httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <i...@apache.org>
Subject Re: [PATCH] fixes segfault in mod_cache (2.0.40)
Date Mon, 26 Aug 2002 16:42:16 GMT
Thanks Kris.

Keep them coming ;-)

Kris Verbeeck wrote:
> Hi,
> 
> Someone in our QA team tried the following test:
> 
> 	telnet <host> 80
> 	GET https://whatever.html HTTP/1.0
> 
> this resulted in a segfault for the child that handled the request.
> Agreed, this is not a normal HTTP request, but firing enough of them
> will surely DoS the server.
> 
> Our apache runs on Sparc/Solaris8 and 'httpd -l' gives:
> 
>   Compiled in modules:
>     core.c
>     mod_access.c
>     mod_cache.c
>     mod_disk_cache.c
>     mod_deflate.c
>     mod_jk.c
>     mod_log_config.c
>     mod_env.c
>     mod_setenvif.c
>     mod_ssl.c
>     prefork.c
>     http_core.c
>     mod_mime.c
>     mod_alias.c
> 
> Gdb told me that there was a null ppinter dereference in
> ap_cache_get_cache_type when it tried to compare the request's
> URL with the prefix from the configuration.
> 
> The patch will just return NULL when the URL is NULL and results
> in no caching for that request (which seems reasonable since there
> ios no URL to cache).
> 
> ps: I don't know whether the actual fix of this problem should
> be in cache_util.c or somewhere in the URI parsing routines.
> 
> 
> 
> ------------------------------------------------------------------------
> 
> --- httpd-2.0.40/modules/experimental/cache_util.c	Sun Jun 23 08:10:00 2002
> +++ httpd-2.0.40-PATCHED/modules/experimental/cache_util.c	Mon Aug 26 17:28:37 2002
> @@ -104,6 +104,12 @@
>      const char *type = NULL;
>      int i;
>  
> +    /* we can't cache if there's no URL
> +     * fixes segfault for 'GET https://whatever.html HTTP/1.0' request
> +     * on HTTP port (e.g. 80)
> +     */
> +    if (!url) return NULL;
> +
>      /* loop through all the cacheenable entries */
>      for (i = 0; i < conf->cacheenable->nelts; i++) {
>          struct cache_enable *ent = 



Mime
View raw message