httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28218] New: - errors in regular expressions for LocationMatch cause silent failures
Date Mon, 05 Apr 2004 22:06:01 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28218>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28218

errors in regular expressions for LocationMatch cause silent failures

           Summary: errors in regular expressions for LocationMatch cause
                    silent failures
           Product: Apache httpd-1.3
           Version: 1.3.29
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: core
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: kjw@acm.org


We discovered a Location block that was not working in one of our apache 
configs and one of the few changes was the addition of a slightly broken 
looking regular expression which featured something like this

<Location ~ ^/something/||^/something-else/>

</Location>

The problem turned out to be the ||. I had a quick glance through the code and 
it reads like the regular expression library doesn't like this and regards it 
as an error (i note solaris egrep errors, perl thinks its ok). The problem is 
that this error is not reported to the user so the configuration appears to be 
ok when the process is started. I think this is both confused to the naive 
configuration creator and potentially dangerous if the Location block contains 
some critical (say, security-related) directives.

It looks like the (handful of) ap_pregcomp calls in http_core.c do not check 
for a NULL return code that would indicate a failed compilation. So this
affects Location ~, LocationMatch, Directory ~, DirectoryMatch, Files ~, 
FilesMatch.

Perhaps this problem exists in apache 2.0 as well? And maybe other areas of 
apache 1.3 (not mod_alias, just had a look there!).

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message