httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r644050 - in /httpd/httpd/trunk: CHANGES modules/dav/main/mod_dav.c
Date Wed, 02 Apr 2008 20:55:17 GMT
Author: rpluem
Date: Wed Apr  2 13:55:16 2008
New Revision: 644050

URL: http://svn.apache.org/viewvc?rev=644050&view=rev
Log:
* Prevent a segfault if the destination URI of a copy / move operation is
  not under DAV control. Return 405 (Method not allowed) instead.

PR: 44734

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/dav/main/mod_dav.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=644050&r1=644049&r2=644050&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed Apr  2 13:55:16 2008
@@ -2,6 +2,9 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV
+     copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]
+
   *) Introduced ap_expr API for expression evaluation.
      This is adapted from mod_include, which is the first module
      to use the new API.

Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?rev=644050&r1=644049&r2=644050&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/mod_dav.c (original)
+++ httpd/httpd/trunk/modules/dav/main/mod_dav.c Wed Apr  2 13:55:16 2008
@@ -2632,6 +2632,11 @@
                                   "Destination URI had an error.");
     }
 
+    if (dav_get_provider(lookup.rnew) == NULL) {
+        return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
+                                  "DAV not enabled for Destination URI.");
+    }
+
     /* Resolve destination resource */
     err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
                            0 /* use_checked_in */, &resnew);



Mime
View raw message