Received: by taz.hyperreal.com (8.8.4/V2.0) id XAA14289;
 Fri, 31 Jan 1997 23:16:36 -0800 (PST)
Received: from scanner.worldgate.com by taz.hyperreal.com (8.8.4/V2.0) with
 ESMTP id XAA14284; Fri, 31 Jan 1997 23:16:32 -0800 (PST)
Received: from znep.com (uucp@localhost) by scanner.worldgate.com
 (8.7.5/8.7.3) with UUCP id AAA07528 for new-httpd@hyperreal.com;
 Sat, 1 Feb 1997 00:16:28 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3)
 with SMTP id AAA23408 for <new-httpd@hyperreal.com>;
 Sat, 1 Feb 1997 00:16:46 -0700 (MST)
Date: Sat, 1 Feb 1997 00:16:46 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
X-Sender: marcs@alive.ampr.ab.ca
To: new-httpd@hyperreal.com
Subject: [BUG] redirect of index file fails
Message-ID: <Pine.BSF.3.95.970201001142.20358O-100000@alive.ampr.ab.ca>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@hyperreal.com

If you use a:

	Redirect /index.html http://foobar/

and then do a:

	GET / HTTP/1.0

you get a SEGV from Apache.  A GET /index.html works (redirects)
fine.  The reason it core dumps is that escape_html doesn't check to be
sure it isn't passed a null pointer, and send_error_response does that
because the "Location" header isn't in r->headers_out at this point.  It
does appear to get added correctly earlier, but that could be some
subrequest that doesn't get copied back.

Anyone already looked at this?  The quick solution to the SEGV is to just
have escape_html check for a null pointer, but that doesn't fix the
problem.  I'm not overly familiar with this part of the code.