From 96e026c1815f123e5a60ee106cb802fc841faa6c Mon Sep 17 00:00:00 2001 From: root Date: Thu, 29 Apr 2021 00:02:41 +0000 Subject: Fix filter-related bug Apparently, an Apache filter can be invoked more than once for a single request, depending on the size of the contents [1]. Luckily, though, a filter can save state in the ctx field [1,2]. The solution isn't perfect, as it can't handle arbitrary long heads, but they're very unlikely. [1] https://httpd.apache.org/docs/2.4/developer/output-filters.html#invocation [2] https://perl.apache.org/docs/2.0/user/handlers/filters.html#Introducing_Filters --- README | 55 ++++++++++++++++++++++++--------------------- lib/Apache/Inject.pm | 16 +++++++++++++ lib/Apache/Inject/Filter.pm | 32 ++++++++++++++++++-------- 3 files changed, 69 insertions(+), 34 deletions(-) diff --git a/README b/README index ebbea98..f8fe202 100644 --- a/README +++ b/README @@ -116,31 +116,36 @@ OPERATION and forwards their combined contents. CAVEATS - Apache::Inject::Filter uses a regular expression to determine the proper - location of the injected header. It supports all valid HTML. However, it - does not parse embedded CSS and JavaScript, which means that it is - *possible* to construct an example where it will fail: - - */ - /* this looks like an opening tag for a new element: */ - </script> - <body> - This is where the header <i>should</i> be inserted. - <script> - /* this looks like the closing tag for the title: - This is where the header is actually inserted. - */ - - - - This specific type of document, however, is *incredibly* unlikely. In - this case, an ad-hoc solution is simpler, more efficient and more - maintainable than a general one. - - On FreeBSD, you may need to enable the accf_http kernel module in order - for the tests to work. Note that Apache::Inject works fine without the - module; it is only the tests that require it. + * Apache::Inject::Filter uses a regular expression to determine the + proper location of the injected header. It supports all valid HTML. + However, it does not parse embedded CSS and JavaScript, which means + that it is *possible* to construct an example where it will fail: + + */ + /* this looks like an opening tag for a new element: */ + </script> + <body> + This is where the header <i>should</i> be inserted. + <script> + /* this looks like the closing tag for the title: + This is where the header is actually inserted. + */ + + + + This specific type of document, however, is *incredibly* unlikely. + In this case, an ad-hoc solution is simpler, more efficient and more + maintainable than a general one. + + * Because of how Apache filters work, Inject may fail to find the end + of the if the is very long (in my experience over 7000 + characters). If this happens, it will decline the request, and the + contents will be served as though Inject had not been enabled. + + * On FreeBSD, you may need to enable the accf_http kernel module in + order for the tests to work. Note that Apache::Inject works fine + without the module; it is only the tests that require it. DIAGNOSTICS Apache::Inject and Apache::Inject::Filter log all errors and warnings to diff --git a/lib/Apache/Inject.pm b/lib/Apache/Inject.pm index 1d6f49b..68e003e 100644 --- a/lib/Apache/Inject.pm +++ b/lib/Apache/Inject.pm @@ -182,6 +182,10 @@ intelligently and forwards their combined contents. =head1 CAVEATS +=over + +=item * + Apache::Inject::Filter uses a regular expression to determine the proper location of the injected header. It supports all valid HTML. However, it does not parse embedded CSS and JavaScript, which means @@ -204,10 +208,22 @@ This specific type of document, however, is I unlikely. In this case, an ad-hoc solution is simpler, more efficient and more maintainable than a general one. +=item * + +Because of how Apache filters work, Inject may fail to find the end +of the EheadE if the EheadE is very long (in my +experience over 7000 characters). If this happens, it will decline +the request, and the contents will be served as though Inject had +not been enabled. + +=item * + On FreeBSD, you may need to enable the accf_http kernel module in order for the tests to work. Note that Apache::Inject works fine without the module; it is only the tests that require it. +=back + =head1 DIAGNOSTICS Apache::Inject and Apache::Inject::Filter log all errors and diff --git a/lib/Apache/Inject/Filter.pm b/lib/Apache/Inject/Filter.pm index f87cdc1..67511e2 100644 --- a/lib/Apache/Inject/Filter.pm +++ b/lib/Apache/Inject/Filter.pm @@ -49,15 +49,29 @@ sub handler : FilterRequestHandler { return DECLINED; } - my ($buf, $content); - $content .= $buf while $f->read($buf); - return DECLINED if not $content =~ /$doc/; - - $f->print($+{head}) if $+{head}; - inject($f, "InjectHead"); - $f->print($+{body}) if $+{body}; - inject($f, "InjectFoot"); - $f->print($+{rest}) if $+{rest}; + # First pass + if (not $f->ctx) { + my ($buf, $content); + $content .= $buf while $f->read($buf); + if (not $content =~ /$doc/) { + $f->r->warn('Inject: Cannot find ( too long?)'); + return DECLINED; + } + + $f->print($+{head}) if $+{head}; + inject($f, "InjectHead"); + $f->print($+{body}) if $+{body}; + inject($f, "InjectFoot"); + $f->print($+{rest}) if $+{rest}; + + $f->ctx(1); + } + + # Any subsequent pass + else { + my $buf; + $f->print($buf) while $f->read($buf); + } return OK; } -- cgit v1.2.3