You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by André Malo <nd...@perlig.de> on 2005/10/15 21:00:47 UTC

Re: svn commit: r321449 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_file.c mod_mbox_index.c

* pquerna@apache.org wrote:

>
> -	if (r->header_only)
> -	    status = OK;
> +	if (r->header_only) {
> +	    return OK;
> +        }

Actually I think, any code that checks for header_only is wrong. The core 
will take care of it. Not treating HEAD requests special ensures, that the 
RFC is fullfilled (HEAD == GET but without a body, in particular the 
headers remain the same).

nd
-- 
sub the($){+shift} sub answer (){ord q
        [* It is always 42! *]       }
           print the answer
# André Malo # http://pub.perlig.de/ #

Re: svn commit: r321449 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_file.c mod_mbox_index.c

Posted by Paul Querna <ch...@force-elite.com>.

Justin Erenkrantz wrote:
> On Sat, Oct 15, 2005 at 12:08:15PM -0700, Paul Querna wrote:
>> Except when we get a HEAD request, r->path_info is filled with bogus 
>> data, which causes mod_mbox to crash way deep inside itself.
> 
> Why isn't r->path_info filled out correctly?
> 
> If the request's path_info itself is bogus, that should be rejected
> outright by mod_mbox regardless of the method.  -- justin
(gdb) where
#0  get_base_uri (r=0x60000000001eb598) at mod_mbox.c:197
#1  0x2000000001007a10 in get_base_path (r=0x60000000001eb598)
     at mod_mbox.c:178
#2  0x200000000100cfa0 in mbox_static_message (r=0x60000000001eb420,
     f=0x600000000020ac60) at mod_mbox_out.c:1103
#3  0x2000000001008ca0 in mbox_file_handler (r=0x60000000001eb420)
     at mod_mbox_file.c:231
#4  0x4000000000035f90 in ap_run_handler (r=0x60000000001eb420) at 
config.c:153
....

(gdb) f 0
#0  get_base_uri (r=0x60000000001eb598) at mod_mbox.c:197

(gdb) l
192     {
193         char *baseURI, *temp;
194
195         baseURI = apr_pstrdup(r->pool, r->uri);
196         temp = strstr(baseURI, r->path_info);
197         if (temp) {
198             *temp = '\0';
199         }
200         return baseURI;
201     }
(gdb) p r->path_info
$5 = 0x6000000000000019 <Address 0x6000000000000019 out of bounds> 

(gdb) p r->header_only
$6 = 1


Feel free to look at it on ajax:
gdb /usr/local/apache2-install/www.apache.org/current/bin/httpd 
core.13385

-Paul

Re: svn commit: r321449 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_file.c mod_mbox_index.c

Posted by Justin Erenkrantz <ju...@erenkrantz.com>.

On Sat, Oct 15, 2005 at 12:08:15PM -0700, Paul Querna wrote:
> Except when we get a HEAD request, r->path_info is filled with bogus 
> data, which causes mod_mbox to crash way deep inside itself.

Why isn't r->path_info filled out correctly?

If the request's path_info itself is bogus, that should be rejected
outright by mod_mbox regardless of the method.  -- justin

Re: svn commit: r321449 - in /httpd/mod_mbox/trunk/module-2.0: mod_mbox_file.c mod_mbox_index.c

Posted by Paul Querna <ch...@force-elite.com>.

André Malo wrote:
> * pquerna@apache.org wrote:
> 
>> -	if (r->header_only)
>> -	    status = OK;
>> +	if (r->header_only) {
>> +	    return OK;
>> +        }
> 
> Actually I think, any code that checks for header_only is wrong. The core 
> will take care of it. Not treating HEAD requests special ensures, that the 
> RFC is fullfilled (HEAD == GET but without a body, in particular the 
> headers remain the same).

Except when we get a HEAD request, r->path_info is filled with bogus 
data, which causes mod_mbox to crash way deep inside itself.

-Paul