You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2006/04/01 00:04:30 UTC

svn commit: r390518 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/mappers/mod_speling.c

Author: colm
Date: Fri Mar 31 14:04:25 2006
New Revision: 390518

URL: http://svn.apache.org/viewcvs?rev=390518&view=rev
Log:
Merge r385580 from 2.2.x:

    * merge fix to mod_speling crash when r->filename is not set

Reviewed by: jerenkrantz, jim

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/CHANGES?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Fri Mar 31 14:04:25 2006
@@ -1,6 +1,5 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.56
-
     
   *) SECURITY: CVE-2005-3357 (cve.mitre.org)
      mod_ssl: Fix a possible crash during access control checks if a
@@ -14,6 +13,9 @@
      to avoid potential cross-site scripting.  Change also made to
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
+
+  *) mod_speling: Stop crashing with certain non-file requests.  
+     [Jeff Trawick]
 
   *) keep the Content-Length header for a HEAD with no response body.
      PR 18757 [Greg Ames]

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/STATUS?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Fri Mar 31 14:04:25 2006
@@ -112,9 +112,6 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    *) mod_speling: Don't crash if r->filename is unset.
-       http://svn.apache.org/viewcvs.cgi?rev=385580&view=rev
-       +1: trawick, niq, colm
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to

Modified: httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c?rev=390518&r1=390517&r2=390518&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c (original)
+++ httpd/httpd/branches/2.0.x/modules/mappers/mod_speling.c Fri Mar 31 14:04:25 2006
@@ -213,7 +213,12 @@
     }
 
     /* We've already got a file of some kind or another */
-    if (r->proxyreq || (r->finfo.filetype != 0)) {
+    if (r->finfo.filetype != 0) {
+        return DECLINED;
+    }
+
+    /* Not a file request */
+    if (r->proxyreq || !r->filename) {
         return DECLINED;
     }