httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@mch.sni.de>
Subject [PATCH] fix PR mod_proxy/271 (in http_core.c!)
Date Sun, 20 Apr 1997 18:48:30 GMT
Hi,

A couple of weeks ago I described a proxy bug which has to to with
apache access control. When given a directive
  <Directory proxy:*>
   order allow,deny
   allow from all
   deny from some.guy
  </Directory>
then apache would block proxy access for host some.guy to URLs that ended
in a slash, but would happily serve URLs which didn't
(i.e. the majority of all requests).

Here's what I found out:

In create_core_dir_config(), an entry  conf->d = "proxy:*/"  is created
from the directive <Directory proxy:*>: 
   ...else conf->d = pstrcat (a, dir, "/", NULL);

This entry is the later compared in directory_walk() against the current
proxy request (which has the form "proxy:http://somehost/somepath").
This match fails unless the proxy request ends in a '/'.

Here's a patch which fixes the described bug.

--- #http_core.c~	Sun Apr 20 19:29:10 1997
+++ http_core.c	Sun Apr 20 19:29:10 1997
@@ -82,6 +82,7 @@
       (core_dir_config *)pcalloc(a, sizeof(core_dir_config));
   
     if (!dir || dir[strlen(dir) - 1] == '/') conf->d = dir;
+    else if (strncmp(dir,"proxy:",6)==0) conf->d = pstrdup (a, dir);
     else conf->d = pstrcat (a, dir, "/", NULL);
     conf->d_is_matchexp = conf->d ? is_matchexp( conf->d ) : 0;
 
I hope this is the right place to fix this. The test in directory_walk()
which tests the first character of the request for '/' is somehow unclear
to me....

    Martin
-- 
| S I E M E N S |  <Martin.Kraemer@mch.sni.de>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

Mime
View raw message