Ticket #536 (new defect)

Opened 2 years ago

Last modified 7 months ago

add recursion to the SSI #include directive - patch included

Reported by: marc@r4l.com Assigned to: jan
Priority: normal Milestone:
Component: mod_ssi Version: 1.4.16
Severity: normal Keywords: ssi include recursion patch
Cc: Blocking:
Need Feedback: 0

Description

The following patch allow for recursion in SSI include directive (up to 25 in depth): 

--- mod_ssi.c.dist      2006-02-10 13:33:00.000000000 -0500
+++ mod_ssi.c   2006-02-20 10:01:00.000000000 -0500
@@ -576,7 +576,24 @@
                                }
                                break;
                        case SSI_INCLUDE:
-                               chunkqueue_append_file(con->write_queue, p->stat_fn, 0, st.st_size);
+                               // do recursive SSI expansion
+
+                               // prevents infinite loop
+                               if (con->loops_per_request > 25 || buffer_is_equal(con->physical.path, p->stat_fn)) {
+                                       buffer_copy_string(srv->tmp_buf, "<!-- your include directives create an infinite loop;
 aborting -->");
+                                       chunkqueue_append_buffer(con->write_queue, srv->tmp_buf);
+                                       break;
+                               }
+
+                               tmp = buffer_init();
+                               buffer_copy_string_buffer(tmp, con->physical.path); // save path of current document
+                               buffer_copy_string_buffer(con->physical.path, p->stat_fn); // next sub-document to parse
+                               if (mod_ssi_physical_path(srv,con,p) != HANDLER_FINISHED) {
+                                       // the document was not processed, so write it as is
+                                       chunkqueue_append_file(con->write_queue, con->physical.path, 0, st.st_size);
+                               }
+                               buffer_copy_string_buffer(con->physical.path, tmp); // restore saved path
+                               buffer_free(tmp);
                                break;
                        }
                } else {
@@ -1046,6 +1063,8 @@

        if (con->physical.path->used == 0) return HANDLER_GO_ON;

+       con->loops_per_request++;
+
        mod_ssi_patch_connection(srv, con, p);

        for (k = 0; k < p->conf.ssi_extension->used; k++) {

Attachments

lighttpd.ssi.patch (1.8 kB) - added by dhazeghi on 06/04/2006 06:36:57 PM.
updated patch for lighttpd 1.4.11
mod_ssi.c.diff (2.7 kB) - added by marc@r4l.com on 02/28/2007 05:26:49 PM.
SSI_INCLUDE recursion patch WITH code for ssi.max_recursion option
mod_ssi.c.2.diff (2.7 kB) - added by marc@r4l.com on 02/28/2007 05:29:21 PM.
same as previous, with ssi.max_recursion default value set to 1
mod_ssi.patch (3.3 kB) - added by marc@r4l.com on 02/28/2007 06:23:07 PM.
Add missing mod_ssi.h modifications
mod_ssi_recursion-1.4.15.patch (12.4 kB) - added by dustin@spy.net on 05/11/2007 07:21:46 PM.
rerursive SSI for 1.4.15
mod_ssi_recursion-1.4.15.2.patch (4.0 kB) - added by dustin@spy.net on 05/11/2007 07:34:07 PM.
recursive SSI for 1.4.15 (minus whitespace garbage from previous patch)

Change History

06/04/2006 06:36:57 PM changed by dhazeghi

  • attachment lighttpd.ssi.patch added.

updated patch for lighttpd 1.4.11

08/14/2006 11:36:09 AM changed by rob@inversepath.com

Please make the 25 limit a configuration option, or use a different loop detection method. It's perfectly valid/safe to have one file which includes more than 25 ssi include statements. With this patch that is not possible.

02/28/2007 05:26:49 PM changed by marc@r4l.com

  • attachment mod_ssi.c.diff added.

SSI_INCLUDE recursion patch WITH code for ssi.max_recursion option

02/28/2007 05:29:21 PM changed by marc@r4l.com

  • attachment mod_ssi.c.2.diff added.

same as previous, with ssi.max_recursion default value set to 1

02/28/2007 05:31:53 PM changed by marc@r4l.com

The last patch included is against latest trunk (1.5.0). VERY EASY to apply against trunk.

02/28/2007 06:23:07 PM changed by marc@r4l.com

  • attachment mod_ssi.patch added.

Add missing mod_ssi.h modifications

05/11/2007 07:21:46 PM changed by dustin@spy.net

  • attachment mod_ssi_recursion-1.4.15.patch added.

rerursive SSI for 1.4.15

05/11/2007 07:34:07 PM changed by dustin@spy.net

  • attachment mod_ssi_recursion-1.4.15.2.patch added.

recursive SSI for 1.4.15 (minus whitespace garbage from previous patch)

09/05/2007 11:43:20 AM changed by nairbv

  • version changed from 1.4.10 to 1.4.16.
  • type changed from enhancement to defect.
  • blocking changed.
  • pending changed.

I just installed the Windows version of lighttpd, LightTPD-1.4.16-Win32-NoSSL.exe (the ssl version didn't install, but that's another story). I downloaded it from http://wlmp.dtech.hu/. BTW, Why can't I find the windows version on the lighttpd site?

Anyways, SSI doesn't recurse. It runs the include in the top level page, but doesn't process the SSI in the included pages. I know it's not a screw up in my SSI code because the site works fine on other servers, and I know it's not a config issue, because it does process the first page (unless there is some max-recurse setting? but I couldn't find one).

here's my version info: brian@brian-PC /cygdrive/c/LightTPD $ ./LightTPD.exe -v LightTPD-1.4.16 (Win32) A fast, secure and flexible webserver...

This version is built for WLMP Project - http://wlmp.dtech.hu/ Build-Date: Jul 27 2007 10:32:13

Maybe I should be talking to the WLMP people instead of posting here? It seems that I've got a version that should have this bug fixed though.

The (P.O.S.) operating system is Windows Vista if it matters.

Oh!, and I just remembered, I also installed the cygwin version (through the cygwin installer, but have since uninstalled it), ... It was version 1.4.16-1. SSI didn't recurse using that cygwin version either, so it's not just some problem with that WLMP auto-installing executable version.

Thanks,

-brian

09/05/2007 12:01:42 PM changed by darix

there is a 3rd party patch which hasnt be included so far. that said the issue is still open.

12/18/2007 01:50:00 AM changed by C Snover

The patch added 2007-05-11 19:34:07 "recursive SSI for 1.4.15 (minus whitespace garbage from previous patch)" inadvertently removed this line: 

URIHANDLER_FUNC(mod_ssi_physical_path);

from around line 294, which causes it to fail to compile.

Add/Change #536 (add recursion to the SSI #include directive - patch included)




Change Properties