Re: svn commit: r1610339 - in /httpd/httpd/trunk: docs/manual/mod/mod_journald.xml modules/loggers/config.m4 modules/loggers/mod_journald.c
jkal...@apache.org wrote:
Author: jkaluza
Date: Mon Jul 14 05:52:45 2014
New Revision: 1610339
URL: http://svn.apache.org/r1610339
Log:
mod_journald: New module implementing error_log provider for systemd-journald.
Added:
httpd/httpd/trunk/docs/manual/mod/mod_journald.xml (with props)
httpd/httpd/trunk/modules/loggers/mod_journald.c
Modified:
httpd/httpd/trunk/modules/loggers/config.m4
Added: httpd/httpd/trunk/modules/loggers/mod_journald.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_journald.c?rev=1610339view=auto
==
--- httpd/httpd/trunk/modules/loggers/mod_journald.c (added)
+++ httpd/httpd/trunk/modules/loggers/mod_journald.c Mon Jul 14 05:52:45 2014
+static apr_status_t journald_log_writer(request_rec *r,
+ void *handle,
+ const char **strs,
+ int *strl,
+ int nelts,
+ apr_size_t len)
+
+{
+char *str;
+char *s;
+int i;
+apr_status_t rv = APR_SUCCESS;
+
+str = apr_palloc(r-pool, len + 1);
Why +1?
Regards
Rüdiger
Re: svn commit: r1610339 - in /httpd/httpd/trunk: docs/manual/mod/mod_journald.xml modules/loggers/config.m4 modules/loggers/mod_journald.c
On 07/14/2014 09:52 AM, Ruediger Pluem wrote:
jkal...@apache.org wrote:
Author: jkaluza
Date: Mon Jul 14 05:52:45 2014
New Revision: 1610339
URL: http://svn.apache.org/r1610339
Log:
mod_journald: New module implementing error_log provider for systemd-journald.
Added:
httpd/httpd/trunk/docs/manual/mod/mod_journald.xml (with props)
httpd/httpd/trunk/modules/loggers/mod_journald.c
Modified:
httpd/httpd/trunk/modules/loggers/config.m4
Added: httpd/httpd/trunk/modules/loggers/mod_journald.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_journald.c?rev=1610339view=auto
==
--- httpd/httpd/trunk/modules/loggers/mod_journald.c (added)
+++ httpd/httpd/trunk/modules/loggers/mod_journald.c Mon Jul 14 05:52:45 2014
+static apr_status_t journald_log_writer(request_rec *r,
+ void *handle,
+ const char **strs,
+ int *strl,
+ int nelts,
+ apr_size_t len)
+
+{
+char *str;
+char *s;
+int i;
+apr_status_t rv = APR_SUCCESS;
+
+str = apr_palloc(r-pool, len + 1);
Why +1?
That's taken from ap_default_log_writer(...) and it's also in
ap_buffered_log_writer(...). When thinking about it now, it's probably
useless, because len is sum of strlen() of each string in strs, so it
does not include '\0', but my log_writer (and also the
ap_default_log_writer/ap_buffered_log_writer) does not actually use/set
that last zero byte.
I think we can remove that len + 1 in all three cases then?
Jan Kaluza
Regards
Rüdiger
Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
Hi,
no APLOGNO ?
Best regards,
CJ
Le 14/07/2014 22:08, cove...@apache.org a écrit :
Author: covener
Date: Mon Jul 14 20:08:25 2014
New Revision: 1610509
URL: http://svn.apache.org/r1610509
Log:
*) SECURITY: CVE-2014-0231 (cve.mitre.org)
mod_cgid: Fix a denial of service against CGI scripts that do
not consume stdin that could lead to lingering HTTPD child processes
filling up the scoreboard and eventually hanging the server.
[Rainer Jung, Eric Covener, Yann Ylavic]
Submitted By: rjung, covener, ylavic
Reviewed By: trawick, jorton, covener, jim
Modified:
httpd/httpd/trunk/modules/generators/mod_cgid.c
Modified: httpd/httpd/trunk/modules/generators/mod_cgid.c
URL:
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?rev=1610509r1=1610508r2=1610509view=diff
==
--- httpd/httpd/trunk/modules/generators/mod_cgid.c (original)
+++ httpd/httpd/trunk/modules/generators/mod_cgid.c Mon Jul 14 20:08:25 2014
@@ -1551,6 +1551,10 @@ static int cgid_handler(request_rec *r)
if (rv != APR_SUCCESS) {
/* silly script stopped reading, soak up remaining message */
child_stopped_reading = 1;
+ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ Error writing request body to script %s,
+ r-filename);
+
}
Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
On Mon, Jul 14, 2014 at 4:27 PM, Marion Christophe JAILLET christophe.jail...@wanadoo.fr wrote: Hi, no APLOGNO ? ty, can you help remedy in trunk and 2.4?
Re: svn commit: r1610509 - /httpd/httpd/trunk/modules/generators/mod_cgid.c
Le 14/07/2014 22:28, Eric Covener a écrit : On Mon, Jul 14, 2014 at 4:27 PM, Marion Christophe JAILLET christophe.jail...@wanadoo.fr wrote: Hi, no APLOGNO ? ty, can you help remedy in trunk and 2.4? np. I also have added empty APLOGNO in mod_deflate + fix a comment. r1610518 in trunk r1610522 in 2.4.x CJ
Question on ap_method_* functions
Hi,
I was about to submit a patch in order to remove the 'register' keyword
in a variable declaration in 'modules/http/http_protocol.c'.
See 'ap_method_list_remove()'
I also wanted to simplify code in the surrounding ap_method_* functions.
However, I think that:
- in 'ap_method_list_add()',
l-method_mask |= (AP_METHOD_BIT methnum);
should be in the
if (methnum != M_INVALID) { ... }
block
- in 'ap_method_list_remove()',
l-method_mask |= ~(AP_METHOD_BIT methnum);
should be in the
if (methnum != M_INVALID) { ... }
block
Do you agree ?
Best regards,
CJ
[PATCH] did I understand the mod_cgid fix properly?
Index: CHANGES === --- CHANGES (revision 1610531) +++ CHANGES (working copy) @@ -16,8 +16,10 @@ *) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes - filling up the scoreboard and eventually hanging the server. Adds - CGIDScriptTimeout directive. + filling up the scoreboard and eventually hanging the server. By + default, the client I/O timeout (Timeout directive) now applies to + communication with scripts. The CGIDScriptTimeout directive can be + used to set a different timeout for communication with scripts. [Rainer Jung, Eric Covener, Yann Ylavic] *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions Make sense? -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
Re: [PATCH] did I understand the mod_cgid fix properly?
On Mon, Jul 14, 2014 at 5:18 PM, Jeff Trawick traw...@gmail.com wrote: Index: CHANGES === --- CHANGES (revision 1610531) +++ CHANGES (working copy) @@ -16,8 +16,10 @@ *) SECURITY: CVE-2014-0231 (cve.mitre.org) mod_cgid: Fix a denial of service against CGI scripts that do not consume stdin that could lead to lingering HTTPD child processes - filling up the scoreboard and eventually hanging the server. Adds - CGIDScriptTimeout directive. + filling up the scoreboard and eventually hanging the server. By + default, the client I/O timeout (Timeout directive) now applies to + communication with scripts. The CGIDScriptTimeout directive can be + used to set a different timeout for communication with scripts. [Rainer Jung, Eric Covener, Yann Ylavic] *) mod_ssl: Extend the scope of SSLSessionCacheTimeout to sessions Make sense? +1
