httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: bugs in 1.1.2
Date Mon, 13 Jan 1997 19:05:12 GMT
Marc Slemko wrote:
> 
> Ok, so far there are two known new bugs in 1.1.2 (funny, there are
> two patches too...).  The first is with rname being declared const
> then modified; fix should be just remove the const  and don't worry,
> since it will be different in 1.2 anyway.
> 
> The other is a problem with my patch for the indexing hole.  It denies
> access to all CGIs accessed with an extra path at the end, eg.
> 
> 	http://foobar/cgi-bin/thiscgi/parms/to/pass/it
> 
> As suggested by one of the people that reported the bug, I guess the
> best patch is the one below.  I don't like adding too many different
> cases, because that reduces portability, but I am opposed to saying
> "if it isn't ENOENT it must not exist at all".  Any better suggestions
> are welcome... I don't really like the idea of stripping multiple
> '/'s.

Why not? This solution is becoming increasingly diabolical. Stripping //s is
simple and effective. If you are worried about overhead, just scan for //
before stripping.

The problem was multiple slashes - the solution seems to have completely lost
sight of the problem.

Cheers,

Ben.

-- 
Ben Laurie                Phone: +44 (181) 994 6435  Email: ben@algroup.co.uk
Freelance Consultant and  Fax:   +44 (181) 994 6472
Technical Director        URL: http://www.algroup.co.uk/Apache-SSL
A.L. Digital Ltd,         Apache Group member (http://www.apache.org)
London, England.          Apache-SSL author

Mime
View raw message