httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Behlendorf <br...@organic.com>
Subject Re: [PATCH]: PR#748, mod_imap loop
Date Fri, 01 Aug 1997 03:53:44 GMT

I have tested this, and it appears to be quite fine.  I've committed it to
the 1.3 branch; I don't have a 1.2.2-dev branch out, so hopefully someone
can commit it to that.

	Brian

At 07:46 PM 7/26/97 -0700, Dean Gaudet wrote:
>On Sun, 20 Jul 1997, Brian Behlendorf wrote:
>
>> The following fixes a bug noted in PR#748, where a reference in a mapfile
>> to a file above the server root will cause an infinite loop.  I want one or
>> two sanity checks before this is implemented, but it certainly seemed to
>> fix the problem.  
>
>I don't think that's the correct fix.  The code right after that already
>tests the directory length.  It looks like directory == NULL is a
>possibility too.  This is how I think it should be fixed. I haven't tested
>this at all though. 
>
>Dean
>
>Index: mod_imap.c
>===================================================================
>RCS file: /export/home/cvs/apache/src/mod_imap.c,v
>retrieving revision 1.26
>diff -u -r1.26 mod_imap.c
>--- mod_imap.c	1997/07/27 01:43:25	1.26
>+++ mod_imap.c	1997/07/27 02:45:09
>@@ -475,6 +475,10 @@
> 	  }
> 
> 	  value += 2;      /* jump over the '..' that we found in the value */
>+      } else if (directory) {
>+	url[0] = '\0';
>+	log_reason("invalid directory name in map file", r->uri, r);
>+	return;
>       }
>       
>       if (! strncmp(value, "/../", 4) || ! strcmp(value, "/..") )
>
>
>
--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
"Why not?" - TL           brian@organic.com - hyperreal.org - apache.org

Mime
View raw message