You are viewing a plain text version of this content. The canonical link for it is here.

Posted to cvs@httpd.apache.org by co...@apache.org on 2010/12/04 05:14:04 UTC

svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c

Author: covener
Date: Sat Dec  4 04:14:03 2010
New Revision: 1042098

URL: http://svn.apache.org/viewvc?rev=1042098&view=rev
Log:
core: Fail startup when the argument to ServerName looks like a glob
or a regular expression instead of a hostname (*?[]).  PR 39863 

Submitted By: Rahul Nair <rahul.g.nair gmail.com>
Reviewed By: covener


Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/core.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1042098&r1=1042097&r2=1042098&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Dec  4 04:14:03 2010
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.3.10
 
+  *) core: Fail startup when the argument to ServerName looks like a glob
+     or a regular expression instead of a hostname (*?[]).  PR 39863 
+     [Rahul Nair <rahul.g.nair gmail.com>]
+
   *) mod_userdir: Add merging of enable, disable, and filename arguments 
      to UserDir directive, leaving enable/disable of userlists unmerged. 
      PR 44076 [Eric Covener]

Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1042098&r1=1042097&r2=1042098&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Dec  4 04:14:03 2010
@@ -2354,6 +2354,15 @@ static const char *set_server_string_slo
     return NULL;
 }
 
+
+static const apr_status_t valid_hostname(const char* name)
+{
+    if (ap_strchr_c(name, '*') || ap_strchr_c(name, '?') || 
+        ap_strchr_c(name, '[') || ap_strchr_c(name, ']')) { 
+        return APR_EINVAL;
+    }
+    return APR_SUCCESS;
+}
 /*
  * The ServerName directive takes one argument with format
  * [scheme://]fully-qualified-domain-name[:port], for instance
@@ -2373,6 +2382,10 @@ static const char *server_hostname_port(
         return err;
     }
 
+    if (valid_hostname(arg) != APR_SUCCESS)
+        return apr_pstrcat(cmd->temp_pool, "Invalid ServerName \"", arg,
+                "\" use ServerAlias to set multiple server names.", NULL);
+
     part = ap_strstr_c(arg, "://");
 
     if (part) {

Re: svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c

Posted by Eric Covener <co...@gmail.com>.

> Why not use apr's apr_fnmatch_test instead?

thanks, got it in r1042157.

-- 
Eric Covener
covener@gmail.com

Re: svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c

Posted by Stefan Fritsch <sf...@sfritsch.de>.

On Saturday 04 December 2010, covener@apache.org wrote:
> Author: covener
> Date: Sat Dec  4 04:14:03 2010
> New Revision: 1042098
> 
> URL: http://svn.apache.org/viewvc?rev=1042098&view=rev
> Log:
> core: Fail startup when the argument to ServerName looks like a
> glob or a regular expression instead of a hostname (*?[]).  PR
> 39863
> 
> Submitted By: Rahul Nair <rahul.g.nair gmail.com>
> Reviewed By: covener
> 
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/server/core.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1042098
> &r1=1042097&r2=1042098&view=diff
> ==================================================================
> ============ --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sat Dec  4 04:14:03 2010
> @@ -2,6 +2,10 @@
> 
>  Changes with Apache 2.3.10
> 
> +  *) core: Fail startup when the argument to ServerName looks like
> a glob +     or a regular expression instead of a hostname (*?[]).
>  PR 39863 +     [Rahul Nair <rahul.g.nair gmail.com>]
> +
>    *) mod_userdir: Add merging of enable, disable, and filename
> arguments to UserDir directive, leaving enable/disable of
> userlists unmerged. PR 44076 [Eric Covener]
> 
> Modified: httpd/httpd/trunk/server/core.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1
> 042098&r1=1042097&r2=1042098&view=diff
> ==================================================================
> ============ --- httpd/httpd/trunk/server/core.c (original)
> +++ httpd/httpd/trunk/server/core.c Sat Dec  4 04:14:03 2010
> @@ -2354,6 +2354,15 @@ static const char *set_server_string_slo
>      return NULL;
>  }
> 
> +
> +static const apr_status_t valid_hostname(const char* name)
> +{
> +    if (ap_strchr_c(name, '*') || ap_strchr_c(name, '?') ||
> +        ap_strchr_c(name, '[') || ap_strchr_c(name, ']')) {
> +        return APR_EINVAL;
> +    }
> +    return APR_SUCCESS;
> +}

Why not use apr's apr_fnmatch_test instead?