httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Trawick <traw...@gmail.com>
Subject Re: [concept PATCH] CVE-2009-1195 tweaks to provide binary compatibility for stable branches
Date Fri, 22 May 2009 21:43:00 GMT
On Fri, May 22, 2009 at 5:12 PM, Jeff Trawick <trawick@gmail.com> wrote:

> (untested)


These references to OPT_ALL should be OPT_PVT_ALL.

./server/config.c:    parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/config.c:    parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/config.c:    parms.override_opts = OPT_ALL | OPT_SYM_OWNER |
OPT_MULTI;
./server/core.c:    conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
./server/core.c:    conf->override_opts = OPT_UNSET | OPT_ALL |
OPT_SYM_OWNER | OPT_MULTI;
./server/core.c:            opt = OPT_ALL;
./server/core.c:                d->override_opts = OPT_ALL;
./server/core.c:            opt = OPT_ALL;

Taking it slowly...

Change all occurrences of OPT_INCLUDES, OPT_INC_WITH_EXEC, and OPT_ALL to
OPT_PVT_versions of same.

Move OPT_PVT_ definitions inside CORE_PRIVATE.

Provide old OPT_INCLUDES, OPT_INCNOEXEC, and OPT_ALL outside of CORE_PRIVATE
for callers of ap_allow_options() to use.

Revert the change to mod_include so that it uses the old flags when checking
the result of ap_allow_options().

The old flags are available at compile time and will be returned from
ap_allow_options().

Mime
View raw message