You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2006/04/01 00:04:30 UTC
svn commit: r390518 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS
modules/mappers/mod_speling.c
Author: colm
Date: Fri Mar 31 14:04:25 2006
New Revision: 390518
URL: http://svn.apache.org/viewcvs?rev=390518&view=rev
Log:
Merge r385580 from 2.2.x:
* merge fix to mod_speling crash when r->filename is not set
Reviewed by: jerenkrantz, jim
Modified:
httpd/httpd/branches/2.0.x/CHANGES
httpd/httpd/branches/2.0.x/STATUS
httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c
Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Fri Mar 31 14:04:25 2006
@@ -1,6 +1,5 @@
-*- coding: utf-8 -*-
Changes with Apache 2.0.56
-
*) SECURITY: CVE-2005-3357 (cve.mitre.org)
mod_ssl: Fix a possible crash during access control checks if a
@@ -14,6 +13,9 @@
to avoid potential cross-site scripting. Change also made to
ap_escape_html so we escape quotes. Reported by JPCERT.
[Mark Cox]
+
+ *) mod_speling: Stop crashing with certain non-file requests.
+ [Jeff Trawick]
*) keep the Content-Length header for a HEAD with no response body.
PR 18757 [Greg Ames]
Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Mar 31 14:04:25 2006
@@ -112,9 +112,6 @@
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- *) mod_speling: Don't crash if r->filename is unset.
- http://svn.apache.org/viewcvs.cgi?rev=385580&view=rev
- +1: trawick, niq, colm
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ please place SVN revisions from trunk here, so it is easy to
Modified: httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c (original)
+++ httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c Fri Mar 31 14:04:25 2006
@@ -213,7 +213,12 @@
}
/* We've already got a file of some kind or another */
- if (r->proxyreq || (r->finfo.filetype != 0)) {
+ if (r->finfo.filetype != 0) {
+ return DECLINED;
+ }
+
+ /* Not a file request */
+ if (r->proxyreq || !r->filename) {
return DECLINED;
}