httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0/server core.c
Date Mon, 20 Sep 2004 20:12:20 GMT
jorton      2004/09/20 13:12:20

  Modified:    .        CHANGES
               server   core.c
  Log:
  * server/core.c (merge_core_dir_configs): Fix Satisfy merging since
  per-method Satisfy feature was added.
  
  PR: 31315
  Submitted by: Rici Lake <rici ricilake.net>
  
  Revision  Changes    Path
  1.1594    +5 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1593
  retrieving revision 1.1594
  diff -d -w -u -r1.1593 -r1.1594
  --- CHANGES	19 Sep 2004 23:11:10 -0000	1.1593
  +++ CHANGES	20 Sep 2004 20:12:19 -0000	1.1594
  @@ -2,6 +2,11 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
  +     Fix merging of the Satisfy directive, which was applied to 
  +     the surrounding context and could allow access despite configured
  +     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
  +
     *) Fix the global mutex crash when the global mutex is never allocated due
        to disabled/empty caches. [Jess Holle <jessh ptc.com>]
   
  
  
  
  1.286     +4 -0      httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.285
  retrieving revision 1.286
  diff -d -w -u -r1.285 -r1.286
  --- core.c	13 Sep 2004 13:19:10 -0000	1.285
  +++ core.c	20 Sep 2004 20:12:20 -0000	1.286
  @@ -353,9 +353,13 @@
       /* Otherwise we simply use the base->sec_file array
        */
   
  +    /* use a separate ->satisfy[] array either way */
  +    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
       for (i = 0; i < METHODS; ++i) {
           if (new->satisfy[i] != SATISFY_NOSPEC) {
               conf->satisfy[i] = new->satisfy[i];
  +        } else {
  +            conf->satisfy[i] = base->satisfy[i];
           }
       }
   
  
  
  

Mime
View raw message