coar 99/06/02 13:11:20
Modified: src CHANGES
src/main http_protocol.c
Log:
Trap (with an errorlog entry) malformed redirects from modules;
i.e., that fail to set a Location field.
Revision Changes Path
1.1366 +3 -2 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1365
retrieving revision 1.1366
diff -u -r1.1365 -r1.1366
--- CHANGES 1999/06/02 20:01:50 1.1365
+++ CHANGES 1999/06/02 20:11:16 1.1366
@@ -9,8 +9,9 @@
*) If a "Location" field was stored in r->err_headers_out rather
than r->headers_out, redirect processing wouldn't find it and
- the server would core dump on ap_escape_html(NULL).
- [Doug MacEachern, Ken Coar]
+ the server would core dump on ap_escape_html(NULL). Check both
+ tables and raise HTTP_INTERNAL_SERVER_ERROR with a log message
+ if Location isn't set. [Doug MacEachern, Ken Coar]
*) Add RULE_EXPAT, the src/lib/ directory structure, and a modified copy
of the Expat 1.0.2 distribution. [Greg Stein]
1.269 +20 -4 apache-1.3/src/main/http_protocol.c
Index: http_protocol.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v
retrieving revision 1.268
retrieving revision 1.269
diff -u -r1.268 -r1.269
--- http_protocol.c 1999/05/26 18:28:06 1.268
+++ http_protocol.c 1999/06/02 20:11:19 1.269
@@ -2367,9 +2367,24 @@
r->err_headers_out = tmp;
ap_clear_table(r->err_headers_out);
- if ((location != NULL) && *location
- && (ap_is_HTTP_REDIRECT(status) || status == HTTP_CREATED)) {
- ap_table_setn(r->headers_out, "Location", location);
+ if (ap_is_HTTP_REDIRECT(status) || (status == HTTP_CREATED)) {
+ if ((location != NULL) && *location) {
+ ap_table_setn(r->headers_out, "Location", location);
+ }
+ else {
+ /*
+ * We're supposed to tell the client to go somewhere,
+ * but the destination was omitted. Turn this into
+ * a 500 status with an explanatory note in the error log.
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+ "resource created or redirection requested "
+ "(status=%03d) but no Location field set "
+ "(URI=%s)",
+ r->status, r->unparsed_uri);
+ r->status = status = HTTP_INTERNAL_SERVER_ERROR;
+ r->status_line = NULL;
+ }
}
r->content_language = NULL;
@@ -2631,7 +2646,8 @@
&& (h1 = ap_table_get(r->notes, "verbose-error-to")) != NULL
&& (strcmp(h1, "*") == 0)) {
ap_rvputs(r, error_notes, "<P>\n", NULL);
- } else {
+ }
+ else {
ap_rvputs(r, "The server encountered an internal error or\n"
"misconfiguration and was unable to complete\n"
"your request.<P>\n"
