httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@worldgate.com>
Subject Re: [PATCH]: PR#748, mod_imap loop
Date Mon, 21 Jul 1997 06:31:15 GMT
While I haven't looked so I can't comment on the patch for now, let me
just say:

	Hah!  You used tabs.

Hmm.  You know, if everything were de-tabbed you could use cool features
of CVS to have it automatically run committed files through expand.  Too
bad I don't think that feature works. 

...and that mod_imap now only has 502 other infinite loops left.  Sigh.

On Sun, 20 Jul 1997, Brian Behlendorf wrote:

> 
> The following fixes a bug noted in PR#748, where a reference in a mapfile
> to a file above the server root will cause an infinite loop.  I want one or
> two sanity checks before this is implemented, but it certainly seemed to
> fix the problem.  
> 
> 	Brian 
> 
> 
> Index: mod_imap.c
> ===================================================================
> RCS file: /export/home/cvs/apache/src/mod_imap.c,v
> retrieving revision 1.25
> diff -C3 -r1.25 mod_imap.c
> *** mod_imap.c	1997/07/19 09:48:04	1.25
> --- mod_imap.c	1997/07/21 05:40:12
> ***************
> *** 456,461 ****
> --- 456,467 ----
>   
>     while ( ! strncmp(value, "../", 3) || ! strcmp(value, "..") ) { 
>   
> +       if ( ! strncmp(value, "../", 3) && ! strlen(directory)) {
> + 	url[0] = '\0';
> + 	log_reason("invalid directory name in map file", r->uri, r);
> + 	return;
> +       }
> + 
>         if (directory && (slen = strlen (directory))) {
>   
>   	  /* for each '..',  knock a directory off the end 
> 
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> "Why not?" - TL           brian@organic.com - hyperreal.org - apache.org
> 


Mime
View raw message