Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 18448 invoked by uid 6000); 30 Dec 1997 20:33:37 -0000
Received: (qmail 18440 invoked from network); 30 Dec 1997 20:33:35 -0000
Received: from scanner.worldgate.com (198.161.84.3)
  by taz.hyperreal.org with SMTP; 30 Dec 1997 20:33:35 -0000
Received: from znep.com (uucp@localhost)
	by scanner.worldgate.com (8.8.7/8.8.7) with UUCP id NAA14154
	for new-httpd@apache.org; Tue, 30 Dec 1997 13:33:34 -0700 (MST)
Received: from localhost (marcs@localhost) by alive.znep.com (8.7.5/8.7.3)
 with SMTP id NAA29196 for <new-httpd@apache.org>;
 Tue, 30 Dec 1997 13:32:51 -0700 (MST)
Date: Tue, 30 Dec 1997 13:32:50 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: TLOSAP <new-httpd@apache.org>
Subject: Re: Apache DoS attack? (fwd)
Message-ID: <Pine.BSF.3.95.971230133203.2417W-100000@alive.znep.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

My posts are showing up on bugtraq within 10 minutes and making it back to
me within 30... since people are mailing me asking for the patch since
they haven't seen it, I reposted just the 1.2 one.

Sigh.

---------- Forwarded message ----------
Date: Tue, 30 Dec 1997 13:30:56 -0700 (MST)
From: Marc Slemko <marcs@znep.com>
To: BUGTRAQ@NETSPACE.ORG
Subject: Re: Apache DoS attack?

On Tue, 30 Dec 1997, Marc Slemko wrote:

[...]

> Please see the patch Dean Gaudet has posted to bugtraq for the solution.

Since people are telling me that Dean's post has not made it yet and
asking for the patch, and I don't see it here yet, I am reposting his
patch for 1.2.  A similar thing applies to 1.3. 

This patch has been applied to the Apache CVS tree and will be available
in a new release at some point in the reasonably near future. 

Index: src/util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.52.2.2
diff -u -r1.52.2.2 util.c
--- util.c	1997/06/27 01:47:47	1.52.2.2
+++ util.c	1997/12/30 18:09:15
@@ -328,14 +328,22 @@
     }
 } 
 
-void no2slash(char *name) {
-    register int x,y;
+void no2slash(char *name)
+{
+    char *d, *s;
 
-    for(x=0; name[x];)
-        if(x && (name[x-1] == '/') && (name[x] == '/'))
-            for(y=x+1;name[y-1];y++)
-                name[y-1] = name[y];
-	else x++;
+    s = d = name;
+    while (*s) {
+        if ((*d++ = *s) == '/') {
+            do {
+                ++s;
+            } while (*s == '/');
+        }
+        else {
+            ++s;
+        }
+    }
+    *d = '\0';
 }
 
 char *make_dirstr(pool *p, const char *s, int n) {