There is a problem with LimitExcept that causes Apache to enter an infinite
loop when a user tries to remove an extended method. I am not sure about
the status of the extended methods code in Apache, but this problem is easily
reproduce-able with the following configuration:
<Location />
<Limit FOO BAR>
order deny,allow
deny from all
</Limit>
</Location>
<Location /allowfooandbar>
<LimitExcept FOO BAR>
order deny,allow
allow from all
<LimitExcept>
</Location>
This causes Apache to enter a for loop where the exit condition will never
be met. A patch is attached.
A quick side question... Has anybody thought about reworking mod_access, etc,
to allow for extended methods? It looks to me like only methods that are
recognized by the server will work since bitmasks of r->method_num are used
everywhere.
Thanks,
-Ryan
? diff.out
Index: core.c
===================================================================
RCS file: /home/cvspublic/httpd-2.0/server/core.c,v
retrieving revision 1.3
diff -u -r1.3 core.c
--- core.c 2001/03/18 02:33:22 1.3
+++ core.c 2001/03/19 22:29:48
@@ -1479,7 +1479,7 @@
else if ((cmd->limited_xmethods != NULL)
&& (cmd->limited_xmethods->nelts != 0)) {
xmethod = (char **) cmd->limited_xmethods->elts;
- for (i = 0; i < cmd->limited_xmethods->nelts; ) {
+ for (i = 0; i < cmd->limited_xmethods->nelts; i++) {
if (strcmp(xmethod[i], method) == 0) {
for (j = i, k = i + 1;
k < cmd->limited_xmethods->nelts;
