summaryrefslogtreecommitdiffstats
path: root/SECURITY.md (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-02-24return early if X509_STORE_CTX_init failsGiovanni Bechis1-1/+4
bz 65902 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898368 13f79535-47bb-0310-9956-ffa450edef68
2022-02-24return early if ASN1_STRING_new failsGiovanni Bechis1-0/+4
bz 65902 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898367 13f79535-47bb-0310-9956-ffa450edef68
2022-02-24release memory if neededGiovanni Bechis2-2/+7
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898366 13f79535-47bb-0310-9956-ffa450edef68
2022-02-23Resolves BZ65861 - clarify post_config api docRich Bowen1-0/+10
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898347 13f79535-47bb-0310-9956-ffa450edef68
2022-02-23 *) mod_watchdog: replace the new volatile with atomic access.Stefan Eissing1-14/+15
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898343 13f79535-47bb-0310-9956-ffa450edef68
2022-02-22 *) mod_watchdog: use hook 'child_stopping' to signal watchdogsStefan Eissing1-33/+40
that they should end processing. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898318 13f79535-47bb-0310-9956-ffa450edef68
2022-02-22 *) mpm/winnt: add running the 'child_stopping' hook.Stefan Eissing1-0/+7
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898317 13f79535-47bb-0310-9956-ffa450edef68
2022-02-21There is no point in calling ap_varbuf_grow() here, it is alreadyChristophe Jaillet1-2/+1
called from within ap_varbuf_strmemcat(). Moreover, 2nd parameter should be the minimum total new length, not the amount of the growth. So this call is likely to be a no-op. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898286 13f79535-47bb-0310-9956-ffa450edef68
2022-02-20Remove some APR 0.x stuff.Christophe Jaillet2-10/+0
The minimum supported version is 1.3 in 2.4.x git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898255 13f79535-47bb-0310-9956-ffa450edef68
2022-02-19fr doc rebuild.Lucien Gentis1-1/+3
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898223 13f79535-47bb-0310-9956-ffa450edef68
2022-02-19fr doc XML file update.Lucien Gentis1-2/+4
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898222 13f79535-47bb-0310-9956-ffa450edef68
2022-02-19Add a compatibility note for the 'ldap' function.Christophe Jaillet1-1/+2
[skip ci] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898219 13f79535-47bb-0310-9956-ffa450edef68
2022-02-18 *) mod_http2: optimize authority construction on upgradedStefan Eissing1-1/+1
h1 requests. [Ruediger Pluem] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898173 13f79535-47bb-0310-9956-ffa450edef68
2022-02-17 *) mod_http2: preserve the port number given in a HTTP/1.1Stefan Eissing4-6/+63
request that was Upgraded to HTTP/2. Fixes PR65881. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898146 13f79535-47bb-0310-9956-ffa450edef68
2022-02-16* Change the logic to choose the maximum of both timeouts (front end socket,Ruediger Pluem2-2/+7
backend socket) instead of the minimum as backend timeouts can be configured more selectively (per worker if needed) as front end timeouts and typically the backend timeouts reflect the application requirements better. PR: 65886 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898127 13f79535-47bb-0310-9956-ffa450edef68
2022-02-14 *) test: capture and parse output from nghttp more reliably.Stefan Eissing2-22/+29
add repeat param to certain proxy tests. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898068 13f79535-47bb-0310-9956-ffa450edef68
2022-02-12fr doc rebuild.Lucien Gentis10-53/+60
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898008 13f79535-47bb-0310-9956-ffa450edef68
2022-02-12fr doc XML file update.Lucien Gentis1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898007 13f79535-47bb-0310-9956-ffa450edef68
2022-02-12fr doc XML files updates.Lucien Gentis2-45/+54
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1898006 13f79535-47bb-0310-9956-ffa450edef68
2022-02-10Follow up to r1897940: APLOGNO()s.Yann Ylavic1-2/+2
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897948 13f79535-47bb-0310-9956-ffa450edef68
2022-02-10APLOGNOs for r1897940 [skip ci].Yann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897947 13f79535-47bb-0310-9956-ffa450edef68
2022-02-10 *) mod_http2: :scheme pseudo-header values, not matching theStefan Eissing5-35/+143
connection scheme, are forwarded via absolute uris to the http protocol processing to preserve semantics of the request. Checks on combinations of pseudo-headers values/absence have been added as described in RFC 7540. Fixes <https://github.com/icing/mod_h2/issues/230>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897940 13f79535-47bb-0310-9956-ffa450edef68
2022-02-10Two more APLOGNOs for PR #294 [skip ci]Yann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897922 13f79535-47bb-0310-9956-ffa450edef68
2022-02-09ab: Fix the detection for when the server performed a legitimateGraham Leggett2-2/+15
connection close as per RFC7230 6.3.1. We must check whedther the connection was previously kept alive, and not whether the current closed request is keepalive. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897912 13f79535-47bb-0310-9956-ffa450edef68
2022-02-09Reserve two APLOGNOs for PR #294 [skip ci]Yann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897898 13f79535-47bb-0310-9956-ffa450edef68
2022-02-09* Fix a typoRuediger Pluem1-1/+1
Submitted by: Jens Schleusener <Jens.Schleusener@fossies.org> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897890 13f79535-47bb-0310-9956-ffa450edef68
2022-02-09Follow up to r1897872: New APLOGNOYann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897882 13f79535-47bb-0310-9956-ffa450edef68
2022-02-09Follow up to r1897872: Reserve APLOGNO [skip ci]Yann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897881 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08 *) mod_http2: when a h2 request carries a ':scheme' pseudoheader,Stefan Eissing3-4/+23
it gives a 400 response if the scheme does not match the connection. Fixes <https://github.com/icing/mod_h2/issues/230>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897872 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08mod_http2: Fix possible beam bucket double free from session destroy.Yann Ylavic1-22/+50
When the session pool is destroyed, so is the beam's pool so we don't want to run the beam cleanup twice. ASan is reporting something like this (APR_POOL_DEBUG): ================================================================= ==81201==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000080ce8 at pc 0x7fdc78962cc9 bp 0x7fdc731ff4f0 sp 0x7fdc731ff4e8 READ of size 8 at 0x603000080ce8 thread T11 #0 0x7fdc78962cc8 in recv_buffer_cleanup ~httpd/modules/http2/h2_bucket_beam.c:279 #1 0x7fdc78962fdc in beam_cleanup ~httpd/modules/http2/h2_bucket_beam.c:306 #2 0x7fdc7896300c in beam_pool_cleanup ~httpd/modules/http2/h2_bucket_beam.c:313 #3 0x7fdc7c5a8239 in run_cleanups memory/unix/apr_pools.c:2689 #4 0x7fdc7c5a50f9 in pool_clear_debug memory/unix/apr_pools.c:1867 #5 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #6 0x7fdc7c5a5179 in pool_clear_debug memory/unix/apr_pools.c:1880 #7 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #8 0x7fdc7c5a5179 in pool_clear_debug memory/unix/apr_pools.c:1880 #9 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #10 0x7fdc7c5a5179 in pool_clear_debug memory/unix/apr_pools.c:1880 #11 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #12 0x7fdc7c5a5827 in apr_pool_destroy_debug memory/unix/apr_pools.c:2014 #13 0x7fdc789aeaa5 in h2_session_pre_close ~httpd/modules/http2/h2_session.c:1934 #14 0x7fdc7896a20e in h2_c1_pre_close ~httpd/modules/http2/h2_c1.c:188 #15 0x7fdc7896b538 in h2_c1_hook_pre_close ~httpd/modules/http2/h2_c1.c:308 #16 0x5596139aeb28 in ap_run_pre_close_connection ~httpd/server/connection.c:45 #17 0x5596139af353 in ap_prep_lingering_close ~httpd/server/connection.c:128 #18 0x5596139af3f2 in ap_start_lingering_close ~httpd/server/connection.c:154 #19 0x7fdc7835bdf0 in process_lingering_close ~httpd/server/mpm/event/event.c:1999 #20 0x7fdc78359ccb in process_socket ~httpd/server/mpm/event/event.c:1540 #21 0x7fdc783608d7 in worker_thread ~httpd/server/mpm/event/event.c:2756 #22 0x7fdc7c5d3e57 in dummy_worker threadproc/unix/thread.c:153 #23 0x7fdc7c441d7f in start_thread nptl/pthread_create.c:481 #24 0x7fdc7c337bde in clone (/lib/x86_64-linux-gnu/libc.so.6+0xfcbde) 0x603000080ce8 is located 8 bytes inside of 32-byte region [0x603000080ce0,0x603000080d00) freed by thread T11 here: #0 0x7fdc7c887f07 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7fdc7c5a5420 in pool_clear_debug memory/unix/apr_pools.c:1906 #2 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #3 0x7fdc7c5a5179 in pool_clear_debug memory/unix/apr_pools.c:1880 #4 0x7fdc7c5a562e in pool_destroy_debug memory/unix/apr_pools.c:1965 #5 0x7fdc7c5a5827 in apr_pool_destroy_debug memory/unix/apr_pools.c:2014 #6 0x7fdc789aeaa5 in h2_session_pre_close ~httpd/modules/http2/h2_session.c:1934 #7 0x7fdc7896a20e in h2_c1_pre_close ~httpd/modules/http2/h2_c1.c:188 #8 0x7fdc7896b538 in h2_c1_hook_pre_close ~httpd/modules/http2/h2_c1.c:308 #9 0x5596139aeb28 in ap_run_pre_close_connection ~httpd/server/connection.c:45 #10 0x5596139af353 in ap_prep_lingering_close ~httpd/server/connection.c:128 #11 0x5596139af3f2 in ap_start_lingering_close ~httpd/server/connection.c:154 #12 0x7fdc7835bdf0 in process_lingering_close ~httpd/server/mpm/event/event.c:1999 #13 0x7fdc78359ccb in process_socket ~httpd/server/mpm/event/event.c:1540 #14 0x7fdc783608d7 in worker_thread ~httpd/server/mpm/event/event.c:2756 #15 0x7fdc7c5d3e57 in dummy_worker threadproc/unix/thread.c:153 #16 0x7fdc7c441d7f in start_thread nptl/pthread_create.c:481 previously allocated by thread T11 here: #0 0x7fdc7c8882b8 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7fdc7c5a4d00 in pool_alloc memory/unix/apr_pools.c:1787 #2 0x7fdc7c5a507a in apr_palloc_debug memory/unix/apr_pools.c:1828 #3 0x7fdc7c4d8160 in apr_brigade_create buckets/apr_brigade.c:90 #4 0x7fdc7c4d82d8 in apr_brigade_split_ex buckets/apr_brigade.c:107 #5 0x7fdc78967f7c in h2_beam_receive ~httpd/modules/http2/h2_bucket_beam.c:729 #6 0x7fdc789b65f0 in buffer_output_receive ~httpd/modules/http2/h2_stream.c:847 #7 0x7fdc789bb655 in h2_stream_read_output ~httpd/modules/http2/h2_stream.c:1372 #8 0x7fdc789aa155 in on_stream_output ~httpd/modules/http2/h2_session.c:1313 #9 0x7fdc789956ba in mplx_pollset_poll ~httpd/modules/http2/h2_mplx.c:1299 #10 0x7fdc7898deb8 in h2_mplx_c1_poll ~httpd/modules/http2/h2_mplx.c:532 #11 0x7fdc789ae04b in h2_session_process ~httpd/modules/http2/h2_session.c:1863 #12 0x7fdc78969b0f in h2_c1_run ~httpd/modules/http2/h2_c1.c:138 #13 0x7fdc7896b302 in h2_c1_hook_process_connection ~httpd/modules/http2/h2_c1.c:286 #14 0x5596139ae4b6 in ap_run_process_connection ~httpd/server/connection.c:43 #15 0x7fdc78358d67 in process_socket ~httpd/server/mpm/event/event.c:1353 #16 0x7fdc783608d7 in worker_thread ~httpd/server/mpm/event/event.c:2756 #17 0x7fdc7c5d3e57 in dummy_worker threadproc/unix/thread.c:153 #18 0x7fdc7c441d7f in start_thread nptl/pthread_create.c:481 Thread T11 created by T2 here: #0 0x7fdc7c7baa22 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208 #1 0x7fdc7c5d4534 in apr_thread_create threadproc/unix/thread.c:228 #2 0x7fdc7836273d in start_threads ~httpd/server/mpm/event/event.c:3035 #3 0x7fdc7c5d3e57 in dummy_worker threadproc/unix/thread.c:153 #4 0x7fdc7c441d7f in start_thread nptl/pthread_create.c:481 Thread T2 created by T0 here: #0 0x7fdc7c7baa22 in __interceptor_pthread_create ../../../../src/libsanitizer/asan/asan_interceptors.cc:208 #1 0x7fdc7c5d4534 in apr_thread_create threadproc/unix/thread.c:228 #2 0x7fdc78363d9f in child_main ~httpd/server/mpm/event/event.c:3262 #3 0x7fdc7836483b in make_child ~httpd/server/mpm/event/event.c:3421 #4 0x7fdc78364b89 in startup_children ~httpd/server/mpm/event/event.c:3444 #5 0x7fdc78368abc in event_run ~httpd/server/mpm/event/event.c:3932 #6 0x5596139b6d18 in ap_run_mpm ~httpd/server/mpm_common.c:101 #7 0x55961399098b in main ~httpd/server/main.c:880 #8 0x7fdc7c2627ec in __libc_start_main ../csu/libc-start.c:332 SUMMARY: AddressSanitizer: heap-use-after-free ~httpd/modules/http2/h2_bucket_beam.c:279 in recv_buffer_cleanup Shadow bytes around the buggy address: 0x0c0680008140: fa fa 00 00 00 00 fa fa fd fd fd fa fa fa fd fd 0x0c0680008150: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c0680008160: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd 0x0c0680008170: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x0c0680008180: fd fd fa fa fd fd fd fd fa fa fd fd fd fa fa fa =>0x0c0680008190: fd fd fd fa fa fa fd fd fd fa fa fa fd[fd]fd fd 0x0c06800081a0: fa fa fd fd fd fd fa fa fd fd fd fd fa fa fd fd 0x0c06800081b0: fd fd fa fa fd fd fd fd fa fa fd fd fd fd fa fa 0x0c06800081c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06800081d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c06800081e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==81201==ABORTING git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897868 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08ab: Add an optional ramp delay when starting concurrent connections soGraham Leggett3-7/+100
as to not trigger denial of service protection in the network. Report levels of concurrency achieved in cases where the test completes before full concurrency is achieved. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897866 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08 * test) sync of mod_md test cases from github.Stefan Eissing3-17/+61
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897864 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08 * mod_md) do not interfere with requests to /.well-known/acme-challenge/Stefan Eissing2-0/+13
resources if challenge type 'http-01' is not configured for a domain. Fixes <https://github.com/icing/mod_md/issues/279>. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897863 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08Fix CHANGES typo. [skip ci]Yann Ylavic1-1/+1
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897862 13f79535-47bb-0310-9956-ffa450edef68
2022-02-08Reinstate r1897458 accidentally reverted in r1897760.Graham Leggett2-43/+85
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1897861 13f79535-47bb-0310-9956-ffa450edef68