httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dean gaudet <d...@arctic.org>
Subject Re: [PATCH] Re: apache-1.3.20 segfault?
Date Fri, 21 Sep 2001 03:48:53 GMT
yeah i considered that, but i don't think rr->filename can be NULL in
1.3... 'cause i don't think you can get rr->status == OK with a NULL
filename...

the only calls to ap_translate_name() which succeed are followed by
ap_directory_walk() which tests for a NULL filename and sets it to a copy
of the URI if it's NULL.  so after directory_walk() you can assume the
filename is not NULL.

dunno if that's still true in 2.0, haven't looked.

-dean

On Thu, 20 Sep 2001, Cliff Woolley wrote:

> On Thu, 20 Sep 2001 dean@arctic.org wrote:
>
> > this bug has probably been here forever... i can't imagine any way to
> > exploit it.
>
> Jeff fixed the same bug in 2.0 about a month ago.  His fix was very
> similar to yours, though it did one extra check.  Here's the commit
> message.
>
> --Cliff
>
> --------------------------------------------------------------
> trawick     01/08/22 05:07:40
>
>   Modified:    .        CHANGES
>                modules/filters mod_include.c
>   Log:
>   Fix a segfault in mod_include when the original request has no
>   associated filename (e.g., we're filtering the error document for
>   a bad URI).
>
>   Reported by: Joshua Slive
>
>   Revision  Changes    Path
> [snip]
>   1.126     +2 -2      httpd-2.0/modules/filters/mod_include.c
>
>   Index: mod_include.c
>   ===================================================================
>   RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
>   retrieving revision 1.125
>   retrieving revision 1.126
>   diff -u -r1.125 -r1.126
>   --- mod_include.c	2001/08/18 17:36:26	1.125
>   +++ mod_include.c	2001/08/22 12:07:40	1.126
>   @@ -832,8 +832,8 @@
>                        for (p = r; p != NULL && !founddupe; p = p->main) {
>        		    request_rec *q;
>        		    for (q = p; q != NULL; q = q->prev) {
>   -    			if ( (strcmp(q->filename, rr->filename) == 0) ||
>   -    			     (strcmp(q->uri, rr->uri) == 0) ){
>   +    			if ((q->filename && rr->filename &&
> (strcmp(q->filename, rr->filename) == 0)) ||
>   +                            (strcmp(q->uri, rr->uri) == 0)) {
>        			    founddupe = 1;
>        			    break;
>        			}
>
> --------------------------------------------------------------
>    Cliff Woolley
>    cliffwoolley@yahoo.com
>    Charlottesville, VA
>
>
>


Mime
View raw message