On Thu, 20 Sep 2001 [EMAIL PROTECTED] wrote:
> this bug has probably been here forever... i can't imagine any way to
> exploit it.
Jeff fixed the same bug in 2.0 about a month ago. His fix was very
similar to yours, though it did one extra check. Here's the commit
message.
--Cliff
--------------------------------------------------------------
trawick 01/08/22 05:07:40
Modified: . CHANGES
modules/filters mod_include.c
Log:
Fix a segfault in mod_include when the original request has no
associated filename (e.g., we're filtering the error document for
a bad URI).
Reported by: Joshua Slive
Revision Changes Path
[snip]
1.126 +2 -2 httpd-2.0/modules/filters/mod_include.c
Index: mod_include.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
retrieving revision 1.125
retrieving revision 1.126
diff -u -r1.125 -r1.126
--- mod_include.c 2001/08/18 17:36:26 1.125
+++ mod_include.c 2001/08/22 12:07:40 1.126
@@ -832,8 +832,8 @@
for (p = r; p != NULL && !founddupe; p = p->main) {
request_rec *q;
for (q = p; q != NULL; q = q->prev) {
- if ( (strcmp(q->filename, rr->filename) == 0) ||
- (strcmp(q->uri, rr->uri) == 0) ){
+ if ((q->filename && rr->filename &&
(strcmp(q->filename, rr->filename) == 0)) ||
+ (strcmp(q->uri, rr->uri) == 0)) {
founddupe = 1;
break;
}
--------------------------------------------------------------
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA
