You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by jo...@apache.org on 2018/03/08 11:40:27 UTC

svn commit: r1826207 - /httpd/httpd/trunk/modules/aaa/mod_authz_host.c

Author: jorton
Date: Thu Mar  8 11:40:27 2018
New Revision: 1826207

URL: http://svn.apache.org/viewvc?rev=1826207&view=rev
Log:
* modules/aaa/mod_authz_host.c (host_check_authorization): Simplify
  comment stripping in "Require host"; log a warning if a comment is
  used in 'Require host', or an error if the expression is empty with
  the comment stripped. (Currently in 2.4, #comment part is parsed)

Modified:
    httpd/httpd/trunk/modules/aaa/mod_authz_host.c

Modified: httpd/httpd/trunk/modules/aaa/mod_authz_host.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_authz_host.c?rev=1826207&r1=1826206&r2=1826207&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/aaa/mod_authz_host.c (original)
+++ httpd/httpd/trunk/modules/aaa/mod_authz_host.c Thu Mar  8 11:40:27 2018
@@ -164,8 +164,7 @@ static authz_status host_check_authoriza
                                              const char *require_line,
                                              const void *parsed_require_line)
 {
-    const char *t;
-    char *w, *hash_ptr;
+    const char *t, *w;
     const char *remotehost = NULL;
     int remotehost_is_ip;
 
@@ -193,22 +192,31 @@ static authz_status host_check_authoriza
             host names to check rather than a single name.  This is different
             from the previous host based syntax. */
         t = require;
-        while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
-            /* '#' is not valid hostname character and admin could specify
-             * 'Require host localhost# Add example.com later'. We should not
-             * grant access to 'example.com' in that case. */
-            if ((hash_ptr = ap_strchr(w, '#'))) {
-                if (hash_ptr == w) {
-                    break;
-                }
-                *hash_ptr = '\0';
+
+        /* '#' is not a valid hostname character and admin could
+         * specify 'Require host localhost# Add example.com later'. We
+         * should not grant access to 'example.com' in that case. */
+        w = ap_strchr_c(t, '#');
+        if (w) {
+            if (w == t) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10120)
+                              "authz_host authorize: dubious empty "
+                              "'Require host %s' with only comment", t);
+                return AUTHZ_DENIED;
             }
+
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10121)
+                          "authz_host authorize: ignoring comment in "
+                          "'Require host %s'", t);
+
+            /* Truncate the string at the #. */
+            t = apr_pstrmemdup(r->pool, t, w - t);
+        }
+        
+        while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
             if (in_domain(w, remotehost)) {
                 return AUTHZ_GRANTED;
             }
-            if (hash_ptr) {
-                break;
-            }
         }
     }