You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by ma...@apache.org on 2002/05/29 19:39:24 UTC

cvs commit: apache-1.3/src/modules/standard mod_rewrite.c

martin      02/05/29 10:39:23

  Modified:    src      CHANGES
               src/modules/standard mod_rewrite.c
  Log:
  Fix a problem in mod_rewrite which would lead to 400 Bad Request
  responses for rewriting rules which resulted in a local path.
  
  Revision  Changes    Path
  1.1823    +4 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1822
  retrieving revision 1.1823
  diff -u -r1.1822 -r1.1823
  --- CHANGES	21 May 2002 13:03:55 -0000	1.1822
  +++ CHANGES	29 May 2002 17:39:22 -0000	1.1823
  @@ -1,5 +1,9 @@
   Changes with Apache 1.3.25
   
  +  *) Fix a problem in mod_rewrite which would lead to 400 Bad Request
  +     responses for rewriting rules which resulted in a local path.
  +     [Martin Kraemer]
  +
     *) Disallow anything but whitespace on the request line after the
        HTTP/x.y protocol string. That prevents arbitrary user input
        from ending up in the access_log and error_log. Also, special
  
  
  
  1.177     +2 -2      apache-1.3/src/modules/standard/mod_rewrite.c
  
  Index: mod_rewrite.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_rewrite.c,v
  retrieving revision 1.176
  retrieving revision 1.177
  diff -u -r1.176 -r1.177
  --- mod_rewrite.c	22 Apr 2002 17:06:35 -0000	1.176
  +++ mod_rewrite.c	29 May 2002 17:39:23 -0000	1.177
  @@ -1220,7 +1220,7 @@
               rewritelog(r, 2, "local path result: %s", r->filename);
   
               /* the filename has to start with a slash! */
  -            if (ap_os_is_path_absolute(r->filename)) {
  +            if (!ap_os_is_path_absolute(r->filename)) {
                   return BAD_REQUEST;
               }
   
  @@ -1505,7 +1505,7 @@
               }
   
               /* the filename has to start with a slash! */
  -            if (ap_os_is_path_absolute(r->filename)) {
  +            if (!ap_os_is_path_absolute(r->filename)) {
                   return BAD_REQUEST;
               }

Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c

Posted by Cliff Woolley <jw...@virginia.edu>.

On Wed, 29 May 2002, Martin Kraemer wrote:

> In 2.0, they were correct since 21-Oct-01 already.
>
> Although this was a hasty 1.3.25 commit, I think I did the Right Thing.

+1 ... you might want to have a **warning** in the CHANGES entry since
this could break old (incorrect) configs that worked by magic before.
Typically it should be because a rule that was missing the [PT] flag
magically worked before.

--Cliff

Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c

Posted by Martin Kraemer <Ma...@Fujitsu-Siemens.com>.

On Wed, May 29, 2002 at 05:39:24PM -0000, martin@apache.org wrote:
>   Fix a problem in mod_rewrite which would lead to 400 Bad Request
>   responses for rewriting rules which resulted in a local path.
>
>   diff -u -r1.176 -r1.177

I hand-checked the other changes that had sneaked into rev 1.176; only
the two invocations of ap_os_is_path_absolute() were incorrect.

In 2.0, they were correct since 21-Oct-01 already.

Although this was a hasty 1.3.25 commit, I think I did the Right Thing.

   Martin
-- 
<Ma...@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c

Posted by Cliff Woolley <jw...@virginia.edu>.

On 29 May 2002 martin@apache.org wrote:

> martin      02/05/29 10:39:23
>
>   Modified:    src      CHANGES
>                src/modules/standard mod_rewrite.c
>   Log:
>   Fix a problem in mod_rewrite which would lead to 400 Bad Request
>   responses for rewriting rules which resulted in a local path.
>

AHA!!!  That would explain why I just yesterday had to close a bug report
on 2.0 which complained about some (invalid) config that "worked" under
1.3 causing 400's under 2.0.  I didn't understand how it could have ever
worked under 1.3, but I didn't actually go look.  Having that conditional
backwards in 1.3 would definitely explain it.  :))

Good catch.

--Cliff

Re: cvs commit: apache-1.3/src/modules/standard mod_rewrite.c

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

>martin      02/05/29 10:39:23
>
>   Modified:    src      CHANGES
>                src/modules/standard mod_rewrite.c
>   Log:
>   Fix a problem in mod_rewrite which would lead to 400 Bad Request
>   responses for rewriting rules which resulted in a local path.

It seems I did in fact transpose the tests... good call and thank you
for your good eyes in resolving this bug.

Bill