httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r778942 - in /httpd/httpd/trunk: CHANGES modules/mappers/mod_alias.c
Date Wed, 27 May 2009 00:58:42 GMT
Author: niq
Date: Wed May 27 00:58:41 2009
New Revision: 778942

URL: http://svn.apache.org/viewvc?rev=778942&view=rev
Log:
mod_alias: Enforce sanity in args to Redirect
PR 44729

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/mappers/mod_alias.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=778942&r1=778941&r2=778942&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Wed May 27 00:58:41 2009
@@ -6,6 +6,9 @@
      mod_proxy_ajp: Avoid delivering content from a previous request which
      failed to send a request body. PR 46949 [Ruediger Pluem]
 
+  *) mod_alias: check sanity in Redirect arguments.
+     PR 44729 [Sönke Tesch <st kino-fahrplan.de>]
+
   *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
      PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
 

Modified: httpd/httpd/trunk/modules/mappers/mod_alias.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_alias.c?rev=778942&r1=778941&r2=778942&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/mappers/mod_alias.c (original)
+++ httpd/httpd/trunk/modules/mappers/mod_alias.c Wed May 27 00:58:41 2009
@@ -180,16 +180,21 @@
     const char *f = arg2;
     const char *url = arg3;
 
-    if (!strcasecmp(arg1, "gone"))
-        status = HTTP_GONE;
-    else if (!strcasecmp(arg1, "permanent"))
-        status = HTTP_MOVED_PERMANENTLY;
-    else if (!strcasecmp(arg1, "temp"))
-        status = HTTP_MOVED_TEMPORARILY;
-    else if (!strcasecmp(arg1, "seeother"))
-        status = HTTP_SEE_OTHER;
-    else if (apr_isdigit(*arg1))
-        status = atoi(arg1);
+    if (arg3 != NULL) {
+        if (!strcasecmp(arg1, "gone"))
+            status = HTTP_GONE;
+        else if (!strcasecmp(arg1, "permanent"))
+            status = HTTP_MOVED_PERMANENTLY;
+        else if (!strcasecmp(arg1, "temp"))
+            status = HTTP_MOVED_TEMPORARILY;
+        else if (!strcasecmp(arg1, "seeother"))
+            status = HTTP_SEE_OTHER;
+        else if (apr_isdigit(*arg1))
+            status = atoi(arg1);
+        else {
+            return "Redirect: invalid first argument (of three)";
+        }
+    }
     else {
         f = arg1;
         url = arg2;



Mime
View raw message