gregames 2003/03/03 11:20:58
Modified: specweb99/specweb99-2.0 mod_specweb99.c
Log:
fix seg fault when a POST request is received with no cookie but with
mod_specweb99's URI. This request is not from the SPECweb99 client.
In my case, it came from an IBM internal security scan which detected
I had port 80 open, then tried to do all kinds of nasty stuff to the
web server. I'm pleased to report that there were no problems found
other than this one.
Revision Changes Path
1.26 +15 -3 httpd-test/specweb99/specweb99-2.0/mod_specweb99.c
Index: mod_specweb99.c
===================================================================
RCS file: /home/cvs/httpd-test/specweb99/specweb99-2.0/mod_specweb99.c,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- mod_specweb99.c 27 Feb 2003 22:12:35 -0000 1.25
+++ mod_specweb99.c 3 Mar 2003 19:20:58 -0000 1.26
@@ -1248,10 +1248,22 @@
}
return do_post(r, user_id, cur_time);
}
- if (!strncmp(r->args, "command/", 8)) {
- return do_housekeeping(r);
+ if (r->args) {
+ if (!strncmp(r->args, "command/", 8)) {
+ return do_housekeeping(r);
+ }
+ return do_standard_get(r);
+ }
+ else {
+ /* no cookie, no args, but it's our URI, uh oh...
+ * this isn't coming from the SPECweb99 client!
+ */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "probable non-SPECweb99 request received:"
+ " %s for URI %s with no cookie and no args",
+ r->method, r->uri);
+ return DECLINED;
}
- return do_standard_get(r);
} /* specweb99_quick_handler */
static void register_hooks(apr_pool_t * p)
