You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2009/10/23 21:27:41 UTC

svn commit: r829185 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

Author: sf
Date: Fri Oct 23 19:27:32 2009
New Revision: 829185

URL: http://svn.apache.org/viewvc?rev=829185&view=rev
Log:
Only parse cache size in parens at the end of the string. Fixes SSLSessionCache
directive mis-parsing parens in pathname.

PR: 47945

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=829185&r1=829184&r2=829185&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct 23 19:27:32 2009
@@ -10,6 +10,10 @@
      mod_proxy_ftp: NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 
+  *) mod_socache_shmcb: Only parse cache size in parens at the end of the
+     string. Fixes SSLSessionCache directive mis-parsing parens in pathname.
+     PR 47945. [Stefan Fritsch]
+
   *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
 
   *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]

Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829185&r1=829184&r2=829185&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
+++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Fri Oct 23 19:27:32 2009
@@ -278,15 +278,11 @@
     
     ctx->data_file = path = ap_server_root_relative(p, arg);
 
-    cp = strchr(path, '(');
-    if (cp) {
+    cp = strrchr(path, '(');
+    cp2 = path + strlen(path) - 1;
+    if (cp && (*cp2 == ')')) {
         *cp++ = '\0';
-
-        if (!(cp2 = strchr(cp, ')'))) {
-            return "Invalid argument: no closing parenthesis";
-        }
-            
-        *cp2 = '\0';
+        *cp2  = '\0';
         
         ctx->shm_size = atoi(cp);

Re: svn commit: r829185 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

Posted by Stefan Fritsch <sf...@sfritsch.de>.
On Friday 23 October 2009, Ruediger Pluem wrote:
> > -    cp = strchr(path, '(');
> > -    if (cp) {
> > +    cp = strrchr(path, '(');
> > +    cp2 = path + strlen(path) - 1;
> > +    if (cp && (*cp2 == ')')) {
> >          *cp++ = '\0';
> > -
> > -        if (!(cp2 = strchr(cp, ')'))) {
> > -            return "Invalid argument: no closing parenthesis";
> > -        }
> 
> No error message any longer for missing parenthesis?
> I doubt that filenames like /somewhere/somefile(something are
>  intended.
> 

The question is if such filenames should be allowed. But I guess it's 
enought to allow them in case the cache size is given, too. Fixed in 
r829362

Re: svn commit: r829185 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

Posted by Ruediger Pluem <rp...@apache.org>.

On 10/23/2009 09:27 PM, sf@apache.org wrote:
> Author: sf
> Date: Fri Oct 23 19:27:32 2009
> New Revision: 829185
> 
> URL: http://svn.apache.org/viewvc?rev=829185&view=rev
> Log:
> Only parse cache size in parens at the end of the string. Fixes SSLSessionCache
> directive mis-parsing parens in pathname.
> 
> PR: 47945
> 
> Modified:
>     httpd/httpd/trunk/CHANGES
>     httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
> 
> Modified: httpd/httpd/trunk/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=829185&r1=829184&r2=829185&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/CHANGES [utf-8] (original)
> +++ httpd/httpd/trunk/CHANGES [utf-8] Fri Oct 23 19:27:32 2009
> @@ -10,6 +10,10 @@
>       mod_proxy_ftp: NULL pointer dereference on error paths.
>       [Stefan Fritsch <sf fritsch.de>, Joe Orton]
>  
> +  *) mod_socache_shmcb: Only parse cache size in parens at the end of the
> +     string. Fixes SSLSessionCache directive mis-parsing parens in pathname.
> +     PR 47945. [Stefan Fritsch]
> +
>    *) htpasswd: Improve out of disk space handling. PR 30877. [Stefan Fritsch]
>  
>    *) htpasswd: Use MD5 hash by default on all platforms. [Stefan Fritsch]
> 
> Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829185&r1=829184&r2=829185&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
> +++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Fri Oct 23 19:27:32 2009
> @@ -278,15 +278,11 @@
>      
>      ctx->data_file = path = ap_server_root_relative(p, arg);
>  
> -    cp = strchr(path, '(');
> -    if (cp) {
> +    cp = strrchr(path, '(');
> +    cp2 = path + strlen(path) - 1;
> +    if (cp && (*cp2 == ')')) {
>          *cp++ = '\0';
> -
> -        if (!(cp2 = strchr(cp, ')'))) {
> -            return "Invalid argument: no closing parenthesis";
> -        }

No error message any longer for missing parenthesis?
I doubt that filenames like /somewhere/somefile(something are intended.

> -            
> -        *cp2 = '\0';
> +        *cp2  = '\0';
>          
>          ctx->shm_size = atoi(cp);
>          


Regards

RĂ¼diger