www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fred Romelfanger <f...@stsci.edu>
Subject mod_access/3429: minor access problem by ip address with apache 1.3.3 compiled LP64 under Solaris 7
Date Fri, 20 Nov 1998 15:25:16 GMT

>Number:         3429
>Category:       mod_access
>Synopsis:       minor access problem by ip address with apache 1.3.3 compiled LP64 under
Solaris 7
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Fri Nov 20 07:30:02 PST 1998
>Last-Modified:
>Originator:     fred@stsci.edu
>Organization:
apache
>Release:        1.3.3
>Environment:
64bit Solaris 7, Developer release of SC5.0, compiled with -xarch=v9
SunOS hoth 5.7 Generic sun4u sparc SUNW,Ultra-30
>Description:
I am using the following .htaccess file:
<Limit GET POST>
    order deny,allow
    deny from all
    allow from 130.167
    allow from 127.0.0.1
</Limit>

The line "allow from 130.167" was not allowing access from that network range.
I found that I was getting sign extension from int to long when using 64bit
longs under Solaris 7 (-xarch=v9) on the following line in mod_access.c:

            a->x.ip.net |= octet << shift;

I fixed the problem by replacing this line with:
            a->x.ip.net |= ((unsigned int)octet) << shift;

Also the problem is not corrected by call to ntohl in LP64 mode in Solaris 7
since it does not force the return value to be uint32_t (Sun SO #3676781).
>How-To-Repeat:
Compile apache under 64bit Solaris 7 with the development version of SC5.0 and
use the -xarch=v9 flag during compilation/link to generate a 64bit executable.
>Fix:
See above.  Also you can get around the problem by including a netmask in the
.htaccess file.
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <apbugs@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]




Mime
View raw message