11 @@ server_rec *server = r->server; short_score score_record; parent_score ps_record; -char status[SERVER_NUM_STATUS]; char stat_buffer[HARD_SERVER_LIMIT]; clock_t tu, ts, tcu, tcs; tu = ts = tcu = tcs = 0; -status[SERVER_DEAD] = '.'; /* We don't want to assume these are in */ -status[SERVER_READY] = '_'; /* any particular order in scoreboard.h */ -status[SERVER_STARTING] = 'S'; -status[SERVER_BUSY_READ] = 'R'; -status[SERVER_BUSY_WRITE] = 'W'; -status[SERVER_BUSY_KEEPALIVE] = 'K'; -status[SERVER_BUSY_LOG] = 'L'; -status[SERVER_BUSY_DNS] = 'D'; -status[SERVER_GRACEFUL] = 'G'; - if (!exists_scoreboard_image()) { aplog_error(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r->server, "Server status unavailable in inetd mode"); @@ -261,15 +249,15 @@ if (r->args) { i = 0; - while (options[i].id != STAT_OPT_END) { - if ((loc = strstr(r->args, options[i].form_data_str)) != NULL) { - switch (options[i].id) { + while (status_options[i].id != STAT_OPT_END) { + if ((loc = strstr(r
cvs commit: apachen/src/modules/standard mod_info.c
dgaudet 98/01/02 15:44:46 Modified:.STATUS src CHANGES src/modules/standard mod_info.c Log: - make mod_info_html_cmd_string() thread safe - fix minor buffer overrun in mod_info_html_cmd_string() (it would only hammer a \0 up to 5 bytes past the end of the buffer... nothing big) - mod_info_load_config() switched to use getword_conf() just like the real config parsing routines - replace a bunch of ap_snprintf()/rputs() pairs with rprintf() for more efficiency Reviewed by: Brian Behlendorf Revision ChangesPath 1.45 +1 -4 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- STATUS1998/01/02 17:03:16 1.44 +++ STATUS1998/01/02 23:44:42 1.45 @@ -63,6 +63,7 @@ * Jim's [PATCH] ap_cpystrn() function (replace strncpy) Take II * Dean's [PATCH] 1.3: "DoS" attack * Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments +* Dean's [PATCH] mod_info minor cleanups (take 2) Available Patches: @@ -79,10 +80,6 @@ * Dean's [PATCH] mod_status cleanups <[EMAIL PROTECTED]> Status: Dean +1, Jim +1 - -* Dean's [PATCH] mod_info minor cleanups (take 2) - <[EMAIL PROTECTED]> - Status: Dean +1, Brian +1 * Martin's [PATCH] 36kB: Make apache compile & run on an EBCDIC mainframe <[EMAIL PROTECTED]> 1.554 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.553 retrieving revision 1.554 diff -u -r1.553 -r1.554 --- CHANGES 1997/12/30 19:03:16 1.553 +++ CHANGES 1998/01/02 23:44:43 1.554 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) A few cleanups in mod_info to make it thread-safe, and remove an + off-by-5 bug that could hammer \0 on the stack. [Dean Gaudet] + *) no2slash() was O(n^2) in the length of the input. Make it O(n). [Dean Gaudet] 1.32 +66 -105 apachen/src/modules/standard/mod_info.c Index: mod_info.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_info.c,v retrieving revision 1.31 retrieving revision 1.32 diff -u -r1.31 -r1.32 --- mod_info.c1997/10/26 20:20:05 1.31 +++ mod_info.c1998/01/02 23:44:45 1.32 @@ -119,27 +119,27 @@ return new; } -static char *mod_info_html_cmd_string(char *string) +static char *mod_info_html_cmd_string(const char *string, char *buf, size_t buf_len) { -char *s, *t; -static char ret[256]; /* What is the max size of a command? */ -char *end_ret; +const char *s; +char *t; +char *end_buf; -ret[0] = '\0'; s = string; -t = ret; -end_ret = t + sizeof(ret); -while ((*s) && ((t - ret) < sizeof(ret))) { +t = buf; +/* keep space for \0 byte */ +end_buf = buf + buf_len - 1; +while ((*s) && (t < end_buf)) { if (*s == '<') { -strncpy(t, "<", end_ret - t); +strncpy(t, "<", end_buf - t); t += 4; } else if (*s == '>') { -strncpy(t, ">", end_ret - t); +strncpy(t, ">", end_buf - t); t += 4; } else if (*s == '&') { -strncpy(t, "&", end_ret - t); +strncpy(t, "&", end_buf - t); t += 5; } else { @@ -147,25 +147,33 @@ } s++; } -*t = '\0'; -return (ret); +/* oops, overflowed... don't overwrite */ +if (t > end_buf) { + *end_buf = '\0'; +} +else { + *t = '\0'; +} +return (buf); } -static info_cfg_lines *mod_info_load_config(pool *p, char *filename, +static info_cfg_lines *mod_info_load_config(pool *p, const char *filename, request_rec *r) { char s[MAX_STRING_LEN]; configfile_t *fp; -info_cfg_lines *new, *ret = NULL, *prev = NULL; -char *t, *tt, o, *msg; +info_cfg_lines *new, *ret, *prev; +const char *t; fp = pcfg_openfile(p, filename); if (!fp) { -msg = pstrcat(r->pool, "mod_info: couldn't open config file ", - filename, NULL); -aplog_error(APLOG_MARK, APLOG_WARNING, r->server, msg); +aplog_error(APLOG_MARK, APLOG_WARNING, r->server, + "mod_info: couldn't open config file %s", + filename); return NULL; } +ret = NULL; +prev = NULL;
cvs commit: apachen STATUS
coar98/01/02 09:03:16 Modified:.STATUS Log: Add notice of the patch to update the copyright years. Revision ChangesPath 1.44 +5 -0 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.43 retrieving revision 1.44 diff -u -r1.43 -r1.44 --- STATUS1998/01/02 13:58:44 1.43 +++ STATUS1998/01/02 17:03:16 1.44 @@ -66,6 +66,11 @@ Available Patches: +* Ken's [PATCH] for copyright year update + <[EMAIL PROTECTED]> + Status: Ken +1, Jim +1 + Gregory Lundberg says it's legally invalid + * [PATCH] mod_digest/1599: proxy authentication using the digest auth scheme never succeeds (fwd) <[EMAIL PROTECTED]>
cvs commit: apachen STATUS
pcs 98/01/02 05:58:45 Modified:.STATUS Log: This has already been committed Revision ChangesPath 1.43 +1 -4 apachen/STATUS Index: STATUS === RCS file: /export/home/cvs/apachen/STATUS,v retrieving revision 1.42 retrieving revision 1.43 diff -u -r1.42 -r1.43 --- STATUS1997/12/30 19:03:14 1.42 +++ STATUS1998/01/02 13:58:44 1.43 @@ -62,6 +62,7 @@ * Ken's [PATCH] for PR#1195 (" in realm names) * Jim's [PATCH] ap_cpystrn() function (replace strncpy) Take II * Dean's [PATCH] 1.3: "DoS" attack +* Paul/Ben's [PATCH] 1.3: spaces in NT spawn* arguments Available Patches: @@ -97,10 +98,6 @@ * M.D.Parker's [PATCH] mod_status/1448: Status Information have version <[EMAIL PROTECTED]> Status: Dean +1, Martin +1, Alexei -1 (shared lib concerns) - -* Paul's [PATCH] NT: spaces in argv[] - <[EMAIL PROTECTED]> - Status: Paul +1, Ben +1 * Roy's [PATCH] protocol/1399: failing to read body <[EMAIL PROTECTED]>