You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/10/15 15:10:17 UTC
DO NOT REPLY [Bug 23836] New: -
Malformed host headers causes mod_include to seg fault
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23836>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23836
Malformed host headers causes mod_include to seg fault
Summary: Malformed host headers causes mod_include to seg fault
Product: Apache httpd-2.0
Version: 2.0.47
Platform: All
OS/Version: Other
Status: NEW
Severity: Critical
Priority: Other
Component: mod_include
AssignedTo: bugs@httpd.apache.org
ReportedBy: bakins@web.turner.com
Config:
AddOutputFilterByType INCLUDES text/html text/plain
Send "/" in host header. Seg fault...
In function add_include_vars()
Quick fix:
--- mod_include.c.orig Tue Oct 14 13:54:43 2003
+++ mod_include.c Tue Oct 14 13:44:23 2003
@@ -3353,7 +3353,7 @@
include_server_config *sconf= ap_get_module_config(r->server->module_config,
&include_module);
- if (!(ap_allow_options(r) & OPT_INCLUDES)) {
+ if (!(ap_allow_options(r) & OPT_INCLUDES) || (r->status == HTTP_BAD_REQUEST)) {
return ap_pass_brigade(f->next, b);
}
Here's the backtrace:
#0 0x402558f3 in strrchr () from /lib/i686/libc.so.6
#1 0x08180000 in ?? ()
#2 0x4031595b in add_include_vars (r=0x817edf0, timefmt=0x4031d614 "%A,%d-%b-%Y
%H:%M:%S %Z") at mod_include.c:158
#3 0x4031c4fd in includes_filter (f=0x8180000, b=0x8180050) atmod_include.c:3399
#4 0x0807ebe3 in ap_pass_brigade (next=0x8180000, bb=0x8180050) atutil_filter.c:550
#5 0x08081dce in ap_old_write_filter (f=0x8180038, bb=0x8180050) atprotocol.c:1321
#6 0x0807ebe3 in ap_pass_brigade (next=0x8180038, bb=0x8180190) atutil_filter.c:550
#7 0x080814ae in end_output_stream (r=0x817edf0) at protocol.c:1039
#8 0x0808151b in ap_finalize_request_protocol (r=0x817edf0) atprotocol.c:1061
#9 0x080697e5 in ap_send_error_response (r=0x817edf0,recursive_error=0) at
http_protocol.c:2423
#10 0x08081050 in ap_read_request (conn=0x817ae50) at protocol.c:904
#11 0x080650eb in ap_process_http_connection (c=0x817ae50) athttp_core.c:286
#12 0x0807c1ef in ap_run_process_connection (c=0x817ae50) atconnection.c:85
#13 0x0807c5e6 in ap_process_connection (c=0x817ae50, csd=0x817ad70)
atconnection.c:211
#14 0x0806c819 in process_socket (p=0x817ad38, sock=0x817ad70,my_child_num=0,
my_thread_num=0, bucket_alloc=0x8132128) at worker.c:632
#15 0x0806d047 in worker_thread (thd=0x81082c0, dummy=0x80e1af0) atworker.c:947
#16 0x40111d60 in dummy_worker (opaque=0x81082c0) at thread.c:127
#17 0x40125c6f in pthread_start_thread (arg=0x407c7be0) at manager.c:279
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org