[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-cvs
Subject: svn commit: r1562174 - in /httpd/httpd/branches/2.4.x: ./ STATUS docs/manual/ docs/manual/howto/ doc
From: jim () apache ! org
Date: 2014-01-28 19:40:17
Message-ID: 20140128194018.2CB7523889CB () eris ! apache ! org
[Download RAW message or body]
Author: jim
Date: Tue Jan 28 19:40:17 2014
New Revision: 1562174
URL: http://svn.apache.org/r1562174
Log:
Merge r1556206 from trunk:
avoid a tight busy loop with memory allocations when the [N] flag
isn't making progress.
If backported, probably increase the hard-coded limit to 32k from 10k.
Submitted by: covener
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.4.x/ (props changed)
httpd/httpd/branches/2.4.x/STATUS
httpd/httpd/branches/2.4.x/docs/manual/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/howto/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml (props changed)
httpd/httpd/branches/2.4.x/docs/manual/rewrite/ (props changed)
httpd/httpd/branches/2.4.x/docs/manual/rewrite/flags.xml
httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c
Propchange: httpd/httpd/branches/2.4.x/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk:r1556206
Modified: httpd/httpd/branches/2.4.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1562174&r1=1562173&r2=1562174&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/STATUS (original)
+++ httpd/httpd/branches/2.4.x/STATUS Tue Jan 28 19:40:17 2014
@@ -98,14 +98,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * mod_rewrite: Don't loop forever if the [N] flag isn't making progress.
- trunk patch http://svn.apache.org/r1556206
- 2.4.x patch: http://people.apache.org/~covener/patches/httpd-2.4.x-rewrite-maxrounds.diff
- (incl bump to 32k)
- +1: covener, jim, trawick
- trawick: can you clarify here the plan for "If backported, probably increase
- the hard-coded limit to 32k from 10k."?
- covener: updated proposal to include bump to 32k
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Propchange: httpd/httpd/branches/2.4.x/docs/manual/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual:r1556206
Propchange: httpd/httpd/branches/2.4.x/docs/manual/howto/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/howto:r1556206
Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/mod:r1556206
Propchange: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_macro.xml
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/mod/mod_macro.xml:r1556206
Propchange: httpd/httpd/branches/2.4.x/docs/manual/rewrite/
------------------------------------------------------------------------------
Merged /httpd/httpd/trunk/docs/manual/rewrite:r1556206
Modified: httpd/httpd/branches/2.4.x/docs/manual/rewrite/flags.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/rewrite/flags.xml?rev=1562174&r1=1562173&r2=1562174&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/docs/manual/rewrite/flags.xml (original)
+++ httpd/httpd/branches/2.4.x/docs/manual/rewrite/flags.xml Tue Jan 28 19:40:17 2014
@@ -392,14 +392,22 @@ certain string or letter repeatedly in a
will replace A with B everywhere in a request, and will continue doing
so until there are no more As to be replaced.
</p>
-
<highlight language="config">RewriteRule (.*)A(.*) $1B$2 [N]</highlight>
-
<p>You can think of this as a <code>while</code> loop: While this
pattern still matches (i.e., while the URI still contains an
<code>A</code>), perform this substitution (i.e., replace the
<code>A</code> with a <code>B</code>).</p>
+<p>In 2.4.8 and later, this module returns an error after 32,000 iterations to
+protect against unintended looping. An alternative maximum number of
+iterations can be specified by adding to the N flag. </p>
+<highlight language="config">
+# Be willing to replace 1 character in each pass of the loop
+RewriteRule (.+)[><;]$ $1 [N=64000]
+# ... or, give up if after 10 loops
+RewriteRule (.+)[><;]$ $1 [N=10]
+</highlight>
+
</section>
<section id="flag_nc"><title>NC|nocase</title>
Modified: httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c?rev=1562174&r1=1562173&r2=1562174&view=diff
==============================================================================
--- httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.4.x/modules/mappers/mod_rewrite.c Tue Jan 28 19:40:17 2014
@@ -231,6 +231,9 @@ static const char* really_last_key = "re
#define subreq_ok(r) (!r->main || \
(r->main->uri && r->uri && strcmp(r->main->uri, r->uri)))
+#ifndef REWRITE_MAX_ROUNDS
+#define REWRITE_MAX_ROUNDS 32000
+#endif
/*
* +-------------------------------------------------------+
@@ -308,6 +311,7 @@ typedef struct {
data_item *env; /* added environment variables */
data_item *cookie; /* added cookies */
int skip; /* number of next rules to skip */
+ int maxrounds; /* limit on number of loops with N flag */
} rewriterule_entry;
typedef struct {
@@ -3498,6 +3502,10 @@ static const char *cmd_rewriterule_setfl
}
else if (!*key || !strcasecmp(key, "ext")) { /* next */
cfg->flags |= RULEFLAG_NEWROUND;
+ if (val && *val) {
+ cfg->maxrounds = atoi(val);
+ }
+
}
else if (((*key == 'S' || *key == 's') && !key[1])
|| !strcasecmp(key, "osubreq")) { /* nosubreq */
@@ -3649,6 +3657,7 @@ static const char *cmd_rewriterule(cmd_p
newrule->env = NULL;
newrule->cookie = NULL;
newrule->skip = 0;
+ newrule->maxrounds = REWRITE_MAX_ROUNDS;
if (a3 != NULL) {
if ((err = cmd_parseflagfield(cmd->pool, newrule, a3,
cmd_rewriterule_setflag)) != NULL) {
@@ -4192,6 +4201,7 @@ static int apply_rewrite_list(request_re
int rc;
int s;
rewrite_ctx *ctx;
+ int round = 1;
ctx = apr_palloc(r->pool, sizeof(*ctx));
ctx->perdir = perdir;
@@ -4280,6 +4290,15 @@ static int apply_rewrite_list(request_re
* the rewriting ruleset again.
*/
if (p->flags & RULEFLAG_NEWROUND) {
+ if (++round >= p->maxrounds) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02596)
+ "RewriteRule '%s' and URI '%s' exceeded "
+ "maximum number of rounds (%d) via the [N] flag",
+ p->pattern, r->uri, p->maxrounds);
+
+ r->status = HTTP_INTERNAL_SERVER_ERROR;
+ return ACTION_STATUS;
+ }
goto loop;
}
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic