httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@Fujitsu-Siemens.com>
Subject Re: [SECURITY] Apache-1.3.18
Date Fri, 09 Feb 2001 10:11:42 GMT
On Fri, Feb 09, 2001 at 09:45:35AM +0100, Martin Kraemer wrote:
> 
> And guess what: The error is still there!!!!!
> And I could reproduce it on both FreeBSD-4.2 and BS2000/SVR4.

Here is part 1 of a fix. It makes sure that when the OS returns that
the maximum path length was exceeded, then we no longer handle this
case just like as if no file was found. There is a huge difference
between the two cases.

The second part of a fix will be in mod_negotiation or mod_dir
(if all variants have a 403 subrequest status, I still see a directory
listing). I'm busy on that one.

   Martin
-- 
<Martin.Kraemer@Fujitsu-Siemens.com>    |       Fujitsu Siemens
       <martin@apache.org>              |   81730  Munich,  Germany

Mime
View raw message