450a2ff1d5ebc7a2a695bcc1bab1972390415e9a 1652829 |
|
18-Jan-2015 |
rjung |
Silence compiler warnings:
- modules/aaa/mod_authnz_fcgi.c:705: warning:
'orspbuflen' may be used uninitialized in this function
- modules/aaa/mod_authnz_fcgi.c:1235: warning:
comparison is always false due to limited range of data type |
824a9ee628128474e166986dcb3a51310e7798fa 1640345 |
|
18-Nov-2014 |
ylavic |
mod_authnz_fcgi: we don't need to add the trailing '\0' to parse response headers since r1640036. |
0d0d3ba82362da5eed586c40333c03078cb34571 1640040 |
|
16-Nov-2014 |
ylavic |
mod_proxy_fcgi, mod_authnz_fcgi: stop reading the response and issue an error
when parsing or forwarding the response fails. |
49487586e883b50aa47a1da04f1d7ccb78e70b7d 1640036 |
|
16-Nov-2014 |
ylavic |
mod_proxy_fcgi: SECURITY: CVE-2014-3583 (cve.mitre.org)
Fix a potential crash with response headers' size above 8K.
The code changes to mod_authnz_fcgi keep the handle_headers()
function in sync between the two modules. mod_authnz_fcgi
does not have this issue because it allocated a separate byte
for terminating '\0'. |
504c4aa29f414902675559aa95d99b8707e03383 1640034 |
|
16-Nov-2014 |
ylavic |
Revert r1638818, r1639812, r1639717 and r1639814 for new staging. |
72a881b78500a91dae1264cfd9cabb236ba05e95 1639814 |
|
15-Nov-2014 |
ylavic |
mod_authnz_fcgi: follow up to r1639717.
Let ap_scan_script_header*() validate the headers. |
a179659fefc666307e246490dd68973486441ff1 1639717 |
|
14-Nov-2014 |
ylavic |
mod_authnz_fcgi: Fix a potential crash with response headers' size above 8K.
(similar to r1638818 for mod_proxy_fcgi). |
875918e15bac6f68ce1569f9e15fc81f3caeab9f 1611600 |
|
18-Jul-2014 |
rjung |
Silence compiler warning:
mod_authnz_fcgi.c:580:44: warning: 'orspbuflen'
may be used uninitialized in this function.
Not true but annoying. |
710362cca9d3cd3ec3de8907998598cd6fa79087 1585072 |
|
05-Apr-2014 |
trawick |
move a temporary table from r->pool to a temporary
pool we've already allocated in order to avoid a
longer lifetime than necessary for the table memory
Suggested by: jailletc36 |
7a42584e6f09102c6776454f090b98a58fd590eb 1585054 |
|
05-Apr-2014 |
trawick |
axe unnecessary preparation for some other module using
[ap_]connect_to_peer() and passing in its own module
identifier
Pointed out by: jailletc36 |
210116e11414ce7a3789652725be298b5f073056 1578762 |
|
18-Mar-2014 |
jailletc36 |
Use 'apr_table_setn' instead of 'apr_table_set' when possible in order to save memory. |
21a7a1304e24c6206608a59ca1f0a3c8b14c3b54 1541181 |
|
12-Nov-2013 |
trawick |
At least one authorizer that doesn't use libfcgi directly
or indirectly does not like getting an empty FCGI_STDIN
block. Don't send it. (Other mods for httpd didn't send
it to authorizers either.) |
2e3867b767f5f34e6ab6414670f3306806913810 1526647 |
|
26-Sep-2013 |
trawick |
allow building mod_authnz_fcgi with 2.4.x branch |
bbb64779da3514ea1fee8b806f5ad30d29ea45ab 1521909 |
|
11-Sep-2013 |
trawick |
Add "default user id" capability for authorizers that handle
check_authn and return success but don't have a specific user
id to assign (e.g., guest users). |
50cfe8bbbaf4279375802531268e2bf0155215fe 1515403 |
|
19-Aug-2013 |
trawick |
mod_authnz_fcgi: New module to enable FastCGI authorizer
applications to authenticate and/or authorize clients.
A fair amount of code was taken from or at least based on
mod_proxy_fcgi, with a smaller amount taken from mod_fcgid. |