>Number: 3821 >Category: mod_access >Synopsis: check_dir_access(), reads a->order[31] (M_INVALID) where >order is defined as 15 ints. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Wed Feb 3 09:30:01 PST 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.4 (win32) >Environment: apache 1.3.4 win32 download - working in MS VisualC++/Devstudio >Description: This hasn't caused me any problems, but I just noticed something I think looks fishy.
order array is defined to be METHODS long (15), yet when we come into check_dir_access for an M_INVALID (31) request, we're reading memory we're not supposed to. This problem might give access voilation errors if not for our memory pools, and such. I doubt it's a security problem, but access permissions seem to be "random" for M_INVALID. >How-To-Repeat: it's in the code. >Fix: check for M_INVALID in check_dir_access. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
