httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cliff Woolley <cliffwool...@yahoo.com>
Subject Re: [PATCH] Re: apache-1.3.20 segfault?
Date Fri, 21 Sep 2001 03:01:32 GMT
On Thu, 20 Sep 2001 dean@arctic.org wrote:

> this bug has probably been here forever... i can't imagine any way to
> exploit it.

Jeff fixed the same bug in 2.0 about a month ago.  His fix was very
similar to yours, though it did one extra check.  Here's the commit
message.

--Cliff

--------------------------------------------------------------
trawick     01/08/22 05:07:40

  Modified:    .        CHANGES
               modules/filters mod_include.c
  Log:
  Fix a segfault in mod_include when the original request has no
  associated filename (e.g., we're filtering the error document for
  a bad URI).

  Reported by: Joshua Slive

  Revision  Changes    Path
[snip]
  1.126     +2 -2      httpd-2.0/modules/filters/mod_include.c

  Index: mod_include.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
  retrieving revision 1.125
  retrieving revision 1.126
  diff -u -r1.125 -r1.126
  --- mod_include.c	2001/08/18 17:36:26	1.125
  +++ mod_include.c	2001/08/22 12:07:40	1.126
  @@ -832,8 +832,8 @@
                       for (p = r; p != NULL && !founddupe; p = p->main) {
       		    request_rec *q;
       		    for (q = p; q != NULL; q = q->prev) {
  -    			if ( (strcmp(q->filename, rr->filename) == 0) ||
  -    			     (strcmp(q->uri, rr->uri) == 0) ){
  +    			if ((q->filename && rr->filename &&
(strcmp(q->filename, rr->filename) == 0)) ||
  +                            (strcmp(q->uri, rr->uri) == 0)) {
       			    founddupe = 1;
       			    break;
       			}

--------------------------------------------------------------
   Cliff Woolley
   cliffwoolley@yahoo.com
   Charlottesville, VA



Mime
View raw message