>Number: 3998
>Category: mod_mime
>Synopsis: DirectoryMatch/LocationMatch fail when used with SetHandler &
>Action
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Mar 4 15:10:03 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.3
>Environment:
Linux 2.0.33
Linux 2.0.36
gcc 2.7.2.1
gcc 2.7.2.2
>Description:
When I try to access one of the files in a directory matched by the block
below, Apache spins off into an infinite loop until it consumes all of the
memory on the machine (it consumed 128mb once before we caught it). I've had
the same problem on 2 machines (although one was running Stronghold 2.4 the
other Apache 1.3.3).
Note that this result only occurs when using a <DirectoryMatch>,
<LocationMatch>, <Directory ~ >, or <Location ~>. It does not occur when using
a straight <Directory> or <Location> or .htaccess file.
Running strace while it is churning produces a loop with lines like the
following:
stat("/usr/local/apache/share/htdocs/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/t
mj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-
auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth
444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444
.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi
/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/t
mj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-a
uth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth4
44.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.c
gi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z
/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj
-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-aut
h444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/tmj-auth444
.cgi/z/tmj-auth444.cgi/z/tmj-auth444.cgi/z/t", 0x8448244) = -1 ENOTDIR (Not
a directory)
The CGI script is a simple perl script:
#!/usr/local/bin/perl
print "Content-type: text/plain\n\n";
print "authentication cgi hello.";
Here is what Apache's configuration looks like:
<DirectoryMatch "one">
SetHandler tmj-auth
Action tmj-auth /z/tmj-auth444.cgi
</DirectoryMatch>
Likewise, this fails when using:
<Directory ~ "/one/">
</Directory>
or
<Location ~ "/one/">
</Location>
The URLs that I tested look like this:
http://machinename/one/contents/two/z.html
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
