httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Reser <...@reser.org>
Subject [PATCH PR55304] mod_dav: COPY should not validate the parent of request.
Date Wed, 24 Jul 2013 19:38:34 GMT
This patch fixes a regression created by the PR54610.  COPY does not
modify the parent of the source, so it should not be validating the
parent.  This issue actually disallows the ability to COPY the root of
a DAV repository since a properly implemented DAV provider will return
NULL and dav_method_copymove() will error on that.

We ran into this with Subversion, which actually revealed a security
issue with our implementation of get_parent_resource() since it failed
on the root.  But beyond that we realized we were not properly
returning NULL for some resources when the resource is the root and
thus has no parent.  If we fix this without this patch being made to
mod_dav then HTTP 2.2.25 and 2.4.6 will lose the ability to COPY the
root.

If someone can apply it that would be appreciated.  It's certainly
been looked at by several eyes over on the Subversion side.

Mime
View raw message