You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/10/15 15:10:17 UTC

DO NOT REPLY [Bug 23836] New: - Malformed host headers causes mod_include to seg fault

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23836>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23836

Malformed host headers causes mod_include to seg fault

           Summary: Malformed host headers causes mod_include to seg fault
           Product: Apache httpd-2.0
           Version: 2.0.47
          Platform: All
        OS/Version: Other
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: mod_include
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: bakins@web.turner.com


Config: 
AddOutputFilterByType INCLUDES text/html text/plain

Send "/" in host header.  Seg fault...

In function add_include_vars()

Quick fix: 

--- mod_include.c.orig	Tue Oct 14 13:54:43 2003
+++ mod_include.c	Tue Oct 14 13:44:23 2003
@@ -3353,7 +3353,7 @@
     include_server_config *sconf= ap_get_module_config(r->server->module_config,
                                                               &include_module);
 
-    if (!(ap_allow_options(r) & OPT_INCLUDES)) {
+    if (!(ap_allow_options(r) & OPT_INCLUDES) || (r->status == HTTP_BAD_REQUEST)) {
         return ap_pass_brigade(f->next, b);
     }
 


Here's the backtrace:
#0  0x402558f3 in strrchr () from /lib/i686/libc.so.6
#1  0x08180000 in ?? ()
#2  0x4031595b in add_include_vars (r=0x817edf0, timefmt=0x4031d614 "%A,%d-%b-%Y
%H:%M:%S %Z") at mod_include.c:158
#3  0x4031c4fd in includes_filter (f=0x8180000, b=0x8180050) atmod_include.c:3399
#4  0x0807ebe3 in ap_pass_brigade (next=0x8180000, bb=0x8180050) atutil_filter.c:550
#5  0x08081dce in ap_old_write_filter (f=0x8180038, bb=0x8180050) atprotocol.c:1321
#6  0x0807ebe3 in ap_pass_brigade (next=0x8180038, bb=0x8180190) atutil_filter.c:550
#7  0x080814ae in end_output_stream (r=0x817edf0) at protocol.c:1039
#8  0x0808151b in ap_finalize_request_protocol (r=0x817edf0) atprotocol.c:1061
#9  0x080697e5 in ap_send_error_response (r=0x817edf0,recursive_error=0) at
http_protocol.c:2423
#10 0x08081050 in ap_read_request (conn=0x817ae50) at protocol.c:904
#11 0x080650eb in ap_process_http_connection (c=0x817ae50) athttp_core.c:286
#12 0x0807c1ef in ap_run_process_connection (c=0x817ae50) atconnection.c:85
#13 0x0807c5e6 in ap_process_connection (c=0x817ae50, csd=0x817ad70)
atconnection.c:211
#14 0x0806c819 in process_socket (p=0x817ad38, sock=0x817ad70,my_child_num=0,
my_thread_num=0,    bucket_alloc=0x8132128) at worker.c:632
#15 0x0806d047 in worker_thread (thd=0x81082c0, dummy=0x80e1af0) atworker.c:947
#16 0x40111d60 in dummy_worker (opaque=0x81082c0) at thread.c:127
#17 0x40125c6f in pthread_start_thread (arg=0x407c7be0) at manager.c:279

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org