You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Ryan Morgan <rm...@covalent.net> on 2001/03/20 00:01:49 UTC

[PATCH] Bug in

There is a problem with LimitExcept that causes Apache to enter an infinite 
loop when a user tries to remove an extended method.  I am not sure about
the status of the extended methods code in Apache, but this problem is easily
reproduce-able with the following configuration:

<Location />
   <Limit FOO BAR>
      order deny,allow
      deny from all
   </Limit>
</Location>
  
<Location /allowfooandbar>
   <LimitExcept FOO BAR>
      order deny,allow
      allow from all
   <LimitExcept>
</Location>

This causes Apache to enter a for loop where the exit condition will never
be met.  A patch is attached.

A quick side question... Has anybody thought about reworking mod_access, etc,
to allow for extended methods?  It looks to me like only methods that are
recognized by the server will work since bitmasks of r->method_num are used
everywhere.

Thanks,

-Ryan

Re: [PATCH] Bug in

Posted by Ryan Morgan <rm...@covalent.net>.

On Mon, Mar 19, 2001 at 11:07:19PM -0500, Rodent of Unusual Size wrote:
> Ryan Morgan wrote:
> > 
> > There is a problem with LimitExcept that causes Apache to enter
> > an infinite loop when a user tries to remove an extended method.
> > I am not sure about the status of the extended methods code in
> > Apache, but this problem is easily reproduce-able with the
> > following configuration:
> 
> This is 2.0, correct?
> 

Yep.

> > A quick side question... Has anybody thought about reworking
> > mod_access, etc, to allow for extended methods?
> 
> Yes.

[snip]

> 
> I started on this and got sidetracked.  Thanks for the
> reminder; I will try to get this stable this week!

Great!  I saw mention of this back in the archives, I was hoping
that it hadn't fallen off the table.

Thanks,

-Ryan

Re: [PATCH] Bug in

Posted by Rodent of Unusual Size <Ke...@Golux.Com>.

Ryan Morgan wrote:
> 
> There is a problem with LimitExcept that causes Apache to enter
> an infinite loop when a user tries to remove an extended method.
> I am not sure about the status of the extended methods code in
> Apache, but this problem is easily reproduce-able with the
> following configuration:

This is 2.0, correct?

> A quick side question... Has anybody thought about reworking
> mod_access, etc, to allow for extended methods?

Yes.

> It looks to me like only methods that are recognized by the
> server will work since bitmasks of r->method_num are used
> everywhere.

I started on this and got sidetracked.  Thanks for the
reminder; I will try to get this stable this week!
-- 
#ken    P-)}

Ken Coar                    <http://Golux.Com/coar/>
Apache Software Foundation  <http://www.apache.org/>
"Apache Server for Dummies" <http://Apache-Server.Com/>
"Apache Server Unleashed"   <http://ApacheUnleashed.Com/>

ApacheCon 2001!
Four tracks with over 70+ sessions. Free admission to exhibits
and special events - keynote presentations by John 'maddog' Hall
and David Brin. Special thanks to our Platinum Sponsors IBM and
Covalent, Gold Sponsor Thawte, and Silver Sponsor Compaq.  Attend
the only Apache event designed and fully supported by the members of
the ASF. See more information and register at <http://ApacheCon.Com/>!