httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] mod_imap and infinite loops
Date Sun, 16 Feb 1997 02:00:32 GMT
+1

On Sat, 15 Feb 1997, Marc Slemko wrote:

> Ok, does anyone have any problems with this patch?  It makes the server
> abort and give an error and log an error message if it encounters a 
> case that currently throws us into an infinite loop.  Note that this
> does NOT cause any currently working directives to stop working.
> 
> The correct behavior requires far more effort and thought to
> backwards compatibility to implement, and I don't think it is worth
> spending time on right now.
> 
> Index: mod_imap.c
> ===================================================================
> RCS file: /export/home/cvs/apache/src/mod_imap.c,v
> retrieving revision 1.17
> diff -c -r1.17 mod_imap.c
> *** mod_imap.c	1997/01/27 00:16:18	1.17
> --- mod_imap.c	1997/02/16 00:14:34
> ***************
> *** 424,429 ****
> --- 424,434 ----
>   
>     strncpy(my_base, base, sizeof(my_base)-1);  /* must be a relative URL to be combined
with base */
>     my_base[sizeof(my_base)-1] = '\0';
> +   if (strchr(my_base, '/') == NULL && (!strncmp(value, "../", 3) || !strcmp(value,
"..")) ) {
> +     url[0] = '\0';
> +     log_reason("invalid base directive in map file", r->uri, r);
> +     return;
> +   }
>     string_pos = my_base; 
>     while (*string_pos) {  
>       if (*string_pos == '/' && *(string_pos+1) == '/') {
> 
> 


Mime
View raw message