Bug report for Apache httpd-2 [2020/02/23]

[bugzilla]

+---+
| Bugzilla Bug ID   |
| +-+
| | Status: UNC=Unconfirmed NEW=New ASS=Assigned|
| | OPN=ReopenedVER=Verified(Skipped Closed/Resolved)   |
| |   +-+
| |   | Severity: BLK=Blocker CRI=Critical  REG=Regression  MAJ=Major   |
| |   |   MIN=Minor   NOR=NormalENH=Enhancement TRV=Trivial |
| |   |   +-+
| |   |   | Date Posted |
| |   |   |  +--+
| |   |   |  | Description  |
| |   |   |  |  |
|10747|New|Maj|2002-07-12|ftp SIZE command and 'smart' ftp servers results i|
|11580|Opn|Enh|2002-08-09|generate Content-Location headers |
|12033|Opn|Nor|2002-08-26|Graceful restart immediately result in [warn] long|
|13661|Ass|Enh|2002-10-15|Apache cannot not handle dynamic IP reallocation  |
|14104|Opn|Enh|2002-10-30|not documented: must restart server to load new CR|
|16811|Ass|Maj|2003-02-05|mod_autoindex always return webpages in UTF-8.|
|17244|Ass|Nor|2003-02-20|./configure --help gives false information regardi|
|17497|Opn|Nor|2003-02-27|mod_mime_magic generates incorrect response header|
|20036|Ass|Nor|2003-05-19|Trailing Dots stripped from PATH_INFO environment |
|21260|Opn|Nor|2003-07-02|CacheMaxExpire directive not enforced !   |
|21533|Ass|Cri|2003-07-11|Multiple levels of htacces files can cause mod_aut|
|22484|Opn|Maj|2003-08-16|semaphore problem takes httpd down|
|22686|Opn|Nor|2003-08-25|ab: apr_poll: The timeout specified has expired (7|
|22898|Opn|Nor|2003-09-02|nph scripts with two HTTP header  |
|23911|Opn|Cri|2003-10-18|CGI processes left defunct/zombie under 2.0.54|
|24095|Opn|Cri|2003-10-24|ERROR "Parent: child process exited with status 32|
|24437|Opn|Nor|2003-11-05|mod_auth_ldap doubly-escapes backslash (\) charact|
|24890|Opn|Nor|2003-11-21|Apache config parser should not be local aware ( g|
|25469|Opn|Enh|2003-12-12|create AuthRoot for defining paths to auth files  |
|25484|Ass|Nor|2003-12-12|Non-service Apache cannot be stopped in WinXP |
|26153|Opn|Cri|2004-01-15|Apache cygwin directory traversal vulnerability   |
|27257|Ass|Enh|2004-02-26|rotatelogs with getopt and setuid |
|27715|Ass|Enh|2004-03-16|Client sending misformed Range "bytes = 0-100" ins|
|28657|Ver|Nor|2004-04-28|mod_negotiation should not store Content-Location |
|29090|Ass|Enh|2004-05-19|MultiviewsMatch NegotiatedOnly extensions not resp|
|29510|Ass|Enh|2004-06-10|ab does not support multiple cookies  |
|29644|Ver|Nor|2004-06-17|mod_proxy keeps downloading even after the client |
|30259|Ass|Enh|2004-07-22|When proxy connects to backend, a DNS lookup is do|
|30505|Ass|Enh|2004-08-05|Apache uses 'Error', and not lower level event typ|
|31302|Opn|Cri|2004-09-19|suexec doesn't execute commands if they're not in |
|31352|Ass|Enh|2004-09-21|RFE, Bind to LDAP server with browser supplier use|
|31418|Opn|Nor|2004-09-25|SSLUserName is not usable by other modules|
|32328|Opn|Enh|2004-11-19|Make mod_rewrite escaping optional / expose intern|
|32750|Ass|Maj|2004-12-17|mod_proxy + Win32DisableAcceptEx = memory leak|
|33089|New|Nor|2005-01-13|mod_include: Options +Includes (or IncludesNoExec)|
|33207|Opn|Nor|2005-01-23|Results of my suexec.c code audit |
|34270|Inf|Nor|2005-04-01|Large POSTs over SSL from Internet Explorer do not|
|34519|New|Enh|2005-04-19|Directory index should emit valid XHTML   |
|35098|Ver|Maj|2005-05-27|Install fails using --prefix  |
|35652|Opn|Min|2005-07-07|Improve error message: "pcfg_openfile: unable to c|
|35768|Ver|Nor|2005-07-17|Missing file logs at far too high of log level|
|36636|Opn|Maj|2005-09-13|database write lock taken for PROPFIND operations |
|36676|New|Nor|2005-09-15|time() bug in httpd/os/win32/util_win32.c:wait_for|
|36710|Opn|Blk|2005-09-19|CGI output not captured   |
|37290|Opn|Min|2005-10-28|DirectoryIndex don't work in scriptaliased directo|
|37355|Opn|Enh|2005-11-04|Allow to specify Proxy-Authorization in ProxyRemot|
|37564|New|Enh|2005-11-19|Suggestion: mod_suexec SuexecUserGroup directive i|
|38325|Opn|Nor|2006-01-20|impossible to determine AUTH_TYPE of interpreted r|
|38571|New|Enh|2006-02-08|CustomLog directive checked by apachectl configtes|
|38995|New|Nor|2006-03-16|httpd tries to communicate with the CGI daemon eve|
|39275|Opn|Nor|2006-04-11|slow child_init causes MaxClients warning |

POC: Allowing ap_process_connection() to return EAGAIN

[Graham Leggett]

Hi all,

I’ve put together a proof of concept as to how ap_process_connection() might be 
able to return EAGAIN (or AGAIN in this case).

The idea is that ap_process_connection() can return AGAIN at any time, and if 
so, we’ll jump ahead to where we left off and run the hook again. This way the 
MPMs aren’t obliged to swallow a whole request before returning.

This doesn’t yet work, it’s just to illustrate the idea.

Regards,
Graham
--

Index: include/ap_mpm.h
===
--- include/ap_mpm.h(revision 1874370)
+++ include/ap_mpm.h(working copy)
@@ -182,6 +182,8 @@
 #define AP_MPMQ_CAN_SUSPEND  17
 /** MPM supports additional pollfds */
 #define AP_MPMQ_CAN_POLL 18
+/** MPM supports EAGAIN */
+#define AP_MPMQ_CAN_AGAIN19
 /** @} */
 
 /**
Index: include/http_connection.h
===
--- include/http_connection.h   (revision 1874370)
+++ include/http_connection.h   (working copy)
@@ -40,8 +40,11 @@
  * @param csd The mechanism on which this connection is to be read.
  *Most times this will be a socket, but it is up to the module
  *that accepts the request to determine the exact type.
+ * @return OK if processing is complete, SUSPENDED if processing
+ * should be suspended and retried at a later time, and
+ * AGAIN if processing should be retried when data is available.
  */
-AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd);
+AP_CORE_DECLARE(int) ap_process_connection(conn_rec *c, void *csd);
 
 /**
  * Shutdown the connection for writing.
@@ -109,7 +112,7 @@
  * @param csd The mechanism on which this connection is to be read.
  *Most times this will be a socket, but it is up to the module
  *that accepts the request to determine the exact type.
- * @return OK or DECLINED
+ * @return OK, DECLINED, SUSPENDED or AGAIN.
  */
 AP_DECLARE_HOOK(int,pre_connection,(conn_rec *c, void *csd))
 
@@ -119,7 +122,7 @@
  * function does that for each protocol module.  The first protocol module
  * to handle the request is the last module run.
  * @param c The connection on which the request has been received.
- * @return OK or DECLINED
+ * @return OK, DECLINED, SUSPENDED or AGAIN.
  */
 AP_DECLARE_HOOK(int,process_connection,(conn_rec *c))
 
Index: include/httpd.h
===
--- include/httpd.h (revision 1874370)
+++ include/httpd.h (working copy)
@@ -464,6 +464,9 @@
  */
 #define SUSPENDED -3 /**< Module will handle the remainder of the request.
   * The core will never invoke the request again, */
+#define AGAIN -4/**< Module has not finished handling the
+  * stage and wants to be called again
+  */
 
 /** Returned by the bottom-most filter if no data was written.
  *  @see ap_pass_brigade(). */
Index: server/connection.c
===
--- server/connection.c (revision 1874370)
+++ server/connection.c (working copy)
@@ -30,6 +30,8 @@
 #include "http_log.h"
 #include "util_filter.h"
 
+#include "core.h"
+
 APR_HOOK_STRUCT(
 APR_HOOK_LINK(create_connection)
 APR_HOOK_LINK(process_connection)
@@ -205,17 +207,38 @@
 apr_socket_close(csd);
 }
 
-AP_CORE_DECLARE(void) ap_process_connection(conn_rec *c, void *csd)
+AP_CORE_DECLARE(int) ap_process_connection(conn_rec *c, void *csd)
 {
-int rc;
+int rc = OK;
+conn_config_t *conn_config = ap_get_core_module_config(c->conn_config);
+
+switch (conn_config->process_connection_st) {
+case STATE_UPDATE_VHOST_GIVEN_IP:
+
 ap_update_vhost_given_ip(c);
 
+conn_config->process_connection_st = STATE_RUN_PRE_CONNECTION;
+case STATE_RUN_PRE_CONNECTION:
+
 rc = ap_run_pre_connection(c, csd);
+if (rc == SUSPENDED || rc == AGAIN) {
+return rc;
+}
 if (rc != OK && rc != DONE) {
 c->aborted = 1;
 }
 
 if (!c->aborted) {
-ap_run_process_connection(c);
+
+conn_config->process_connection_st = STATE_RUN_PROCESS_CONNECTION;
+case STATE_RUN_PROCESS_CONNECTION:
+
+rc = ap_run_process_connection(c);
+
 }
+
+}; /* end of switch */
+
+return rc;
 }
+
Index: server/core.h
===
--- server/core.h   (revision 1874370)
+++ server/core.h   (working copy)
@@ -26,11 +26,22 @@
 #define CORE_H
 
 /**
+ * @brief States for the ap_process_connection function
+ */
+typedef enum __attribute__((__packed__)) ap_process_connection_e {
+  STATE_UPDATE_VHOST_GIVEN_IP = 0,
+  STATE_RUN_PRE_CONNECTION,
+  STATE_RUN_PROCESS_CONNECTION
+} ap_process_connection_e;
+
+/**
  * @brief A structure to contain connection state information
  */
 typedef struct conn_config_t {