We encountered the following bug: httpd segfaulted due to a client emitting "Cache-Control: max-age=216000, max-stale" which is a perfectly valid header.
The segfault is caused by the fact that ap_cache_liststr() sets the value pointer to NULL when there is no value, and this isn't checked at all in the cases when a value pointer is passed.
I think that this patch catches all those occurances.I'm not proud of the solution for max-stale without value, but it should do the job...
In any case, this is a bug that should be fixed ASAP and queued for inclusion in httpd 2.2.5 since it segfaults your httpd even with valid headers...
/Nikke -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | [EMAIL PROTECTED] --------------------------------------------------------------------------- I am Yoda of Borg. Assimilated you will be, hmmm? =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
--- ../../../dist/modules/cache/cache_util.c 2006-10-13 01:11:33.000000000 +0200 +++ cache_util.c 2007-05-02 10:26:08.000000000 +0200 @@ -243,7 +243,8 @@ age = ap_cache_current_age(info, age_c, r->request_time); /* extract s-maxage */ - if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val)) { + if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "s-maxage", &val) + && val != NULL) { smaxage = apr_atoi64(val); } else { @@ -252,7 +253,8 @@ /* extract max-age from request */ if (!conf->ignorecachecontrol - && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val)) { + && cc_req && ap_cache_liststr(r->pool, cc_req, "max-age", &val) + && val != NULL) { maxage_req = apr_atoi64(val); } else { @@ -260,7 +262,8 @@ } /* extract max-age from response */ - if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val)) { + if (cc_cresp && ap_cache_liststr(r->pool, cc_cresp, "max-age", &val) + && val != NULL) { maxage_cresp = apr_atoi64(val); } else { @@ -282,7 +285,14 @@ /* extract max-stale */ if (cc_req && ap_cache_liststr(r->pool, cc_req, "max-stale", &val)) { - maxstale = apr_atoi64(val); + if(val != NULL) { + maxstale = apr_atoi64(val); + } + else { + /* If no value is assigned to max-stale, then the client is willing + * to accept a stale response of any age */ + maxstale = APR_INT64_C(0x7fffffffffffffff); /* No APR_INT64_MAX? */ + } } else { maxstale = 0; @@ -290,7 +300,8 @@ /* extract min-fresh */ if (!conf->ignorecachecontrol - && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val)) { + && cc_req && ap_cache_liststr(r->pool, cc_req, "min-fresh", &val) + && val != NULL) { minfresh = apr_atoi64(val); } else {