Turn some APR_BUCKET_REMOVE(e)+apr_bucket_destroy(e) into the equivalent apr_bucket_delete(e) to reduce code verbosity

core, mod_cache: Ensure RFC2616 compliance in ap_meets_conditions() with weak validation combined with If-Range and Range headers. Break out explicit conditional header checks to be useable elsewhere in the server. Ensure weak validation RFC compliance in the byteranges filter. Ensure RFC validation compliance when serving cached entities. PR 16142

Remove support for Request-Range header sent by Navigator 2-3 and MSIE 3

Add lots of unique tags to error log messages

Adjust log message to reflect changed behaviour

Put 0- on the fast-track

Cleanup effort in prep for GA push: Trim trailing whitespace... no func change

use random value as multipart range boundary to prevent leaking information about the used MPM

Add in MaxRangeOverlaps and MaxRangeReversals to accomodate more control over acceptable Range headers: See: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/311

Save creation of merged until we know we will actually need and use it.

return some range params admins may want to control (overlaps and reversals)

Remove function so we can grab over core_conf elements easily

Reorg so we don't need forward def...

Reset

No reason for the advanced def... Open hook for other conf factors (number of overlaps, etc)... Return some range params...

What getpid()? No backport of this edit is needed.

add AP_ prefix to recently added DEFAULT_MAX_RANGES

take care of some MaxRanges feedback: * allow "none" to be expressed in config * send Accept-Ranges: none with MaxRanges none * stop accepting confusing/ambiguous "0", start accepting "unlimited".

* modules/http/byterange_filter.c (ap_byterange_filter): Don't reveal the pid in the boundary delimiter (part of CVE-2003-1418).

Revert r1163833: Send a 206 response for a "Range: bytes=0-" request, even if 200 would be more efficient. As discussed on list: Clients that use the 206 response to detect range support are considered broken and should be fixed to use the Accept-Ranges header instead.

* Buckets of known length should be always splitable. So we don't need to care about the APR_ENOTIMPL case. Submitted by: jorton Reviewed by: rpluem

* Fix a regression in the CVE-2011-3192 byterange fix: Range: bytes=-1 Resulted in the first two bytes delivered, not in the last one. PR: 51748 Submitted by: low_priority <lowprio20 gmail.com> Reviewed by: rpluem

Remove log message left over from debugging.

* Fix error message

* Whitespace police. No functional change

* Ranges like --2 or -0 are invalid

Fix some RFC 2616 14.35.1 compliance issues: - If there is at least one syntactically invalid byte-range-spec, we must ignore the whole header. - If all ranges are unsatisfiable, send 416.

Send a 206 response for a "Range: bytes=0-" request, even if 200 would be more efficient.

* Silence compiler warning

Remove some unused code that was included in r1162131 by accident or merge error.

* We don't need a copy of the original range as we don't change it. A pointer to it is sufficient

* Bit operators should be more efficient then the modulo operator (provided the compiler does not optimize on its own)

Unset Content-Length if we call ap_pass_brigade several times

add MaxRanges directive institute a default limit of 200 (post-merge where applicable) Ranges before returning the complete resource. (minor mmn bump for core_dir_config addition)

Fix iteration over string

Every 32 ranges, pass the prepared ranges down the filter chain.

* Do a better estimation on how elements we should allocate: Preallocate the number of ranges as number of elements as this works good for well behaving clients which we assume to be the most cases, but do cut this at the arbitrary number of 100 to avoid too large preallocations.

* Silence compiler warning

* Damm it. Missed another superflous whitespace.

* More style police. No functional changes

* Style police. No functional changes

merge some more adjacent ranges such as a-n,n+1-b, and refactor/reduce the tests on the start/end positions.

reverting. got feedback that maybe we don't want to merge 4-5,1-2 into 1-5

merge totally reversed ranges like 4-5,1-2 into 1-5 I interpret the former test if (!(end <= ostart || start-1 >= oend)) { as if (not(end is bad || start is good)) { merge } ORing the bad condition with the good doesn't produce the desired result. it is not necessary to test "end" due to the conditions tested in the assert.

fix typo

remove obsolete macro

If the sum of all ranges in a request is not smaller than the file, fall back to 200. This takes care of potential DoS issues from ranges like 0-100,1000-,0-100,1000-,...

fix function name in log message

Remove traces of byterange_ctx, it's not necessary anymore Initialize some variables to avoid (false positive) warnings with gcc 4.6.1

not ruby

Final tuneage

one off

remove merge hit r1161778

More merge fixes...

Reset with latest

Put parsed ranges into an array and perform merges on that array.

count ranges by simply counting commas

Remove the merging code from ap_set_byterange() again, will move it to ap_byterange_filter

fix new breakage introduced by r1161767

avoid inserting the same bucket into bbout twice, causing an endless loop

0 is OK

no longer used

Save a few cycles... do reason to set in_merge if we already have

Optimize... and break if we get eg 200-100

Merge in byteranges

* Once the comparsion is true we never return here since we break from the loop.

* We need to use > instead of >= as if end64 is the first byte of the next bucket we need to memorize this one and not the one before.

* The first condition is not needed as pos >=0. If the first one is true the second one is true either. If the second one is false the first one is false as well.

* Adjust comment and don't get fooled by a negative end

* As reads might have morphed the bucket and its length read until we reached the correct bucket for splitting.

Remove some merging fun between Rüdiger and my patches ;)

simple name change for clarity

More casting help...

* Remove duplicate condition

* Use apr_uint64_t throughout instead of mixing apr_off_t and apr_size_t

first round of cleanups

Fold in Stefan's initial PoC for fixing memory issues with ranges by keeping orig brigade untouched and avoiding 1byte brigades (related to CVE-2011-3192)

Remove spurious braces to fix clang warning

This is rather irritating. We override exit() throughout the httpd build in order to intercept and report our status through the service control manager. We must include process.h prior to overriding exit(). I seem to remember that this is the reason apr.hw once included process.h unilaterally, to avoid this conflict over exit.

Added header include for getpid() prototype on Win32.

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

Make sure to not destroy bucket brigades that have been created by earlier filters. Otherwise the pool cleanups would be removed causing potential memory leaks later on.

Disabled DefaultType directive and removed ap_default_type() from core. We now exclude Content-Type from responses for which a media type has not been configured via mime.types, AddType, ForceType, or some other mechanism. MMN major bump to NZ time. PR: 13986

Remove all references to CORE_PRIVATE.

Add "DefaultType None" option PR 13986 and PR 16139

update license header text

Update the copyright year in all .c, .h and .xml files

No functional Change: Removing trailing whitespace. This also means that "blank" lines consisting of just spaces or tabs are now really blank lines

* modules/http/byterange_filter.c (ap_byterange_filter): Update some comments.

* modules/http/byterange_filter.c (ap_byterange_filter): No functional changes: reflow/reformat after r188797.

* modules/http/byterange_filter.c (ap_byterange_filter): Refuse to byterange any response which may require the consumption of arbitrary amounts of memory. (functional changes split from whitespace/reflow changes which will follow in a separate commit) Reviewed by: jerenkrantz (several moons ago) PR: 29962

Update copyright year to 2005 and standardize on current copyright owner line.

Initial pass at refactoring some files to eliminate our 150K C source behemoths. * Makefile.in: Change order of dependencies to bring in exports.o first so that we have every symbol 'used' before the linker starts processing. * build/rules.mk.in: Add a 'program-install' target which just copies httpd. * server/Makefile.in, modules/http/config2.m4: Add in new file targets. * NWGNUmakefile, libhttpd.dsp: Blind updates for Netware and Win32. (I tried.) * server/core.c: Move core_input_filter, net_time_filter, and core_output_filter and all supporting functions to... * server/core_filters.c (copied): ...here. * modules/http/http_protocol.c: Move functions from here to there...namely: * modules/http/byterange_filter.c (copied): Relocate ap_byterange_filter() and friends. * modules/http/chunk_filter.c (copied): Relocate chunk_filter(). * modules/http/http_etag.c (copied): Relocate ap_set_etag and ap_make_etag(). * modules/http/http_filters.c (copied): Relocate ap_http_filter(), ap_http_header_filter(), ap_discard_request_body(), ap_setup_client_block(), ap_should_client_block(), and ap_get_client_block().