[Pkg-fedora-ds-maintainers] [libapache2-mod-nss] 87/156: Resolves: 241936
Timo Aaltonen
tjaalton-guest at moszumanska.debian.org
Wed Jul 2 13:55:31 UTC 2014
This is an automated email from the git hooks/post-receive script.
tjaalton-guest pushed a commit to branch master
in repository libapache2-mod-nss.
commit 68b364f5e9225989560e22217b05475ffe53832a
Author: rcritten <>
Date: Thu May 31 21:36:03 2007 +0000
Resolves: 241936
Bring in some updates based on diffs from 2.0.59 to 2.2.4
- Do explicit TRUE/FALSE tests with sc->enabled to see if SSL is enabled.
Don't depend on the fact that TRUE == 1
- Remove some dead code
- Minor update to the buffer code that buffers POST data during a
renegotation
- Optimize setting environment variables by using a switch statement.
---
mod_nss.c | 2 +-
mod_nss.h | 3 --
nss_engine_init.c | 6 +--
nss_engine_io.c | 12 +++--
nss_engine_kernel.c | 6 +--
nss_engine_vars.c | 131 ++++++++++++++++++++++++++++++----------------------
nss_util.c | 48 +------------------
7 files changed, 91 insertions(+), 117 deletions(-)
diff --git a/mod_nss.c b/mod_nss.c
index 31632a8..34b528e 100644
--- a/mod_nss.c
+++ b/mod_nss.c
@@ -206,7 +206,7 @@ int nss_engine_disable(conn_rec *c)
SSLConnRec *sslconn;
- if (!sc->enabled) {
+ if (sc->enabled == FALSE) {
return 0;
}
diff --git a/mod_nss.h b/mod_nss.h
index 51df89c..ceaa5d5 100644
--- a/mod_nss.h
+++ b/mod_nss.h
@@ -446,9 +446,6 @@ void nss_io_filter_register(apr_pool_t *p);
/* Utility Functions */
char *nss_util_vhostid(apr_pool_t *, server_rec *);
-void nss_util_strupper(char *);
-void nss_util_uuencode(char *, const char *, BOOL);
-void nss_util_uuencode_binary(unsigned char *, const unsigned char *, int, BOOL);
apr_file_t *nss_util_ppopen(server_rec *, apr_pool_t *, const char *,
const char * const *);
void nss_util_ppclose(server_rec *, apr_pool_t *, apr_file_t *);
diff --git a/nss_engine_init.c b/nss_engine_init.c
index a1a8d9a..b87b03c 100644
--- a/nss_engine_init.c
+++ b/nss_engine_init.c
@@ -1036,13 +1036,13 @@ void nss_init_ConfigureServer(server_rec *s,
apr_pool_t *ptemp,
SSLSrvConfigRec *sc)
{
- if (sc->enabled) {
+ if (sc->enabled == TRUE) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Configuring server for SSL protocol");
nss_init_server_ctx(s, p, ptemp, sc);
}
- if (sc->proxy_enabled) {
+ if (sc->proxy_enabled == TRUE) {
ap_log_error(APLOG_MARK, APLOG_INFO, 0, s,
"Enabling proxy.");
nss_init_proxy_ctx(s, p, ptemp, sc);
@@ -1070,7 +1070,7 @@ apr_status_t nss_init_ModuleKill(void *data)
for (s = base_server; s; s = s->next) {
sc = mySrvConfig(s);
- if (sc->enabled) {
+ if (sc->enabled == TRUE) {
if (sc->server->nickname) {
CERT_DestroyCertificate(sc->server->servercert);
SECKEY_DestroyPrivateKey(sc->server->serverkey);
diff --git a/nss_engine_io.c b/nss_engine_io.c
index 8010f89..892f11c 100644
--- a/nss_engine_io.c
+++ b/nss_engine_io.c
@@ -578,8 +578,7 @@ static apr_status_t nss_io_filter_error(ap_filter_t *f,
switch (status) {
case HTTP_BAD_REQUEST:
/* log the situation */
- ap_log_error(APLOG_MARK, APLOG_INFO, 0,
- f->c->base_server,
+ ap_log_error(APLOG_MARK, APLOG_INFO, 0, f->c->base_server,
"SSL handshake failed: HTTP spoken on HTTPS port; "
"trying to send HTML error page");
@@ -924,6 +923,7 @@ static void nss_io_output_create(nss_filter_ctx_t *filter_ctx, conn_rec *c)
struct modnss_buffer_ctx {
apr_bucket_brigade *bb;
+ apr_pool_t *pool;
};
int nss_io_buffer_fill(request_rec *r)
@@ -936,7 +936,8 @@ int nss_io_buffer_fill(request_rec *r)
/* Create the context which will be passed to the input filter. */
ctx = apr_palloc(r->pool, sizeof *ctx);
- ctx->bb = apr_brigade_create(r->pool, c->bucket_alloc);
+ apr_pool_create(&ctx->pool, r->pool);
+ ctx->bb = apr_brigade_create(ctx->pool, c->bucket_alloc);
/* ... and a temporary brigade. */
tempb = apr_brigade_create(r->pool, c->bucket_alloc);
@@ -981,7 +982,7 @@ int nss_io_buffer_fill(request_rec *r)
total += len;
}
- rv = apr_bucket_setaside(e, r->pool);
+ rv = apr_bucket_setaside(e, ctx->pool);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
"could not setaside bucket for SSL buffer");
@@ -1059,6 +1060,9 @@ static apr_status_t nss_io_filter_buffer(ap_filter_t *f,
* the APR_BRIGADE_* macros. */
APR_RING_UNSPLICE(d, e, link);
APR_RING_SPLICE_HEAD(&bb->list, d, e, apr_bucket, link);
+
+ APR_BRIGADE_CHECK_CONSISTENCY(bb);
+ APR_BRIGADE_CHECK_CONSISTENCY(ctx->bb);
}
}
else {
diff --git a/nss_engine_kernel.c b/nss_engine_kernel.c
index 0e5b8ad..ae56cf2 100644
--- a/nss_engine_kernel.c
+++ b/nss_engine_kernel.c
@@ -130,7 +130,7 @@ int nss_hook_Access(request_rec *r)
* no further access control checks are relevant. The test for
* sc->enabled is probably strictly unnecessary
*/
- if (!(sc->enabled || !ssl)) {
+ if (!((sc->enabled == TRUE) || !ssl)) {
return DECLINED;
}
@@ -619,7 +619,7 @@ int nss_hook_UserCheck(request_rec *r)
* - ssl not enabled
* - client did not present a certificate
*/
- if (!(sc->enabled && sslconn && sslconn->ssl && sslconn->client_cert) ||
+ if (!((sc->enabled == TRUE) && sslconn && sslconn->ssl && sslconn->client_cert) ||
!(dc->nOptions & SSL_OPT_FAKEBASICAUTH) || r->user)
{
return DECLINED;
@@ -781,7 +781,7 @@ int nss_hook_Fixup(request_rec *r)
/*
* Check to see if SSL is on
*/
- if (!(sc->enabled && sslconn && (ssl = sslconn->ssl))) {
+ if (!((sc->enabled == TRUE) && sslconn && (ssl = sslconn->ssl))) {
return DECLINED;
}
diff --git a/nss_engine_vars.c b/nss_engine_vars.c
index b41f412..80480e7 100644
--- a/nss_engine_vars.c
+++ b/nss_engine_vars.c
@@ -80,59 +80,82 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
* Request dependent stuff
*/
if (r != NULL) {
- if (strcEQ(var, "HTTP_USER_AGENT"))
- result = nss_var_lookup_header(p, r, "User-Agent");
- else if (strcEQ(var, "HTTP_REFERER"))
- result = nss_var_lookup_header(p, r, "Referer");
- else if (strcEQ(var, "HTTP_COOKIE"))
- result = nss_var_lookup_header(p, r, "Cookie");
- else if (strcEQ(var, "HTTP_FORWARDED"))
- result = nss_var_lookup_header(p, r, "Forwarded");
- else if (strcEQ(var, "HTTP_HOST"))
- result = nss_var_lookup_header(p, r, "Host");
- else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
- result = nss_var_lookup_header(p, r, "Proxy-Connection");
- else if (strcEQ(var, "HTTP_ACCEPT"))
- result = nss_var_lookup_header(p, r, "Accept");
- else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
- /* all other headers from which we are still not know about */
- result = nss_var_lookup_header(p, r, var+5);
- else if (strcEQ(var, "THE_REQUEST"))
- result = r->the_request;
- else if (strcEQ(var, "REQUEST_METHOD"))
- result = (char *)(r->method);
- else if (strcEQ(var, "REQUEST_SCHEME"))
+ switch (var[0]) {
+ case 'H':
+ case 'h':
+ if (strcEQ(var, "HTTP_USER_AGENT"))
+ result = nss_var_lookup_header(p, r, "User-Agent");
+ else if (strcEQ(var, "HTTP_REFERER"))
+ result = nss_var_lookup_header(p, r, "Referer");
+ else if (strcEQ(var, "HTTP_COOKIE"))
+ result = nss_var_lookup_header(p, r, "Cookie");
+ else if (strcEQ(var, "HTTP_FORWARDED"))
+ result = nss_var_lookup_header(p, r, "Forwarded");
+ else if (strcEQ(var, "HTTP_HOST"))
+ result = nss_var_lookup_header(p, r, "Host");
+ else if (strcEQ(var, "HTTP_PROXY_CONNECTION"))
+ result = nss_var_lookup_header(p, r, "Proxy-Connection");
+ else if (strcEQ(var, "HTTP_ACCEPT"))
+ result = nss_var_lookup_header(p, r, "Accept");
+ else if (strlen(var) > 5 && strcEQn(var, "HTTP:", 5))
+ /* all other headers from which we are still not know about */
+ result = nss_var_lookup_header(p, r, var+5);
+ break;
+
+ case 'R':
+ case 'r':
+ if (strcEQ(var, "REQUEST_METHOD"))
+ result = (char *)(r->method);
+ else if (strcEQ(var, "REQUEST_SCHEME"))
#if AP_SERVER_MINORVERSION_NUMBER < 2 /* See comment in mod_nss.h */
- result = (char *)ap_http_method(r);
+ result = (char *)ap_http_method(r);
#else
- result = (char *)ap_http_scheme(r);
+ result = (char *)ap_http_scheme(r);
#endif
- else if (strcEQ(var, "REQUEST_URI"))
- result = r->uri;
- else if (strcEQ(var, "SCRIPT_FILENAME") ||
- strcEQ(var, "REQUEST_FILENAME"))
- result = r->filename;
- else if (strcEQ(var, "PATH_INFO"))
- result = r->path_info;
- else if (strcEQ(var, "QUERY_STRING"))
- result = r->args;
- else if (strcEQ(var, "REMOTE_HOST"))
- result = (char *)ap_get_remote_host(r->connection,
+ else if (strcEQ(var, "REQUEST_URI"))
+ result = r->uri;
+ else if (strcEQ(var, "REQUEST_FILENAME"))
+ result = r->filename;
+ else if (strcEQ(var, "REMOTE_HOST"))
+ result = (char *)ap_get_remote_host(r->connection,
r->per_dir_config, REMOTE_NAME, NULL);
- else if (strcEQ(var, "REMOTE_IDENT"))
- result = (char *)ap_get_remote_logname(r);
- else if (strcEQ(var, "IS_SUBREQ"))
- result = (r->main != NULL ? "true" : "false");
- else if (strcEQ(var, "DOCUMENT_ROOT"))
- result = (char *)ap_document_root(r);
- else if (strcEQ(var, "SERVER_ADMIN"))
- result = r->server->server_admin;
- else if (strcEQ(var, "SERVER_NAME"))
- result = (char *)ap_get_server_name(r);
- else if (strcEQ(var, "SERVER_PORT"))
- result = apr_psprintf(p, "%u", ap_get_server_port(r));
- else if (strcEQ(var, "SERVER_PROTOCOL"))
- result = r->protocol;
+ else if (strcEQ(var, "REMOTE_IDENT"))
+ result = (char *)ap_get_remote_logname(r);
+ else if (strcEQ(var, "REMOTE_USER"))
+ result = r->user;
+ break;
+
+ case 'S':
+ case 's':
+ if (strcEQn(var, "SSL", 3)) break; /* shortcut common case */
+
+ if (strcEQ(var, "SERVER_ADMIN"))
+ result = r->server->server_admin;
+ else if (strcEQ(var, "SERVER_NAME"))
+ result = (char *)ap_get_server_name(r);
+ else if (strcEQ(var, "SERVER_PORT"))
+ result = apr_psprintf(p, "%u", ap_get_server_port(r));
+ else if (strcEQ(var, "SERVER_PROTOCOL"))
+ result = r->protocol;
+ else if (strcEQ(var, "SCRIPT_FILENAME"))
+ result = r->filename;
+ break;
+
+ default:
+ if (strcEQ(var, "PATH_INFO"))
+ result = r->path_info;
+ else if (strcEQ(var, "QUERY_STRING"))
+ result = r->args;
+ else if (strcEQ(var, "IS_SUBREQ"))
+ result = (r->main != NULL ? "true" : "false");
+ else if (strcEQ(var, "DOCUMENT_ROOT"))
+ result = (char *)ap_document_root(r);
+ else if (strcEQ(var, "AUTH_TYPE"))
+ result = r->ap_auth_type;
+ if (strcEQ(var, "THE_REQUEST"))
+ result = r->the_request;
+ break;
+ }
}
/*
@@ -140,15 +163,11 @@ char *nss_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
*/
if (result == NULL && c != NULL) {
SSLConnRec *sslconn = myConnConfig(c);
- if (strcEQ(var, "REMOTE_ADDR"))
- result = c->remote_ip;
- else if (strcEQ(var, "REMOTE_USER"))
- result = r->user;
- else if (strcEQ(var, "AUTH_TYPE"))
- result = r->ap_auth_type;
- else if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
+ if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
&& sslconn && sslconn->ssl)
result = nss_var_lookup_ssl(p, c, var+4);
+ else if (strcEQ(var, "REMOTE_ADDR"))
+ result = c->remote_ip;
else if (strcEQ(var, "HTTPS")) {
if (sslconn && sslconn->ssl)
result = "on";
diff --git a/nss_util.c b/nss_util.c
index 2a5b91c..c8dc74f 100644
--- a/nss_util.c
+++ b/nss_util.c
@@ -36,7 +36,7 @@ char *nss_util_vhostid(apr_pool_t *p, server_rec *s)
port = s->port;
else {
sc = mySrvConfig(s);
- if (sc->enabled)
+ if (sc->enabled == TRUE)
port = DEFAULT_HTTPS_PORT;
else
port = DEFAULT_HTTP_PORT;
@@ -45,52 +45,6 @@ char *nss_util_vhostid(apr_pool_t *p, server_rec *s)
return id;
}
-void nss_util_strupper(char *s)
-{
- for (; *s; ++s)
- *s = apr_toupper(*s);
- return;
-}
-
-static const char nss_util_uuencode_six2pr[64+1] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
-
-void nss_util_uuencode(char *szTo, const char *szFrom, BOOL bPad)
-{
- nss_util_uuencode_binary((unsigned char *)szTo,
- (const unsigned char *)szFrom,
- strlen(szFrom), bPad);
-}
-
-void nss_util_uuencode_binary(unsigned char *szTo,
- const unsigned char *szFrom,
- int nLength, BOOL bPad)
-{
- const unsigned char *s;
- int nPad = 0;
-
- for (s = szFrom; nLength > 0; s += 3) {
- *szTo++ = nss_util_uuencode_six2pr[s[0] >> 2];
- *szTo++ = nss_util_uuencode_six2pr[(s[0] << 4 | s[1] >> 4) & 0x3f];
- if (--nLength == 0) {
- nPad = 2;
- break;
- }
- *szTo++ = nss_util_uuencode_six2pr[(s[1] << 2 | s[2] >> 6) & 0x3f];
- if (--nLength == 0) {
- nPad = 1;
- break;
- }
- *szTo++ = nss_util_uuencode_six2pr[s[2] & 0x3f];
- --nLength;
- }
- while(bPad && nPad--) {
- *szTo++ = NUL;
- }
- *szTo = NUL;
- return;
-}
-
apr_file_t *nss_util_ppopen(server_rec *s, apr_pool_t *p, const char *cmd,
const char * const *argv)
{
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-fedora-ds/libapache2-mod-nss.git
More information about the Pkg-fedora-ds-maintainers
mailing list