diff options
| author |   henning <henning@openbsd.org> | 2002-10-07 20:23:05 +0000 |
|---|---|---|
| committer | henning <henning@openbsd.org> | 2002-10-07 20:23:05 +0000 |
| commit | 643b6f823addcd38235201e661dabb67704f185a (patch) | |
| tree | abe6c1077b291daa5611b26bfffd322d464cba7f /usr.sbin/httpd/src | |
| parent | A few typos, and sync with reality. (diff) | |
| download | wireguard-openbsd-643b6f823addcd38235201e661dabb67704f185a.tar.xz wireguard-openbsd-643b6f823addcd38235201e661dabb67704f185a.zip | |
merge apache 1.3.27 and mod_ssl 2.8.11
Diffstat (limited to 'usr.sbin/httpd/src')
31 files changed, 582 insertions, 154 deletions
diff --git a/usr.sbin/httpd/src/CHANGES b/usr.sbin/httpd/src/CHANGES index 962f0aa5d5f..e75f6ab936c 100644 --- a/usr.sbin/httpd/src/CHANGES +++ b/usr.sbin/httpd/src/CHANGES @@ -1,18 +1,133 @@ +Changes with Apache 1.3.27 + + *) SECURITY: CAN-2002-0840 (cve.mitre.org) + Prevent a cross-site scripting vulnerability in the default + error page. The issue could only be exploited if the directive + UseCanonicalName is set to Off and a server is being run at + a domain that allows wildcard DNS. [Matthew Murphy] + + *) SECURITY CAN-2002-0843 (cve.mitre.org) + Fix some possible overflows in ab.c that could be exploited by + a malicious server. Reported by David Wagner. [Jim Jagielski] + + *) Included a patch submitted by Sander van Zoest (#9181) and + written by Michael Radwin whichs is essentially a work around + for the adding headers to error responses. As apache does not + go through the proper chain for non 2xx responses. This patch + adds an ErrorHeader directive; which is for non 2xx replies the + direct analog of the existing Header directive. This is usefull + during 3xx redirects or more complex 4xx auth schemes. [Dirk- + Willem van Gulik] + + *) Included the patch submitted by Sander van Zoest (#12712) which + prevents just 'anything' being sucked in when doing gobbeling in + complete directories - such as editor backup files and other + cruft. This patch allows us to tailor/control this properly by + allowing simple wildcards such as *.conf. [Dirk-Willem van Gulik] + + *) SECURITY CAN-2002-0839 (cve.mitre.org) + Add the new directive 'ShmemUIDisUser'. By default, Apache + will no longer set the uid/gid of SysV shared memory scoreboard + to User/Group, and it will therefore stay the uid/gid of + the parent Apache process. This is actually the way it should + be, however, some implementations may still require this, which + can be enabled by 'ShmemUIDisUser On'. Reported by iDefense. + [Jim Jagielski] + + *) Fix a problem with the definition of union semun which broke + System V semaphores on systems where sizeof(int) != sizeof(long). + PR 12072 [<winterling@de.ibm.com>] + + *) The protocol version (eg: HTTP/1.1) in the request line parsing + is now case insensitive. This closes a few PRs and implies that + ProtocolReqCheck will trigger on *true* invalid protocols. + [Jim Jagielski] + + *) Relaxed mod_digest its parsing in order to make it work + with iCal's "WebDAVFS/1.2 (01208000) Darwin/6.0 (Power Macintosh)" + User-Agent. Apache (incorrectly) insisted on a quoted URI's + in the uri field of the Authorization client header. Not + yet done for EBCDIC plaforms. + [Dirk-Willem van Gulik] + + *) Back out an older patch for PR 9932, which had some incorrect + behavior. Instead, use a backport of the APR fix. This has + the nice effect that ap_snprintf() can now distinguish between + an output which was truncated, and an output which exactly + filled the buffer. [Jim Jagielski] + + *) The cache in mod_proxy was incorrectly updating the Content-Length + value (to 0) from 304 responses when doing validation. Bugz#10128 + [Paul Terry <paul.terry@gmx.net>, ast@domdv.de, Jim Jagielski] + + *) Added support for Berkeley-DB/4.x to mod_auth_db. + [Martin Kraemer] + + *) PR 10993: add image/x-icon to default httpd.conf files + [Ian Holsman, Peter Bieringer <pb@bieringer.de> + + *) Fix a problem in proxy where headers from other modules were + added to the response headers when this was already done in the + core already. This resulted in header (and therefore cookie) + duplication. [Martijn Schoemaker <martijn@osp.nl>] + + *) Fix FileETags none operation. PR 12202. + [Justin Erenkrantz, Andrew Ho <andrew@tellme.com>] + + *) Win32: Fix one byte buffer overflow in ap_get_win32_interpreter + when a CGI script's #! line does not contain a \r or \n (i.e. + a line feed character) in the first 1023 bytes. The overflow + is always a '\0' (string termination) character. + + *) Add new "suppress-error-charset" environment variable to + allow a BrowserMatch workaround for clients that incorrectly + use the charset of a redirect as the charset of the target. + [Ken Coar] + + *) Support Caldera OpenUNIX 8. [Larry Rosenman <ler@lerctr.org>] + + *) Use SysV semaphores by default on OpenBSD. [Henning Brauer + <hb-apache-dev@bsws.de>] + + *) httpd -V will now also print out the compile time defined + HARD_SERVER_LIMIT value. [Dirk-Willem van Gulik]. + + *) In 1.3.26, a null or all blank Content-Length field would be + triggered as an error; previous versions would silently ignore + this and assume 0. As a special case, we now allow this and + behave as we previously did. HOWEVER, previous versions would + also silently accept bogus C-L values; We do NOT do that. That + *is* an invalid value and we treat it as such. + [Jim Jagielski] + + *) Add ProtocolReqCheck directive, which determines if Apache will + check for a valid protocol string in the request (eg: HTTP/1.1) + and return HTTP_BAD_REQUEST if not valid. Versions of Apache + prior to 1.3.26 would silently ignore bad protocol strings, but + 1.3.26 included a more strict check. This makes it runtime + configurable. The default is On. This also removes the requirement + on an ANSI sscanf() implementation. [Jim Jagielski] + + *) NetWare: implemented file locking in mod_rewrite for the NetWare + CLib platform. This fixes a bug that prevented rewrite logging + from working. [Brad Nicholes] + Changes with Apache 1.3.26 *) Potential NULL referencing fixed in the CGI module. It had been there for 5 years. [Justin Erenkrantz] *) Ensure that we set the result value in ap_strtol before - we return it. [The whole gang again] + we return it. [Justin Erenkrantz, Jim Jagielski] Changes with Apache 1.3.25 - *) Code changes required to address and close the security - issues in CAN-2002-0392 (mitre.org) [CERT VU#944335]. - To support this, we utilize the ANSI functionality of - strtol, and provide ap_strtol for completeness. - [The whole gang] + *) SECURITY: CAN-2002-0392 (cve.mitre.org) [CERT VU#944335] + Code changes required to address and close chunked + encoding security issues. To support this, we utilize the ANSI + functionality of strtol, and provide ap_strtol for completeness. + [Aaron Bannert, Justin Erenkrantz, Jim Jagielski, Brian Pane, + William Rowe, Cliff Woolley] *) PORT: With OpenBSD 3.1 and up, allow modules to work on their ELF-based architectures. [Brad <brad@openbsd.org>] @@ -112,7 +227,7 @@ Changes with Apache 1.3.24 *) Fixed a segfault in mod_include when #if, #elif, #else, or #endif directives were improperly terminated. [Cliff Woolley] - *) Win32 Security: CAN-2002-0061 + *) Win32 SECURITY: CAN-2002-0061 (cve.mitre.org) Introduce proper escaping of command.com and cmd.exe for Win32. These patches close vulnerability CAN-2002-0061, identified and reported by Ory Segal <ory.segal@sanctuminc>, by which any CGI @@ -502,16 +617,15 @@ Changes with Apache 1.3.21 just happened to be index.html.zh.Big5. [Bill Stoddard, Bill Rowe] PR #8130 - *) Security: Close autoindex /?M=D directory listing hole reported + *) SECURITY: CAN-2001-0731 (cve.mitre.org) + Close autoindex /?M=D directory listing hole reported in bugtraq id 3009. In some configurations where multiviews and indexes are enabled for a directory, requesting URI /?M=D could result in a directory listing being returned to the client rather than the negotiated index.html variant that was configured and expected. The work around for this problem (for pre 1.3.21 releases) is to disable Indexes or Multiviews in the affected - directories. The Common Vulnerabilities and Exposures project - (cve.mitre.org) has assigned the name CAN-2001-0731 to this issue. - [Bill Stoddard, Bill Rowe] + directories. [Bill Stoddard, Bill Rowe] *) Enabled Win32/OS2/Netware file paths (not / rooted, but c:/ rooted) as arguments for mod_vhost_alias'es directives. [William Rowe] @@ -525,15 +639,14 @@ Changes with Apache 1.3.21 *) PORT: Some Cygwin changes, esp. improvements for dynamic loading, and cleanups. [Stipe Tolj <tolj@wapme-systems.de>] - *) Win32 SECURITY: The default installation could lead to mod_negotiation + *) Win32 SECURITY: CAN-2001-0729 (cve.mitre.org) + The default installation could lead to mod_negotiation and mod_dir/mod_autoindex displaying a directory listing instead of the index.html.* files, if a very long path was created artificially by using many slashes. Now a 403 FORBIDDEN is returned. This problem was similar to and in the same area as the problem reported and fixed by Martin Kraemer in 1.3.18, only the scope - is much narrower and is specific to Windows. The Common - Vulnerabilities and Exposures project (cve.mitre.org) has assigned the - name CAN-2001-0729 to this issue. [Bill Stoddard] + is much narrower and is specific to Windows. [Bill Stoddard] *) Update the mime.types file to the registered media types as of 2001-09-25, and add xsl, so, dll extensions [Mark Cox] @@ -616,13 +729,12 @@ Changes with Apache 1.3.21 before contacting the next proxy, and was thus unusable for SSL proxying. [Martin Kraemer] - *) SECURITY: Make support/split-logfile use the default log file if + *) SECURITY: CAN-2001-0730 (cve.mitre.org) + Make support/split-logfile use the default log file if "/" or "\" are present in the virtual host name. This prevents the possible use of specially crafted virtual host names in some configurations to allow writing to any .log file on the - system. The Common Vulnerabilities and Exposures project - (cve.mitre.org) has assigned the name CAN-2001-0730 to this issue. - [Daniel Matuschek <daniel.matuschek@swisscom.com>, + system. [Daniel Matuschek <daniel.matuschek@swisscom.com>, Marc Slemko] PR#7848 *) Added a directive: "AcceptFilter <on|off>". To control BSD @@ -692,7 +804,8 @@ Changes with Apache 1.3.20 *) Autodetect if platforms have isnan() and/or isinf() for use in ap_snprintf.c. [Jim Jagielski] - *) Security/DoS: Correct a vulnerability in the Win32 and OS2 ports, by which a + *) SECURITY DoS: CAN-2001-1342 (cve.mitre.org) + Correct a vulnerability in the Win32 and OS2 ports, by which a client submitting a carefully constructed URI could cause a GP (segment) fault in the child process, which would have to be cleared by the operator to resume operation. This vulnerability @@ -829,10 +942,11 @@ Changes with Apache 1.3.18 [not released] *) Apache on Win9x now ensures the service is stopped before removal. [William Rowe] - *) SECURITY: The default installation could lead to mod_negotiation + *) SECURITY: CAN-2001-0925 (cve.mitre.org) + The default installation could lead to mod_negotiation and mod_dir/mod_autoindex displaying a directory listing instead of the index.html.* files, if a very long path was created artificially - by using many slashes. Now a 403 FORBIDDEN is returned. CAN-2001-0925. + by using many slashes. Now a 403 FORBIDDEN is returned. [Martin Kraemer] *) Trailing slashes (if they exist) are now removed from ServerRoot, @@ -1101,7 +1215,7 @@ Changes with Apache 1.3.13 [not released] tree, and other minor MPE tweaks. [Mark Bixby <mark_bixby@hp.com>] - *) Security: Tighten up the syntax checking of Host: headers to fix a + *) SECURITY: Tighten up the syntax checking of Host: headers to fix a security bug in some mass virtual hosting configurations that can allow a remote attacker to retrieve some files on the system that should be inaccessible. [Tony Finch] @@ -1114,7 +1228,7 @@ Changes with Apache 1.3.13 [not released] SHA1 and plaintext password encodings. Make feature tests a bit more flexible. [William Rowe] - *) Security: CVE-2000-0913 + *) SECURITY: CVE-2000-0913 (cve.mitre.org) Fix a security problem that affects some configurations of mod_rewrite. If the result of a RewriteRule is a filename that contains expansion specifiers, especially regexp backreferences @@ -1218,8 +1332,9 @@ Changes with Apache 1.3.13 [not released] for modules and executables dynamically linked to the core. [William Rowe; Jim Patterson <jim-patterson@ncf.ca>] - *) Prevent the source code for CGIs from being revealed when using - mod_vhost_alias and the CGI directory is under the document root + *) SECURITY: CAN-2000-1204 (cve.mitre.org) + Prevent the source code for CGIs from being revealed when + using mod_vhost_alias and the CGI directory is under the document root and a user makes a request like http://www.example.com//cgi-bin/cgi as reported in <news:960999105.344321@ernani.logica.co.uk> [Tony Finch] @@ -1277,9 +1392,10 @@ Changes with Apache 1.3.13 [not released] <Directory> containers, and in .htaccess files when FileInfo overriding is allowed. [Ken Coar] PR#3000 - *) Fix Win32 bug when pathname length exactly equals MAX_PATH. + *) SECURITY: CVE-2000-0505 (cve.mitre.org) + Fix Win32 bug when pathname length exactly equals MAX_PATH. This bug caused directory index to be displayed rather than - returning an error. [Allan Edwards <ake@raleigh.ibm.com>] + returning an error. [Allan Edwards <ake@raleigh.ibm.com>] *) Correct mod_proxy Win95 dynamic link __declspec(thread) bug. David Whitmarsh <david.whitmarsh@dial.pipex.com> @@ -1512,10 +1628,12 @@ Changes with Apache 1.3.12 the given character set on any document that does not have one explicitly specified in the headers. [Marc Slemko, Jim Jagielski] - *) Properly escape various messages output to the client from a number + *) SECURITY: CAN-2000-1205 (cve.mitre.org) + Properly escape various messages output to the client from a number of modules and places in the core code. [Marc Slemko] - *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to + *) SECURITY: CAN-2000-1205 (cve.mitre.org) + Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to not consider any parameters such as charset when making decisions based on content type. This does remove some functionality for some users, but means that when these modules are configured to do @@ -1524,7 +1642,8 @@ Changes with Apache 1.3.12 want to set things on a per charset basis is necessary in the future. [Marc Slemko] - *) mod_include now entity encodes output from "printenv" and "echo var" + *) SECURITY: CAN-2000-1205 (cve.mitre.org) + mod_include now entity encodes output from "printenv" and "echo var" by default. The encoding for "echo var" can be set to URL encoding or no encoding using the new "encoding" attribute to the echo tag. [Marc Slemko] @@ -1582,8 +1701,9 @@ Changes with Apache 1.3.10 *) Add back support for UseCanonicalName in <Directory> containers [Manoj Kasichainula] - *) More rigorous checking of Host: headers to fix security problems - with mass name-based virtual hosting (whether using mod_rewrite + *) SECURITY: CAN-2000-1206 (cve.mitre.org) + More rigorous checking of Host: headers to fix security + problems with mass name-based virtual hosting (whether using mod_rewrite or mod_vhost_alias). [Ben Hyde, Tony Finch] @@ -3551,7 +3671,8 @@ Changes with Apache 1.3.2 *) SECURITY: Eliminate O(n^2) space DoS attacks (and other O(n^2) cpu time attacks) in header parsing. Add ap_overlap_tables(), a function which can be used to perform bulk update operations - on tables in a more efficient manner. [Dean Gaudet] + on tables in a more efficient manner. CAN-1999-1199 (cve.mitre.org) + [Dean Gaudet] *) SECURITY: Added compile-time and configurable limits for various aspects of reading a client request to avoid some simple diff --git a/usr.sbin/httpd/src/CHANGES.SSL b/usr.sbin/httpd/src/CHANGES.SSL index da9c699b186..914307cc0ff 100644 --- a/usr.sbin/httpd/src/CHANGES.SSL +++ b/usr.sbin/httpd/src/CHANGES.SSL @@ -23,6 +23,22 @@ / __/ | (_) | __ |_____(_)___/ ___________________________________________ + Changes with mod_ssl 2.8.11 (24-Jun-2002 to 04-Oct-2002) + + *) Upgraded to Apache 1.3.27. + + *) Fixed internal error handling for CRL verification. + + *) Initialize OpenSSL ENGINE before initializing OpenSSL + to workaround problems with the PRNG. + + *) Also find "openssl" executable in "sbin" directories. + + *) Honor specified number of maximum bytes on SSLRandomSeed + if reading from EGD. + + *) Fixed generation of SSL_CLIENT_CERT_CHAIN_[0-9] variables. + Changes with mod_ssl 2.8.10 (19-Jun-2002 to 24-Jun-2002) *) Fixed off-by-one buffer overflow bug in the compatibility diff --git a/usr.sbin/httpd/src/Configure b/usr.sbin/httpd/src/Configure index 9bee3519645..4f4e29fa676 100644 --- a/usr.sbin/httpd/src/Configure +++ b/usr.sbin/httpd/src/Configure @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: Configure,v 1.20 2002/07/19 21:31:15 henning Exp $ +# $OpenBSD: Configure,v 1.21 2002/10/07 20:23:06 henning Exp $ ## ==================================================================== ## The Apache Software License, Version 1.1 ## @@ -633,6 +633,12 @@ case "$PLAT" in LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv" DBM_LIB="" ;; + *-OpenUNIX) + OS='OpenUNIX' + CFLAGS="$CFLAGS -DUW=800" + LIBS="$LIBS -lsocket -lnsl -lcrypt -lgen -lresolv" + DBM_LIB="" + ;; maxion-*-sysv4*) OS='SVR4' CFLAGS="$CFLAGS -DSVR4" @@ -1270,6 +1276,16 @@ if [ "x$using_shlib" = "x1" ] ; then LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" ;; + *-OpenUNIX*) + case $CC in + */gcc|gcc ) CFLAGS_SHLIB="-fpic" ;; + */cc|cc ) CFLAGS_SHLIB="-KPIC" ;; + esac + LDFLAGS_SHLIB="-Bdynamic -G" + LDFLAGS_MOD_SHLIB=$LDFLAGS_SHLIB + LDFLAGS_SHLIB_EXPORT="-Wl,-Bexport" + LD_SHLIB=$CC + ;; *-sco5*) case $CC in */gcc*|gcc* ) CFLAGS_SHLIB="-fpic" ;; @@ -2005,7 +2021,7 @@ if [ "x$using_shlib" = "x1" ] ; then # select the special subtarget for shared core generation SUBTARGET=target_shared # determine additional suffixes for libhttpd.so - V=1 R=3 P=26 + V=1 R=3 P=27 if [ "x$SHLIB_SUFFIX_DEPTH" = "x0" ]; then SHLIB_SUFFIX_LIST="" fi diff --git a/usr.sbin/httpd/src/ap/ap_snprintf.c b/usr.sbin/httpd/src/ap/ap_snprintf.c index 43f80fbd5e9..ffa0c366dbe 100644 --- a/usr.sbin/httpd/src/ap/ap_snprintf.c +++ b/usr.sbin/httpd/src/ap/ap_snprintf.c @@ -1158,10 +1158,7 @@ API_EXPORT(int) ap_vformatter(int (*flush_func)(ap_vformatter_buff *), fmt++; } vbuff->curpos = sp; - if (sp >= bep) { - if (flush_func(vbuff)) - return -1; - } + return cc; } diff --git a/usr.sbin/httpd/src/helpers/GuessOS b/usr.sbin/httpd/src/helpers/GuessOS index 45eed624d5d..d2c27a5bd39 100644 --- a/usr.sbin/httpd/src/helpers/GuessOS +++ b/usr.sbin/httpd/src/helpers/GuessOS @@ -72,6 +72,9 @@ if [ "x$XREL" != "x" ]; then 7*) echo "${MACHINE}-whatever-unixware7"; exit 0 ;; + 8*) + echo "${MACHINE}-whatever-OpenUNIX"; exit 0 + ;; esac ;; esac diff --git a/usr.sbin/httpd/src/helpers/binbuild.sh b/usr.sbin/httpd/src/helpers/binbuild.sh index 616aa5b224c..570a7da6a17 100644 --- a/usr.sbin/httpd/src/helpers/binbuild.sh +++ b/usr.sbin/httpd/src/helpers/binbuild.sh @@ -91,13 +91,12 @@ echo "Creating supplementary files..." echo " " && \ echo "NOTE: Please do not send support-related mails to the address mentioned" && \ echo " above or to any member of the Apache Group! Support questions" && \ - echo " should be directed to the \"comp.infosystems.www.servers.unix\"" && \ - echo " or \"comp.infosystems.www.servers.ms-windows\" newsgroup" && \ - echo " (as appropriate for the platform you use), where some of the" && \ - echo " Apache team lurk, in the company of many other Apache gurus" && \ - echo " who should be able to help." && \ + echo " should be directed to the forums mentioned at" && \ + echo " http://httpd.apache.org/lists.html#http-users" && \ + echo " where some of the Apache team lurk, in the company of many other" && \ + echo " Apache gurus who should be able to help." && \ echo " If you think you found a bug in Apache or have a suggestion please" && \ - echo " visit the bug report page at http://www.apache.org/bug_report.html" && \ + echo " visit the bug report page at http://httpd.apache.org/bug_report.html" && \ echo " " && \ echo "----------------------------------------------------------------------" && \ ./bindist/bin/httpd -V && \ diff --git a/usr.sbin/httpd/src/include/ap.h b/usr.sbin/httpd/src/include/ap.h index 4eee68b4851..0be49bf9a6d 100644 --- a/usr.sbin/httpd/src/include/ap.h +++ b/usr.sbin/httpd/src/include/ap.h @@ -157,11 +157,13 @@ API_EXPORT(int) ap_vformatter(int (*flush_func)(ap_vformatter_buff *), * Process the format string until the entire string is exhausted, or * the buffer fills. If the buffer fills then stop processing immediately * (so no further %n arguments are processed), and return the buffer - * length. In all cases the buffer is NUL terminated. + * length. In all cases the buffer is NUL terminated. The return value + * is the number of characters placed in the buffer, excluding the + * terminating NUL. All this implies that, at most, (len-1) characters + * will be copied over; if the return value is >= len, then truncation + * occured. * - * In no event does ap_snprintf return a negative number. It's not possible - * to distinguish between an output which was truncated, and an output which - * exactly filled the buffer. + * In no event does ap_snprintf return a negative number. */ API_EXPORT_NONSTD(int) ap_snprintf(char *buf, size_t len, const char *format,...) __attribute__((format(printf,3,4))); diff --git a/usr.sbin/httpd/src/include/http_conf_globals.h b/usr.sbin/httpd/src/include/http_conf_globals.h index 6a843fc7cc2..be861dfd29c 100644 --- a/usr.sbin/httpd/src/include/http_conf_globals.h +++ b/usr.sbin/httpd/src/include/http_conf_globals.h @@ -106,6 +106,9 @@ extern API_VAR_EXPORT char *ap_server_argv0; extern enum server_token_type ap_server_tokens; +extern API_VAR_EXPORT int ap_protocol_req_check; +extern API_VAR_EXPORT int ap_change_shmem_uid; + /* Trying to allocate these in the config pool gets us into some *nasty* * chicken-and-egg problems in http_main.c --- where do you stick them * when pconf gets cleared? Better to just allocate a little space diff --git a/usr.sbin/httpd/src/include/httpd.h b/usr.sbin/httpd/src/include/httpd.h index d68c52e4f98..5628c0d34af 100644 --- a/usr.sbin/httpd/src/include/httpd.h +++ b/usr.sbin/httpd/src/include/httpd.h @@ -457,7 +457,7 @@ extern "C" { #define SERVER_BASEVENDOR "Apache Group" #define SERVER_BASEPRODUCT "Apache" -#define SERVER_BASEREVISION "1.3.26" +#define SERVER_BASEREVISION "1.3.27" #define SERVER_BASEVERSION SERVER_BASEPRODUCT "/" SERVER_BASEREVISION #define SERVER_PRODUCT SERVER_BASEPRODUCT @@ -481,7 +481,7 @@ API_EXPORT(void) ap_add_config_define(const char *define); * Always increases along the same track as the source branch. * For example, Apache 1.4.2 would be '10402100', 2.5b7 would be '20500007'. */ -#define APACHE_RELEASE 10326100 +#define APACHE_RELEASE 10327100 #define SERVER_PROTOCOL "HTTP/1.1" #ifndef SERVER_SUPPORT diff --git a/usr.sbin/httpd/src/main/alloc.c b/usr.sbin/httpd/src/main/alloc.c index 95772f166dd..ded560b130d 100644 --- a/usr.sbin/httpd/src/main/alloc.c +++ b/usr.sbin/httpd/src/main/alloc.c @@ -1068,37 +1068,45 @@ struct psprintf_data { #endif }; +#define AP_PSPRINTF_MIN_SIZE 32 /* Minimum size of allowable avail block */ + static int psprintf_flush(ap_vformatter_buff *vbuff) { struct psprintf_data *ps = (struct psprintf_data *)vbuff; #ifdef ALLOC_USE_MALLOC - int size; + int cur_len, size; char *ptr; - size = (char *)ps->vbuff.curpos - ps->base; + cur_len = (char *)ps->vbuff.curpos - ps->base; + size = cur_len << 1; + if (size < AP_PSPRINTF_MIN_SIZE) + size = AP_PSPRINTF_MIN_SIZE; #if defined(EAPI) && defined(EAPI_MM) if (ps->block->h.is_shm) - ptr = ap_mm_realloc(ps->base, 2*size); + ptr = ap_mm_realloc(ps->base, size); else #endif - ptr = realloc(ps->base, 2*size); + ptr = realloc(ps->base, size); if (ptr == NULL) { fputs("Ouch! Out of memory!\n", stderr); exit(1); } ps->base = ptr; - ps->vbuff.curpos = ptr + size; - ps->vbuff.endpos = ptr + 2*size - 1; + ps->vbuff.curpos = ptr + cur_len; + ps->vbuff.endpos = ptr + size - 1; return 0; #else union block_hdr *blok; union block_hdr *nblok; - size_t cur_len; + size_t cur_len, size; char *strp; blok = ps->blok; strp = ps->vbuff.curpos; cur_len = strp - blok->h.first_avail; + size = cur_len << 1; + if (size < AP_PSPRINTF_MIN_SIZE) + size = AP_PSPRINTF_MIN_SIZE; /* must try another blok */ #if defined(EAPI) && defined(EAPI_MM) @@ -1107,9 +1115,9 @@ static int psprintf_flush(ap_vformatter_buff *vbuff) #endif (void) ap_acquire_mutex(alloc_mutex); #if defined(EAPI) && defined(EAPI_MM) - nblok = new_block(2 * cur_len, blok->h.is_shm); + nblok = new_block(size, blok->h.is_shm); #else - nblok = new_block(2 * cur_len); + nblok = new_block(size); #endif (void) ap_release_mutex(alloc_mutex); #if defined(EAPI) && defined(EAPI_MM) @@ -1196,6 +1204,8 @@ API_EXPORT(char *) ap_pvsprintf(pool *p, const char *fmt, va_list ap) ps.vbuff.endpos = ps.blok->h.endp - 1; /* save one for NUL */ ps.got_a_new_block = 0; + if (ps.blok->h.first_avail == ps.blok->h.endp) + psprintf_flush(&ps.vbuff); /* ensure room for NUL */ ap_vformatter(psprintf_flush, &ps.vbuff, fmt, ap); strp = ps.vbuff.curpos; diff --git a/usr.sbin/httpd/src/main/http_config.c b/usr.sbin/httpd/src/main/http_config.c index 2e58f432116..f85562276ae 100644 --- a/usr.sbin/httpd/src/main/http_config.c +++ b/usr.sbin/httpd/src/main/http_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_config.c,v 1.11 2002/10/07 07:43:13 henning Exp $ */ +/* $OpenBSD: http_config.c,v 1.12 2002/10/07 20:23:06 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -83,6 +83,7 @@ #include "http_conf_globals.h" /* Sigh... */ #include "http_vhost.h" #include "explain.h" +#include "fnmatch.h" DEF_Explain @@ -1263,7 +1264,7 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p const char *errmsg; cmd_parms parms; struct stat finfo; - + int ispatt; fname = ap_server_root_relative(p, fname); if (!(strcmp(fname, ap_server_root_relative(p, RESOURCE_CONFIG_FILE))) || @@ -1288,12 +1289,36 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p * horrible loops). If so, let's recurse and toss it back into * the function. */ - if (ap_is_rdirectory(fname)) { + ispatt = ap_is_fnmatch(fname); + if (ispatt || ap_is_rdirectory(fname)) { DIR *dirp; struct DIR_TYPE *dir_entry; int current; array_header *candidates = NULL; fnames *fnew; + char *path = ap_pstrdup(p,fname); + char *pattern = NULL; + + if(ispatt && (pattern = strrchr(path, '/')) != NULL) { + *pattern++ = '\0'; + if (ap_is_fnmatch(path)) { + fprintf(stderr, "%s: wildcard patterns not allowed in Include " + "%s\n", ap_server_argv0, fname); + exit(1); + } + + if (!ap_is_rdirectory(path)){ + fprintf(stderr, "%s: Include directory '%s' not found", + ap_server_argv0, path); + exit(1); + } + if (!ap_is_fnmatch(pattern)) { + fprintf(stderr, "%s: must include a wildcard pattern " + "for Include %s\n", ap_server_argv0, fname); + exit(1); + } + } + /* * first course of business is to grok all the directory @@ -1301,11 +1326,11 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p * for this. */ fprintf(stderr, "Processing config directory: %s\n", fname); - dirp = ap_popendir(p, fname); + dirp = ap_popendir(p, path); if (dirp == NULL) { perror("fopen"); fprintf(stderr, "%s: could not open config directory %s\n", - ap_server_argv0, fname); + ap_server_argv0, path); #ifdef NETWARE clean_parent_exit(1); #else @@ -1316,9 +1341,11 @@ CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p while ((dir_entry = readdir(dirp)) != NULL) { /* strip out '.' and '..' */ if (strcmp(dir_entry->d_name, ".") && - strcmp(dir_entry->d_name, "..")) { + strcmp(dir_entry->d_name, "..") && + (!ispatt || + !ap_fnmatch(pattern,dir_entry->d_name, FNM_PERIOD)) ) { fnew = (fnames *) ap_push_array(candidates); - fnew->fname = ap_make_full_path(p, fname, dir_entry->d_name); + fnew->fname = ap_make_full_path(p, path, dir_entry->d_name); } } ap_pclosedir(p, dirp); diff --git a/usr.sbin/httpd/src/main/http_core.c b/usr.sbin/httpd/src/main/http_core.c index 1262fb20b2f..2580fc54a29 100644 --- a/usr.sbin/httpd/src/main/http_core.c +++ b/usr.sbin/httpd/src/main/http_core.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_core.c,v 1.13 2002/10/04 11:29:52 henning Exp $ */ +/* $OpenBSD: http_core.c,v 1.14 2002/10/07 20:23:06 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -1044,7 +1044,7 @@ API_EXPORT (file_type_e) ap_get_win32_interpreter(const request_rec *r, if ((buffer[0] == '#') && (buffer[1] == '!')) { /* Assuming file is a script since it starts with a shebang */ fileType = eFileTypeSCRIPT; - for (i = 2; i < sizeof(buffer); i++) { + for (i = 2; i < (sizeof(buffer) - 1); i++) { if ((buffer[i] == '\r') || (buffer[i] == '\n')) { break; @@ -2829,6 +2829,30 @@ static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name) } #endif /*_OSD_POSIX*/ +static const char *set_protocol_req_check(cmd_parms *cmd, + core_dir_config *d, int arg) +{ + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + + ap_protocol_req_check = arg != 0; + return NULL; +} + +static const char *set_change_shmem_uid(cmd_parms *cmd, + core_dir_config *d, int arg) +{ + const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); + if (err != NULL) { + return err; + } + + ap_change_shmem_uid = arg != 0; + return NULL; +} + /* * Handle a request to include the server's OS platform in the Server * response header field (the ServerTokens directive). Unfortunately @@ -2836,7 +2860,6 @@ static const char *set_bs2000_account(cmd_parms *cmd, void *dummy, char *name) * http_main so it can insert the information in the right place in the * string. */ - static const char *set_serv_tokens(cmd_parms *cmd, void *dummy, char *arg) { const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); @@ -3462,6 +3485,10 @@ static const command_rec core_cmds[] = { (void*)XtOffsetOf(core_dir_config, limit_req_body), OR_ALL, TAKE1, "Limit (in bytes) on maximum size of request message body" }, +{ "ProtocolReqCheck", set_protocol_req_check, NULL, RSRC_CONF, FLAG, + "Enable strict checking of Protocol type in requests" }, +{ "ShmemUIDisUser", set_change_shmem_uid, NULL, RSRC_CONF, FLAG, + "Enable the setting of SysV shared memory scoreboard uid/gid to User/Group" }, { "AcceptMutex", set_accept_mutex, NULL, RSRC_CONF, TAKE1, "Serialized Accept Mutex; the methods " #ifdef HAVE_USLOCK_SERIALIZED_ACCEPT @@ -3864,7 +3891,8 @@ static int default_handler(request_rec *r) if (r->method_number == M_INVALID) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, - "Invalid method in request %s", r->the_request); + "Invalid method in request %s", + ap_escape_logitem(r->pool, r->the_request)); return NOT_IMPLEMENTED; } if (r->method_number == M_OPTIONS) { diff --git a/usr.sbin/httpd/src/main/http_main.c b/usr.sbin/httpd/src/main/http_main.c index b6c22b06afb..793c120dcc0 100644 --- a/usr.sbin/httpd/src/main/http_main.c +++ b/usr.sbin/httpd/src/main/http_main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: http_main.c,v 1.25 2002/09/09 14:21:18 henning Exp $ */ +/* $OpenBSD: http_main.c,v 1.26 2002/10/07 20:23:06 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -395,6 +395,7 @@ static int my_child_num; #ifdef TPF int tpf_child = 0; char tpf_server_name[INETD_SERVNAME_LENGTH+1]; +char tpf_mutex_key[TPF_MUTEX_KEY_SIZE]; #endif /* TPF */ scoreboard *ap_scoreboard_image = NULL; @@ -409,6 +410,11 @@ static int version_locked = 0; /* Global, alas, so http_core can talk to us */ enum server_token_type ap_server_tokens = SrvTk_FULL; +/* Also global, for http_core and http_protocol */ +API_VAR_EXPORT int ap_protocol_req_check = 1; + +API_VAR_EXPORT int ap_change_shmem_uid = 0; + /* * This routine is called when the pconf pool is vacuumed. It resets the * server version string to a known value and [re]enables modifications @@ -780,9 +786,8 @@ accept_mutex_methods_s accept_mutex_pthread_s = { #include <sys/sem.h> #ifdef NEED_UNION_SEMUN -/* it makes no sense, but this isn't defined on solaris */ union semun { - long val; + int val; struct semid_ds *buf; ushort *array; }; @@ -1113,7 +1118,7 @@ static int tpf_core_held; static void accept_mutex_cleanup_tpfcore(void *foo) { if(tpf_core_held) - coruc(RESOURCE_KEY); + deqc(tpf_mutex_key, QUAL_S); } #define accept_mutex_init_tpfcore(x) @@ -1126,14 +1131,14 @@ static void accept_mutex_child_init_tpfcore(pool *p) static void accept_mutex_on_tpfcore(void) { - corhc(RESOURCE_KEY); + enqc(tpf_mutex_key, ENQ_WAIT, 0, QUAL_S); tpf_core_held = 1; ap_check_signals(); } static void accept_mutex_off_tpfcore(void) { - coruc(RESOURCE_KEY); + deqc(tpf_mutex_key, QUAL_S); tpf_core_held = 0; ap_check_signals(); } @@ -2377,7 +2382,9 @@ static void setup_shared_mem(pool *p) * We exit below, after we try to remove the segment */ } - else { /* only worry about permissions if we attached the segment */ + /* only worry about permissions if we attached the segment + and we want/need to change the uid/gid */ + else if (ap_change_shmem_uid) { if (shmctl(shmid, IPC_STAT, &shmbuf) != 0) { ap_log_error(APLOG_MARK, APLOG_ERR, server_conf, "shmctl() could not stat segment #%d", shmid); @@ -4164,6 +4171,7 @@ static void show_compile_settings(void) printf(" -D PIPE_BUF=%ld\n",(long)PIPE_BUF); #endif #endif + printf(" -D HARD_SERVER_LIMIT=%ld\n",(long)HARD_SERVER_LIMIT); #ifdef MULTITHREAD printf(" -D MULTITHREAD\n"); #endif @@ -5634,6 +5642,7 @@ int REALMAIN(int argc, char *argv[]) memcpy(tpf_server_name, input_parms.parent.servname, INETD_SERVNAME_LENGTH); tpf_server_name[INETD_SERVNAME_LENGTH + 1] = '\0'; + sprintf(tpf_mutex_key, "%.*x", TPF_MUTEX_KEY_SIZE - 1, getpid()); ap_open_logs(server_conf, plog); ap_tpf_zinet_checks(ap_standalone, tpf_server_name, server_conf); ap_tpf_save_argv(argc, argv); /* save argv parms for children */ @@ -7452,7 +7461,7 @@ int REALMAIN(int argc, char *argv[]) while ((c = getopt(argc, argv, "D:C:c:Xd:f:vVlLz:Z:wiuStThk:n:W:")) != -1) { #else /* !WIN32 */ - while ((c = getopt(argc, argv, "D:C:c:Xd:fF:vVlLesStTh")) != -1) { + while ((c = getopt(argc, argv, "D:C:c:Xd:Ff:vVlLesStTh")) != -1) { #endif char **new; switch (c) { diff --git a/usr.sbin/httpd/src/main/http_protocol.c b/usr.sbin/httpd/src/main/http_protocol.c index df87e217b20..80fcf8b558c 100644 --- a/usr.sbin/httpd/src/main/http_protocol.c +++ b/usr.sbin/httpd/src/main/http_protocol.c @@ -123,25 +123,33 @@ static const char *make_content_type(request_rec *r, const char *type) { "text/html", NULL }; char **pcset; - core_dir_config *conf = (core_dir_config *)ap_get_module_config( - r->per_dir_config, &core_module); - if (!type) type = ap_default_type(r); - if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) return type; + core_dir_config *conf; + + conf = (core_dir_config *)ap_get_module_config(r->per_dir_config, + &core_module); + if (!type) { + type = ap_default_type(r); + } + if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) { + return type; + } if (ap_strcasestr(type, "charset=") != NULL) { /* already has parameter, do nothing */ /* XXX we don't check the validity */ ; - } else { + } + else { /* see if it makes sense to add the charset. At present, * we only add it if the Content-type is one of needcset[] */ - for (pcset = needcset; *pcset ; pcset++) + for (pcset = needcset; *pcset ; pcset++) { if (ap_strcasestr(type, *pcset) != NULL) { type = ap_pstrcat(r->pool, type, "; charset=", - conf->add_default_charset_name, NULL); + conf->add_default_charset_name, NULL); break; } + } } return type; } @@ -729,6 +737,11 @@ API_EXPORT(void) ap_set_etag(request_rec *r) if (!r->vlist_validator) { etag = ap_make_etag(r, 0); + + /* If we get a blank etag back, don't set the header. */ + if (!etag[0]) { + return; + } } else { /* If we have a variant list validator (vlv) due to the @@ -752,8 +765,12 @@ API_EXPORT(void) ap_set_etag(request_rec *r) variant_etag = ap_make_etag(r, vlv_weak); - /* merge variant_etag and vlv into a structured etag */ + /* If we get a blank etag back, don't append vlv and stop now. */ + if (!variant_etag[0]) { + return; + } + /* merge variant_etag and vlv into a structured etag */ variant_etag[strlen(variant_etag) - 1] = '\0'; if (vlv_weak) vlv += 3; @@ -983,7 +1000,8 @@ static int read_request_line(request_rec *r) const char *uri; conn_rec *conn = r->connection; unsigned int major = 1, minor = 0; /* Assume HTTP/1.0 if non-"HTTP" protocol */ - int len, n; + int len = 0; + int valid_protocol = 1; /* Read past empty lines until we get a real request line, * a read error, the connection closes (EOF), or we timeout. @@ -1045,26 +1063,44 @@ static int read_request_line(request_rec *r) r->assbackwards = (ll[0] == '\0'); r->protocol = ap_pstrdup(r->pool, ll[0] ? ll : "HTTP/0.9"); - if (2 == sscanf(r->protocol, "HTTP/%u.%u%n", &major, &minor, &n) - && minor < HTTP_VERSION(1,0)) /* don't allow HTTP/0.1000 */ - r->proto_num = HTTP_VERSION(major, minor); + /* Avoid sscanf in the common case */ + if (strlen(r->protocol) == 8 + && r->protocol[0] == 'H' && r->protocol[1] == 'T' + && r->protocol[2] == 'T' && r->protocol[3] == 'P' + && r->protocol[4] == '/' && ap_isdigit(r->protocol[5]) + && r->protocol[6] == '.' && ap_isdigit(r->protocol[7])) { + r->proto_num = HTTP_VERSION(r->protocol[5] - '0', r->protocol[7] - '0'); + } else { - r->proto_num = HTTP_VERSION(1,0); - n = 0; + char *lint; + char http[5]; + lint = ap_palloc(r->pool, strlen(r->protocol)+1); + if (3 == sscanf(r->protocol, "%4s/%u.%u%s", http, &major, &minor, lint) + && (strcasecmp("http", http) == 0) + && (minor < HTTP_VERSION(1,0)) ) /* don't allow HTTP/0.1000 */ + r->proto_num = HTTP_VERSION(major, minor); + else { + r->proto_num = HTTP_VERSION(1,0); + valid_protocol = 0; + } } /* Check for a valid protocol, and disallow everything but whitespace - * after the protocol string */ - while (ap_isspace(r->protocol[n])) - ++n; - if (r->protocol[n] != '\0') { - r->status = HTTP_BAD_REQUEST; - r->proto_num = HTTP_VERSION(1,0); - r->protocol = ap_pstrdup(r->pool, "HTTP/1.0"); - ap_table_setn(r->notes, "error-notes", - "The request line contained invalid characters " - "following the protocol string.<P>\n"); - return 0; + * after the protocol string. A protocol string of nothing but + * whitespace is considered valid */ + if (ap_protocol_req_check && !valid_protocol) { + int n = 0; + while (ap_isspace(r->protocol[n])) + ++n; + if (r->protocol[n] != '\0') { + r->status = HTTP_BAD_REQUEST; + r->proto_num = HTTP_VERSION(1,0); + r->protocol = ap_pstrdup(r->pool, "HTTP/1.0"); + ap_table_setn(r->notes, "error-notes", + "The request line contained invalid characters " + "following the protocol string.<P>\n"); + return 0; + } } return 1; @@ -1995,19 +2031,25 @@ API_EXPORT(int) ap_setup_client_block(request_rec *r, int read_policy) const char *pos = lenp; int conversion_error = 0; - while (ap_isdigit(*pos) || ap_isspace(*pos)) + while (ap_isspace(*pos)) ++pos; if (*pos == '\0') { + /* special case test - a C-L field NULL or all blanks is + * assumed OK and defaults to 0. Otherwise, we do a + * strict check of the field */ + r->remaining = 0; + } + else { char *endstr; errno = 0; r->remaining = ap_strtol(lenp, &endstr, 10); - if (errno || (endstr && *endstr)) { + if (errno || (endstr && *endstr) || (r->remaining < 0)) { conversion_error = 1; } } - if (*pos != '\0' || conversion_error) { + if (conversion_error) { ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r, "Invalid Content-Length"); return HTTP_BAD_REQUEST; @@ -2060,6 +2102,15 @@ API_EXPORT(int) ap_should_client_block(request_rec *r) return 1; } +/** + * Parse a chunk extension, detect overflow. + * There are two error cases: + * 1) If the conversion would require too many bits, a -1 is returned. + * 2) If the conversion used the correct number of bits, but an overflow + * caused only the sign bit to flip, then that negative number is + * returned. + * In general, any negative number can be considered an overflow error. + */ API_EXPORT(long) ap_get_chunk_size(char *b) { long chunksize = 0; @@ -2803,7 +2854,13 @@ API_EXPORT(void) ap_send_error_response(request_rec *r, int recursive_error) r->content_languages = NULL; r->content_encoding = NULL; r->clength = 0; - r->content_type = "text/html; charset=iso-8859-1"; + if (ap_table_get(r->subprocess_env, + "suppress-error-charset") != NULL) { + r->content_type = "text/html"; + } + else { + r->content_type = "text/html; charset=iso-8859-1"; + } if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED)) ap_table_setn(r->headers_out, "Allow", make_allow(r)); diff --git a/usr.sbin/httpd/src/main/util_script.c b/usr.sbin/httpd/src/main/util_script.c index b2665122bbf..1f911a2fb23 100644 --- a/usr.sbin/httpd/src/main/util_script.c +++ b/usr.sbin/httpd/src/main/util_script.c @@ -280,7 +280,8 @@ API_EXPORT(void) ap_add_common_vars(request_rec *r) ap_table_addn(e, "PATH", env_path); ap_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r)); ap_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version()); - ap_table_addn(e, "SERVER_NAME", ap_get_server_name(r)); + ap_table_addn(e, "SERVER_NAME", + ap_escape_html(r->pool,ap_get_server_name(r))); ap_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */ ap_table_addn(e, "SERVER_PORT", ap_psprintf(r->pool, "%u", ap_get_server_port(r))); diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c index ff2bb0681f2..e984fb2637b 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_cache.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_cache.c @@ -1524,7 +1524,7 @@ int ap_proxy_cache_update(cache_req *c, table *resp_hdrs, if (clen == NULL) c->len = -1; else - c->len = atoi(clen); + c->len = ap_strtol(clen, NULL, 10); /* we have all the header information we need - write it to the cache file */ c->version++; @@ -1560,6 +1560,21 @@ int ap_proxy_cache_update(cache_req *c, table *resp_hdrs, */ if (c->hdrs) { + /* recall at this point that c->len is already set from resp_hdrs. + If Content-Length was NULL, then c->len is -1, otherwise it's + set to whatever the value was. */ + if (c->len == 0 || c->len == -1) { + const char *c_clen_str; + off_t c_clen; + if ( (c_clen_str = ap_table_get(c->hdrs, "Content-Length")) && + ( (c_clen = ap_strtol(c_clen_str, NULL, 10)) > 0) ) { + ap_table_set(resp_hdrs, "Content-Length", c_clen_str); + c->len = c_clen; + ap_proxy_sec2hex(c->len, buff + 17 * (6)); + buff[17 * (7) - 1] = '\n'; + buff[17 * (7)] = '\0'; + } + } if (!ap_proxy_table_replace(c->hdrs, resp_hdrs)) { c->xcache = ap_pstrcat(r->pool, "HIT from ", ap_get_server_name(r), " (with revalidation)", NULL); return ap_proxy_cache_conditional(r, c, c->fp); diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_http.c b/usr.sbin/httpd/src/modules/proxy/proxy_http.c index 92f06493e72..4e450164994 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_http.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_http.c @@ -563,8 +563,6 @@ int ap_proxy_http_handler(request_rec *r, cache_req *c, char *url, c->len = ap_strtol(content_length, NULL, 10); } - /* Now add out bound headers set by other modules */ - resp_hdrs = ap_overlay_tables(r->pool, r->err_headers_out, resp_hdrs); } else { /* an http/0.9 response */ diff --git a/usr.sbin/httpd/src/modules/proxy/proxy_util.c b/usr.sbin/httpd/src/modules/proxy/proxy_util.c index d350412e938..68ea8beca78 100644 --- a/usr.sbin/httpd/src/modules/proxy/proxy_util.c +++ b/usr.sbin/httpd/src/modules/proxy/proxy_util.c @@ -1607,6 +1607,12 @@ int ap_proxy_read_response_line(BUFF *f, request_rec *r, char *buffer, int size, } *backasswards = 0; + /* there need not be a reason phrase in the response, + * and ap_getline() already deleted trailing whitespace. + * But RFC2616 requires a SP after the Status-Code. Add one: + */ + if (strlen(buffer) < sizeof("HTTP/1.x 200 ")-1) + buffer = ap_pstrcat(r->pool, buffer, " ", NULL); buffer[12] = '\0'; r->status = atoi(&buffer[9]); buffer[12] = ' '; diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.module b/usr.sbin/httpd/src/modules/ssl/libssl.module index 699d780a59a..7b25d02afc8 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.module +++ b/usr.sbin/httpd/src/modules/ssl/libssl.module @@ -331,6 +331,11 @@ ConfigStart SSL_BINDIR='$(SSL_BASE)/bin' break; fi + if [ -f "$SSL_BASE/sbin/$name" ]; then + SSL_PROGRAM="$SSL_BASE/sbin/$name" + SSL_BINDIR='$(SSL_BASE)/sbin' + break; + fi if [ -f "$SSL_BASE/apps/$name" ]; then SSL_PROGRAM="$SSL_BASE/apps/$name" SSL_BINDIR='$(SSL_BASE)/apps' diff --git a/usr.sbin/httpd/src/modules/ssl/libssl.version b/usr.sbin/httpd/src/modules/ssl/libssl.version index 2cdfab25e0a..467d83487ef 100644 --- a/usr.sbin/httpd/src/modules/ssl/libssl.version +++ b/usr.sbin/httpd/src/modules/ssl/libssl.version @@ -1 +1 @@ -mod_ssl/2.8.10-1.3.26 +mod_ssl/2.8.11-1.3.27 diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c index 9ed29b7b65f..c09c8e33358 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_init.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_engine_init.c,v 1.19 2002/07/19 21:31:16 henning Exp $ */ +/* $OpenBSD: ssl_engine_init.c,v 1.20 2002/10/07 20:23:06 henning Exp $ */ /* _ _ ** _ __ ___ ___ __| | ___ ___| | mod_ssl @@ -239,11 +239,17 @@ void ssl_init_Module(server_rec *s, pool *p) #ifdef SHARED_MODULE ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library", mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME); +#ifdef SSL_EXPERIMENTAL_ENGINE + ssl_init_Engine(s, p); +#endif ssl_init_SSLLibrary(); #else if (mc->nInitCount <= 2) { ssl_log(s, SSL_LOG_INFO, "Init: %snitializing %s library", mc->nInitCount == 1 ? "I" : "Rei", SSL_LIBRARY_NAME); +#ifdef SSL_EXPERIMENTAL_ENGINE + ssl_init_Engine(s, p); +#endif ssl_init_SSLLibrary(); } #endif diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c index e5a9c5eb6a3..9613da5d752 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_kernel.c @@ -1582,6 +1582,7 @@ int ssl_callback_SSLVerify_CRL( int i, n, rc; char *cp; char *cp2; + ASN1_TIME *t; /* * Unless a revocation store for CRLs was created we @@ -1671,14 +1672,13 @@ int ssl_callback_SSLVerify_CRL( /* * Check date of CRL to make sure it's not expired */ - i = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); - if (i == 0) { + if ((t = X509_CRL_get_nextUpdate(crl)) == NULL) { ssl_log(s, SSL_LOG_WARN, "Found CRL has invalid nextUpdate field"); X509_STORE_CTX_set_error(ctx, X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); X509_OBJECT_free_contents(&obj); return FALSE; } - if (i < 0) { + if (X509_cmp_current_time(t) < 0) { ssl_log(s, SSL_LOG_WARN, "Found CRL is expired - " "revoking all certificates until you get updated CRL"); diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c index 37af9c16680..98550060d02 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_rand.c @@ -126,7 +126,11 @@ int ssl_rand_seed(server_rec *s, pool *p, ssl_rsctx_t nCtx, char *prefix) * seed in contents provided by the external * Entropy Gathering Daemon (EGD) */ +#if SSL_LIBRARY_VERSION >= 0x00906000 + if ((n = RAND_egd_bytes(pRandSeed->cpPath, pRandSeed->nBytes)) == -1) +#else if ((n = RAND_egd(pRandSeed->cpPath)) == -1) +#endif continue; nDone += n; } diff --git a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c b/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c index a6013cdd44c..174973ec49e 100644 --- a/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c +++ b/usr.sbin/httpd/src/modules/ssl/ssl_engine_vars.c @@ -308,7 +308,7 @@ static char *ssl_var_lookup_ssl(pool *p, conn_rec *c, char *var) } else if (ssl != NULL && strlen(var) > 18 && strcEQn(var, "CLIENT_CERT_CHAIN_", 18)) { sk = SSL_get_peer_cert_chain(ssl); - result = ssl_var_lookup_ssl_cert_chain(p, sk, var+17); + result = ssl_var_lookup_ssl_cert_chain(p, sk, var+18); } else if (ssl != NULL && strcEQ(var, "CLIENT_VERIFY")) { result = ssl_var_lookup_ssl_cert_verify(p, c); diff --git a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c index 222456c243f..c38655e499d 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_auth_db.c +++ b/usr.sbin/httpd/src/modules/standard/mod_auth_db.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mod_auth_db.c,v 1.9 2002/08/15 16:06:11 henning Exp $ */ +/* $OpenBSD: mod_auth_db.c,v 1.10 2002/10/07 20:23:06 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -107,6 +107,9 @@ #if (DB_VERSION_MAJOR == 3) #define DB3 #endif +#if (DB_VERSION_MAJOR == 4) +#define DB4 +#endif #endif typedef struct { @@ -171,7 +174,7 @@ static char *get_db_pw(request_rec *r, char *user, const char *auth_dbpwfile) ap_server_strip_chroot(auth_dbpwfile, 1); -#if defined(DB3) +#if defined(DB3) || defined(DB4) if ( db_create(&f, NULL, 0) != 0 || f->open(f, auth_dbpwfile, NULL, DB_HASH, DB_RDONLY, 0664) != 0) { #elif defined(DB2) @@ -184,7 +187,7 @@ static char *get_db_pw(request_rec *r, char *user, const char *auth_dbpwfile) return NULL; } -#if defined(DB2) || defined(DB3) +#if defined(DB2) || defined(DB3) || defined(DB4) if (!((f->get) (f, NULL, &q, &d, 0))) { #else if (!((f->get) (f, &q, &d, 0))) { @@ -194,7 +197,7 @@ static char *get_db_pw(request_rec *r, char *user, const char *auth_dbpwfile) pw[d.size] = '\0'; /* Terminate the string */ } -#if defined(DB2) || defined(DB3) +#if defined(DB2) || defined(DB3) || defined(DB4) (f->close) (f, 0); #else (f->close) (f); diff --git a/usr.sbin/httpd/src/modules/standard/mod_digest.c b/usr.sbin/httpd/src/modules/standard/mod_digest.c index 8ef874d3661..26e1db0cc2e 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_digest.c +++ b/usr.sbin/httpd/src/modules/standard/mod_digest.c @@ -179,7 +179,60 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response) key = ap_palloc(r->pool, l); value = ap_palloc(r->pool, l); - /* There's probably a better way to do this, but for the time being... */ + /* There's probably a better way to do this, but for the time being... + * + * Right now the parsing is very 'slack'. Actual rules from RFC 2617 are: + * + * Authorization = "Digest" digest-response + * digest-response = 1#( username | realm | nonce | digest-uri | + * response | [ cnonce ] | [ algorithm ] | + * [opaque] | [message-qop] | [nonce-count] | + * [auth-param] ) (see note 4) + * username = "username" "=" username-value + * username-value = quoted-string + * digest-uri = "uri" "=" digest-uri-value + * digest-uri-value = request-uri + * message-qop = "qop" "=" qop-value + * qop-options = "qop" "=" <"> 1#qop-value <"> (see note 3) + * qop-value = "auth" | "auth-int" | token + * cnonce = "cnonce" "=" cnonce-value + * cnonce-value = nonce-value + * nonce-count = "nc" "=" nc-value + * nc-value = 8LHEX + * response = "response" "=" response-digest + * response-digest = <"> *LHEX <"> + * LHEX = "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | + * "8" | "9" | "a" | "b" | "c" | "d" | "e" | "f" + * + * Current Discrepancies: + * quoted-string section 2.2 of RFC 2068 + * --> We also acccept unquoted strings or strings + * like foo" bar". And take a space, comma or EOL as + * the terminator in that case. + * + * request-uri section 5.1 of RFC 2068 + * --> We currently also accept any quoted string - and + * ignore those quotes. + * + * response/entity-digest + * --> We ignore the presense of the " if any. + * + * Note: * - not yet for CHARSET_EBCDIC XXXX + * + * Note: There is an inherent problem with the request URI; as it should + * be used unquoted - yet may contain a ',' - which is used as + * a terminator: + * Authorization: Digest username="dirkx", realm="DAV", nonce="1031662894", + * uri=/mary,+dirkx,+peter+and+mary.ics, response="99a6275793be28c31a5b6e4467fa4c79", + * algorithm=MD5 + * + * Note3: Taken from section 3.2.1 - as this is not actually defined in section 3.2.2 + * which deals with the Authorization Request Header. + * + * Note4: The 'comma separated' list concept is refered to in the RFC + * but whitespace eating and other such things are assumed to be + * as per MIME/RFC2068 spec. + */ #define D_KEY 0 #define D_VALUE 1 @@ -201,13 +254,26 @@ static int get_digest_rec(request_rec *r, digest_header_rec * response) break; case D_VALUE: +#ifdef CHARSET_EBCDIC + /* This is *wrong* - a request URI may be unquoted and yet + * contain non alpha/num chars. (Though gets terminated by + * a ',' - which in fact may be in the URI - so I guess + * 2069 should be updated to suggest strongly to quote). + */ if (ap_isalnum(auth_line[0])) { value[vv] = auth_line[0]; vv++; - } - else if (auth_line[0] == '\"') { + } else +#endif + if (auth_line[0] == '\"') { s = D_STRING; } +#ifndef CHARSET_EBCDIC + else if ((auth_line[0] != ',') && (auth_line[0] != ' ') && (auth_line[0] != '\0')) { + value[vv] = auth_line[0]; + vv++; + } +#endif else { value[vv] = '\0'; diff --git a/usr.sbin/httpd/src/modules/standard/mod_headers.c b/usr.sbin/httpd/src/modules/standard/mod_headers.c index e9e5f087af0..80fd95a8330 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_headers.c +++ b/usr.sbin/httpd/src/modules/standard/mod_headers.c @@ -116,6 +116,7 @@ typedef struct { hdr_actions action; char *header; char *value; + int do_err; } header_entry; /* @@ -153,7 +154,6 @@ static void *merge_headers_config(pool *p, void *basev, void *overridesv) return a; } - static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *action, char *hdr, char *value) { header_entry *new; @@ -169,6 +169,12 @@ static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *acti new = (header_entry *) ap_push_array(serverconf->headers); } + if (cmd->info) { + new->do_err = 1; + } else { + new->do_err = 0; + } + if (!strcasecmp(action, "set")) new->action = hdr_set; else if (!strcasecmp(action, "add")) @@ -198,7 +204,9 @@ static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, char *acti static const command_rec headers_cmds[] = { - {"Header", header_cmd, NULL, OR_FILEINFO, TAKE23, + {"Header", header_cmd, (void *)0, OR_FILEINFO, TAKE23, + "an action, header and value"}, + {"ErrorHeader", header_cmd, (void *)1, OR_FILEINFO, TAKE23, "an action, header and value"}, {NULL} }; @@ -209,18 +217,19 @@ static void do_headers_fixup(request_rec *r, array_header *headers) for (i = 0; i < headers->nelts; ++i) { header_entry *hdr = &((header_entry *) (headers->elts))[i]; + table *tbl = (hdr->do_err ? r->err_headers_out : r->headers_out); switch (hdr->action) { case hdr_add: - ap_table_addn(r->headers_out, hdr->header, hdr->value); + ap_table_addn(tbl, hdr->header, hdr->value); break; case hdr_append: - ap_table_mergen(r->headers_out, hdr->header, hdr->value); + ap_table_mergen(tbl, hdr->header, hdr->value); break; case hdr_set: - ap_table_setn(r->headers_out, hdr->header, hdr->value); + ap_table_setn(tbl, hdr->header, hdr->value); break; case hdr_unset: - ap_table_unset(r->headers_out, hdr->header); + ap_table_unset(tbl, hdr->header); break; } } diff --git a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c index 2d1471a54ad..2f1552dd1f0 100644 --- a/usr.sbin/httpd/src/modules/standard/mod_rewrite.c +++ b/usr.sbin/httpd/src/modules/standard/mod_rewrite.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mod_rewrite.c,v 1.15 2002/08/15 16:06:11 henning Exp $ */ +/* $OpenBSD: mod_rewrite.c,v 1.16 2002/10/07 20:23:06 henning Exp $ */ /* ==================================================================== * The Apache Software License, Version 1.1 @@ -102,6 +102,11 @@ #include <sys/uio.h> #endif +#ifdef NETWARE +#include <nwsemaph.h> +static LONG locking_sem = 0; +#endif + /* ** +-------------------------------------------------------+ ** | | @@ -3277,6 +3282,10 @@ static void rewritelock_create(server_rec *s, pool *p) chown(lockname, ap_user_id, -1 /* no gid change */); #endif +#ifdef NETWARE + locking_sem = OpenLocalSemaphore (1); +#endif + return; } @@ -3309,6 +3318,10 @@ static void rewritelock_remove(void *data) unlink(lockname); lockname = NULL; lockfd = -1; +#ifdef NETWARE + CloseLocalSemaphore (locking_sem); +#endif + } static void rewritelock_alloc(request_rec *r) @@ -4165,6 +4178,12 @@ static void fd_lock(request_rec *r, int fd) rc = _locking(fd, _LK_LOCK, 1); lseek(fd, 0, SEEK_END); #endif +#ifdef NETWARE + if ((locking_sem != 0) && (TimedWaitOnLocalSemaphore (locking_sem, 10000) != 0)) + rc = -1; + else + rc = 1; +#endif if (rc < 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, r, @@ -4195,6 +4214,11 @@ static void fd_unlock(request_rec *r, int fd) rc = _locking(fd, _LK_UNLCK, 1); lseek(fd, 0, SEEK_END); #endif +#ifdef NETWARE + if (locking_sem) + SignalLocalSemaphore (locking_sem); + rc = 1; +#endif if (rc < 0) { ap_log_rerror(APLOG_MARK, APLOG_ERR, r, diff --git a/usr.sbin/httpd/src/os/tpf/os.c b/usr.sbin/httpd/src/os/tpf/os.c index b7aefc19e1a..fb65ae89ca4 100644 --- a/usr.sbin/httpd/src/os/tpf/os.c +++ b/usr.sbin/httpd/src/os/tpf/os.c @@ -423,7 +423,7 @@ void ap_tpf_zinet_checks(int standalone, free(idct); } else { ap_log_error(APLOG_MARK, APLOG_ALERT|APLOG_NOERRNO, s, - TPF_UNABLE_TO_DETERMINE_ZINET_MODEL); + TPF_UNABLE_TO_DETERMINE_ZINET_MODEL, servername); exit(1); /* abort start-up of server */ } @@ -498,11 +498,14 @@ void ap_tpf_save_argv(int argc, char **argv) { } void os_tpf_child(APACHE_TPF_INPUT *input_parms) { + extern char tpf_mutex_key[TPF_MUTEX_KEY_SIZE]; + tpf_child = 1; ap_my_generation = input_parms->generation; ap_restart_time = input_parms->restart_time; tpf_fds = input_parms->tpf_fds; tpf_shm_static_ptr = input_parms->shm_static_ptr; + sprintf(tpf_mutex_key, "%.*x", TPF_MUTEX_KEY_SIZE - 1, getppid()); } #ifndef __PIPE_ diff --git a/usr.sbin/httpd/src/os/tpf/os.h b/usr.sbin/httpd/src/os/tpf/os.h index 37f42d40a0d..32f7c7f495a 100644 --- a/usr.sbin/httpd/src/os/tpf/os.h +++ b/usr.sbin/httpd/src/os/tpf/os.h @@ -125,7 +125,7 @@ typedef struct fd_set { #define FD_SET(n, p) (0) #endif -#define RESOURCE_KEY ((void*) 0xC1C2C1C3) +#define TPF_MUTEX_KEY_SIZE (sizeof(pid_t)*2+1) /* TPF doesn't have, or need, tzset (it is used in mod_expires.c) */ #define tzset() @@ -219,7 +219,7 @@ void ap_tpf_save_argv(int argc, char **argv); #endif #define TPF_UNABLE_TO_DETERMINE_ZINET_MODEL \ - "Unable to determine ZINET model: inetd_getServer call failed" \ - " -- Apache startup aborted" + "Unable to determine ZINET model: inetd_getServer(\"%s\") " \ + "call failed -- Apache startup aborted" #endif /*! APACHE_OS_H*/ diff --git a/usr.sbin/httpd/src/support/ab.c b/usr.sbin/httpd/src/support/ab.c index 19862ab00b0..4127bc47fb3 100644 --- a/usr.sbin/httpd/src/support/ab.c +++ b/usr.sbin/httpd/src/support/ab.c @@ -1079,11 +1079,12 @@ static void read_connection(struct connection * c) * this is first time, extract some interesting info */ char *p, *q; + int qlen; p = strstr(c->cbuff, "Server:"); - q = servername; + q = servername; qlen = sizeof(servername); if (p) { p += 8; - while (*p > 32) + while (*p > 32 && qlen-- > 1) *q++ = *p++; } *q = 0; @@ -1306,7 +1307,7 @@ static void test(void) /* check for time limit expiry */ gettimeofday(&now, 0); - if (tlimit && timedif(now, start) > (tlimit * 1000)) { + if (tlimit && timedif(now, start) >= (tlimit * 1000)) { requests = done; /* so stats are correct */ } /* Timeout of 30 seconds. */ @@ -1351,15 +1352,14 @@ static void test(void) static void copyright(void) { if (!use_html) { - printf("This is ApacheBench, Version %s\n", VERSION " <$Revision: 1.9 $> apache-1.3"); + printf("This is ApacheBench, Version %s\n", VERSION " <$Revision: 1.10 $> apache-1.3"); printf("Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/\n"); printf("Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/\n"); printf("\n"); } else { printf("<p>\n"); - printf(" This is ApacheBench, Version %s <i><%s></i> apache-1.3<br>\n", VERSION, "$Revision: 1.9 $"); - printf(" Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>\n"); + printf(" This is ApacheBench, Version %s <i><%s></i> apache-1.3<br>\n", VERSION, "$Revision: 1.10 $"); printf(" Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/<br>\n"); printf(" Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/<br>\n"); printf("</p>\n<p>\n"); } @@ -1575,9 +1575,9 @@ int main(int argc, char **argv) strcpy(content_type, optarg); break; case 'C': - strncat(cookie, "Cookie: ", sizeof(cookie)); - strncat(cookie, optarg, sizeof(cookie)); - strncat(cookie, "\r\n", sizeof(cookie)); + strncat(cookie, "Cookie: ", sizeof(cookie)-strlen(cookie)-1); + strncat(cookie, optarg, sizeof(cookie)-strlen(cookie)-1); + strncat(cookie, "\r\n", sizeof(cookie)-strlen(cookie)-1); break; case 'A': /* @@ -1589,9 +1589,9 @@ int main(int argc, char **argv) l = ap_base64encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0'; - strncat(auth, "Authorization: Basic ", sizeof(auth)); - strncat(auth, tmp, sizeof(auth)); - strncat(auth, "\r\n", sizeof(auth)); + strncat(auth, "Authorization: Basic ", sizeof(auth)-strlen(auth)-1); + strncat(auth, tmp, sizeof(auth)-strlen(auth)-1); + strncat(auth, "\r\n", sizeof(auth)-strlen(auth)-1); break; case 'P': /* @@ -1602,9 +1602,9 @@ int main(int argc, char **argv) l = ap_base64encode(tmp, optarg, strlen(optarg)); tmp[l] = '\0'; - strncat(auth, "Proxy-Authorization: Basic ", sizeof(auth)); - strncat(auth, tmp, sizeof(auth)); - strncat(auth, "\r\n", sizeof(auth)); + strncat(auth, "Proxy-Authorization: Basic ", sizeof(auth)-strlen(auth)-1); + strncat(auth, tmp, sizeof(auth)-strlen(auth)-1); + strncat(auth, "\r\n", sizeof(auth)-strlen(auth)-1); break; case 'X': { @@ -1622,8 +1622,8 @@ int main(int argc, char **argv) } break; case 'H': - strncat(hdrs, optarg, sizeof(hdrs)); - strncat(hdrs, "\r\n", sizeof(hdrs)); + strncat(hdrs, optarg, sizeof(hdrs)-strlen(hdrs)-1); + strncat(hdrs, "\r\n", sizeof(hdrs)-strlen(hdrs)-1); break; case 'V': copyright(); |