You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2010/12/04 05:14:04 UTC
svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c
Author: covener
Date: Sat Dec 4 04:14:03 2010
New Revision: 1042098
URL: http://svn.apache.org/viewvc?rev=1042098&view=rev
Log:
core: Fail startup when the argument to ServerName looks like a glob
or a regular expression instead of a hostname (*?[]). PR 39863
Submitted By: Rahul Nair <rahul.g.nair gmail.com>
Reviewed By: covener
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/server/core.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1042098&r1=1042097&r2=1042098&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sat Dec 4 04:14:03 2010
@@ -2,6 +2,10 @@
Changes with Apache 2.3.10
+ *) core: Fail startup when the argument to ServerName looks like a glob
+ or a regular expression instead of a hostname (*?[]). PR 39863
+ [Rahul Nair <rahul.g.nair gmail.com>]
+
*) mod_userdir: Add merging of enable, disable, and filename arguments
to UserDir directive, leaving enable/disable of userlists unmerged.
PR 44076 [Eric Covener]
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1042098&r1=1042097&r2=1042098&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sat Dec 4 04:14:03 2010
@@ -2354,6 +2354,15 @@ static const char *set_server_string_slo
return NULL;
}
+
+static const apr_status_t valid_hostname(const char* name)
+{
+ if (ap_strchr_c(name, '*') || ap_strchr_c(name, '?') ||
+ ap_strchr_c(name, '[') || ap_strchr_c(name, ']')) {
+ return APR_EINVAL;
+ }
+ return APR_SUCCESS;
+}
/*
* The ServerName directive takes one argument with format
* [scheme://]fully-qualified-domain-name[:port], for instance
@@ -2373,6 +2382,10 @@ static const char *server_hostname_port(
return err;
}
+ if (valid_hostname(arg) != APR_SUCCESS)
+ return apr_pstrcat(cmd->temp_pool, "Invalid ServerName \"", arg,
+ "\" use ServerAlias to set multiple server names.", NULL);
+
part = ap_strstr_c(arg, "://");
if (part) {
Re: svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c
Posted by Eric Covener <co...@gmail.com>.
> Why not use apr's apr_fnmatch_test instead?
thanks, got it in r1042157.
--
Eric Covener
covener@gmail.com
Re: svn commit: r1042098 - in /httpd/httpd/trunk: CHANGES server/core.c
Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Saturday 04 December 2010, covener@apache.org wrote:
> Author: covener
> Date: Sat Dec 4 04:14:03 2010
> New Revision: 1042098
>
> URL: http://svn.apache.org/viewvc?rev=1042098&view=rev
> Log:
> core: Fail startup when the argument to ServerName looks like a
> glob or a regular expression instead of a hostname (*?[]). PR
> 39863
>
> Submitted By: Rahul Nair <rahul.g.nair gmail.com>
> Reviewed By: covener
>
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/server/core.c
>
> Modified: httpd/httpd/trunk/CHANGES
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1042098
> &r1=1042097&r2=1042098&view=diff
> ==================================================================
> ============ --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Sat Dec 4 04:14:03 2010
> @@ -2,6 +2,10 @@
>
> Changes with Apache 2.3.10
>
> + *) core: Fail startup when the argument to ServerName looks like
> a glob + or a regular expression instead of a hostname (*?[]).
> PR 39863 + [Rahul Nair <rahul.g.nair gmail.com>]
> +
> *) mod_userdir: Add merging of enable, disable, and filename
> arguments to UserDir directive, leaving enable/disable of
> userlists unmerged. PR 44076 [Eric Covener]
>
> Modified: httpd/httpd/trunk/server/core.c
> URL:
> http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=1
> 042098&r1=1042097&r2=1042098&view=diff
> ==================================================================
> ============ --- httpd/httpd/trunk/server/core.c (original)
> +++ httpd/httpd/trunk/server/core.c Sat Dec 4 04:14:03 2010
> @@ -2354,6 +2354,15 @@ static const char *set_server_string_slo
> return NULL;
> }
>
> +
> +static const apr_status_t valid_hostname(const char* name)
> +{
> + if (ap_strchr_c(name, '*') || ap_strchr_c(name, '?') ||
> + ap_strchr_c(name, '[') || ap_strchr_c(name, ']')) {
> + return APR_EINVAL;
> + }
> + return APR_SUCCESS;
> +}
Why not use apr's apr_fnmatch_test instead?