httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ryan Bloom <...@covalent.net>
Subject Re: Gack! Weirdo DAV bug.
Date Fri, 16 Nov 2001 18:09:46 GMT
On Thursday 15 November 2001 10:00 pm, cmpilato@collab.net wrote:
> The presence of this set of directives throws a wrench into the works:
> >       <LimitExcept GET PROPFIND OPTIONS REPORT>
> >          require valid-user
> >       </LimitExcept>
>
> The code that parses this from the conf file sees "REPORT" as a
> request type, sez, "Hmm...I dunno what REPORT is, so just to be safe
> I'll dynamically register that method" [see core.c:ap_limit_section()]:
>
>         else if (methnum == M_INVALID) {
>             /* method has not been registered yet, but resorce restriction
>              * is always checked before method handling, so register it.
>              */
>             methnum = ap_method_register(cmd->pool, method);
>
> This results in the REPORT requests being assigned a request number
> that is NOT M_INVALID (in fact, in my specific instance it's M_INVALID
> + 1, which I suppose is the first of many slots for dynamically
> registered request types).
>
> So, we get down into mod_dav.c, in dav_handler(), and after a series
> of checks to see if the incoming request has a known request number,
> dav_handler() make a quick sanity check:
>
>     /*
>      * NOTE: When Apache moves creates defines for the add'l DAV methods,
>      *       then it will no longer use M_INVALID. This code must be
>      *       updated each time Apache adds method defines.
>      */
>     if (r->method_number != M_INVALID) {
> 	return DECLINED;
>     }
>
> It's this sanity check which is failing.  The REPORT request has a
> valid request number, but obviously not one that mod_dav could use --
> since the number is dynamically allotted, who's to say it will always
> be M_INVALID + 1.  I betcha I could modify the conf file in such a way
> that some other request type got that slot and REPORT got a different
> one.
>
> I'm not sure what the right fix is, having no real knowledge of
> httpd's internals.  The options that come to mind are:
>
> * Have the server NOT register the REPORT request type.
>
>    But this seems like a bad idea...I assume that code is there for a
>    reason, and the comment above it may be all the reason that's
>    needed.
>
> * Remove the sanity check from mod_dav.c
>
>    We *know* this works (that's how the code is on svn.collab.net
>    today), but it means that every unregistered request type coming
>    into mod_dav will suffer about 20 strcmp's.  That sucks.  But, I
>    can't think of anything else offhand to solve it.

Option 3.  :-)  We have APIs to allow you to check the dynamically registered
methods.

Ryan

______________________________________________________________
Ryan Bloom				rbb@apache.org
Covalent Technologies			rbb@covalent.net
--------------------------------------------------------------

Mime
View raw message