[httpd/f13/master] - add fix for PR 45444 (#634905)
jorton
jorton at fedoraproject.org
Fri Sep 17 11:46:52 UTC 2010
commit 1596a710209698fd2196702d3f00e2a259d315a9
Author: Joe Orton <jorton at redhat.com>
Date: Fri Sep 17 12:46:44 2010 +0100
- add fix for PR 45444 (#634905)
httpd-2.2.16-pr45444.patch | 96 ++++++++++++++++++++++++++++++++++++++++++++
httpd.spec | 7 +++-
2 files changed, 102 insertions(+), 1 deletions(-)
---
diff --git a/httpd-2.2.16-pr45444.patch b/httpd-2.2.16-pr45444.patch
new file mode 100644
index 0000000..7ac7c8c
--- /dev/null
+++ b/httpd-2.2.16-pr45444.patch
@@ -0,0 +1,96 @@
+
+https://issues.apache.org/bugzilla/show_bug.cgi?id=45444
+
+http://svn.apache.org/viewvc?rev=683280&view=rev
+http://svn.apache.org/viewvc?rev=683283&view=rev
+
+diff -up httpd-2.2.16/modules/ssl/ssl_engine_io.c.pr45444 httpd-2.2.16/modules/ssl/ssl_engine_io.c
+--- httpd-2.2.16/modules/ssl/ssl_engine_io.c.pr45444 2010-03-01 21:27:17.000000000 +0000
++++ httpd-2.2.16/modules/ssl/ssl_engine_io.c 2010-08-17 13:40:29.065628677 +0100
+@@ -344,6 +344,13 @@ typedef struct {
+ * this char_buffer api might seem silly, but we don't need to copy
+ * any of this data and we need to remember the length.
+ */
++
++/* Copy up to INL bytes from the char_buffer BUFFER into IN. Note
++ * that due to the strange way this API is designed/used, the
++ * char_buffer object is used to cache a segment of inctx->buffer, and
++ * then this function called to copy (part of) that segment to the
++ * beginning of inctx->buffer. So the segments to copy cannot be
++ * presumed to be non-overlapping, and memmove must be used. */
+ static int char_buffer_read(char_buffer_t *buffer, char *in, int inl)
+ {
+ if (!buffer->length) {
+@@ -352,13 +359,13 @@ static int char_buffer_read(char_buffer_
+
+ if (buffer->length > inl) {
+ /* we have have enough to fill the caller's buffer */
+- memcpy(in, buffer->value, inl);
++ memmove(in, buffer->value, inl);
+ buffer->value += inl;
+ buffer->length -= inl;
+ }
+ else {
+ /* swallow remainder of the buffer */
+- memcpy(in, buffer->value, buffer->length);
++ memmove(in, buffer->value, buffer->length);
+ inl = buffer->length;
+ buffer->value = NULL;
+ buffer->length = 0;
+@@ -722,6 +729,9 @@ static apr_status_t ssl_io_input_read(bi
+ return inctx->rc;
+ }
+
++/* Read a line of input from the SSL input layer into buffer BUF of
++ * length *LEN; updating *len to reflect the length of the line
++ * including the LF character. */
+ static apr_status_t ssl_io_input_getline(bio_filter_in_ctx_t *inctx,
+ char *buf,
+ apr_size_t *len)
+@@ -1315,8 +1325,8 @@ static apr_status_t ssl_io_filter_input(
+ {
+ apr_status_t status;
+ bio_filter_in_ctx_t *inctx = f->ctx;
+-
+- apr_size_t len = sizeof(inctx->buffer);
++ const char *start = inctx->buffer; /* start of block to return */
++ apr_size_t len = sizeof(inctx->buffer); /* length of block to return */
+ int is_init = (mode == AP_MODE_INIT);
+
+ if (f->c->aborted) {
+@@ -1368,7 +1378,25 @@ static apr_status_t ssl_io_filter_input(
+ status = ssl_io_input_read(inctx, inctx->buffer, &len);
+ }
+ else if (inctx->mode == AP_MODE_GETLINE) {
+- status = ssl_io_input_getline(inctx, inctx->buffer, &len);
++ const char *pos;
++
++ /* Satisfy the read directly out of the buffer if possible;
++ * invoking ssl_io_input_getline will mean the entire buffer
++ * is copied once (unnecessarily) for each GETLINE call. */
++ if (inctx->cbuf.length
++ && (pos = memchr(inctx->cbuf.value, APR_ASCII_LF,
++ inctx->cbuf.length)) != NULL) {
++ start = inctx->cbuf.value;
++ len = 1 + pos - start; /* +1 to include LF */
++ /* Buffer contents now consumed. */
++ inctx->cbuf.value += len;
++ inctx->cbuf.length -= len;
++ status = APR_SUCCESS;
++ }
++ else {
++ /* Otherwise fall back to the hard way. */
++ status = ssl_io_input_getline(inctx, inctx->buffer, &len);
++ }
+ }
+ else {
+ /* We have no idea what you are talking about, so return an error. */
+@@ -1390,7 +1418,7 @@ static apr_status_t ssl_io_filter_input(
+ /* Create a transient bucket out of the decrypted data. */
+ if (len > 0) {
+ apr_bucket *bucket =
+- apr_bucket_transient_create(inctx->buffer, len, f->c->bucket_alloc);
++ apr_bucket_transient_create(start, len, f->c->bucket_alloc);
+ APR_BRIGADE_INSERT_TAIL(bb, bucket);
+ }
+
diff --git a/httpd.spec b/httpd.spec
index 939447e..6c26dfe 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -7,7 +7,7 @@
Summary: Apache HTTP Server
Name: httpd
Version: 2.2.16
-Release: 1%{?dist}
+Release: 1.1%{?dist}
URL: http://httpd.apache.org/
Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
Source1: index.html
@@ -37,6 +37,7 @@ Patch25: httpd-2.2.11-selinux.patch
Patch26: httpd-2.2.9-suenable.patch
# Bug fixes
Patch54: httpd-2.2.0-authnoprov.patch
+Patch55: httpd-2.2.16-pr45444.patch
License: ASL 2.0
Group: System Environment/Daemons
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -126,6 +127,7 @@ Security (TLS) protocols.
%patch26 -p1 -b .suenable
%patch54 -p1 -b .authnoprov
+%patch55 -p1 -b .pr45444
# Patch in vendor/release string
sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
@@ -485,6 +487,9 @@ rm -rf $RPM_BUILD_ROOT
%{_libdir}/httpd/build/*.sh
%changelog
+* Fri Sep 17 2010 Joe Orton <jorton at redhat.com> - 2.2.16-1.1
+- add fix for PR 45444 (#634905)
+
* Tue Jul 27 2010 Joe Orton <jorton at redhat.com> - 2.2.16-1
- update to 2.2.16
More information about the scm-commits
mailing list