You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Cliff Woolley <cl...@yahoo.com> on 2001/08/24 07:07:04 UTC
mod_include recursive include checking bug
httpd-test revealed a bug in processing recursive includes for
relative-pathed files. This patch fixes it, but it seems suboptimal... is
there are a faster way to test for this condition than doing a strcmp?
(PS: sorry about the line wraps.)
The problem is just that server/request.c sets rnew->uri to "INTERNALLY
GENERATED file-relative req" in this case, namely when this check _fails_:
if (strncmp(rnew->filename, fdir, fdirlen) != 0
&& rnew->filename[fdirlen]
&& ap_strchr_c(rnew->filename + fdirlen, '/') == NULL)
This is not new behavior ... it's been around since rev 1.1 of request.c.
But I'd swear that mod_include used to work for this test. Maybe the
recent canonical filenames changes just uncovered the bug?
--Cliff
Index: mod_include.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
retrieving revision 1.131
diff -u -d -r1.131 mod_include.c
--- mod_include.c 2001/08/24 04:50:49 1.131
+++ mod_include.c 2001/08/24 04:51:05
@@ -859,7 +859,9 @@
for (q = p; q != NULL; q = q->prev) {
if ((q->filename && rr->filename &&
(strcmp(q->filename, rr->filename) ==
0)) ||
- (strcmp(q->uri, rr->uri) == 0))
+ ((strcmp(q->uri, rr->uri) == 0) &&
+ (strcmp(q->uri, "INTERNALLY GENERATED "
+ "file-relative req") !=
0)))
{
founddupe = 1;
break;
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
Re: mod_include recursive include checking bug
Posted by Cliff Woolley <cl...@yahoo.com>.
On Fri, 24 Aug 2001, Cliff Woolley wrote:
> if (strncmp(rnew->filename, fdir, fdirlen) != 0
> && rnew->filename[fdirlen]
> && ap_strchr_c(rnew->filename + fdirlen, '/') == NULL)
>
> This is not new behavior ... it's been around since rev 1.1 of request.c.
Actually, upon further investiation I see that it IS new behavior.
rnew->uri was always set to that string, but the condition changed in rev
1.25 of request.c earlier today. Obviously the else case is now getting
called more frequently now... is that expected?
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
Re: mod_include recursive include checking bug
Posted by Cliff Woolley <cl...@yahoo.com>.
On Thu, 23 Aug 2001, Doug MacEachern wrote:
> On Fri, 24 Aug 2001, Cliff Woolley wrote:
>
> funny, i tried committing a change to mod_include.c and up-to-date failed,
> was the same indentation fix. then i was going to suggest this patch to
> cure the same problem, since any valid (non "generated") uri should start
> with a '/'.
That sounds right. Definitely better than my massive strcmp. =-) If
we're sure that the new condition in request.c is correct (Bill?), then
commit away...
--Cliff
--------------------------------------------------------------
Cliff Woolley
cliffwoolley@yahoo.com
Charlottesville, VA
Re: mod_include recursive include checking bug
Posted by Doug MacEachern <do...@covalent.net>.
On Fri, 24 Aug 2001, Cliff Woolley wrote:
funny, i tried committing a change to mod_include.c and up-to-date failed,
was the same indentation fix. then i was going to suggest this patch to
cure the same problem, since any valid (non "generated") uri should start
with a '/'.
Index: modules/filters/mod_include.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/filters/mod_include.c,v
retrieving revision 1.131
diff -u -r1.131 mod_include.c
--- modules/filters/mod_include.c 2001/08/24 04:50:49 1.131
+++ modules/filters/mod_include.c 2001/08/24 05:22:00
@@ -859,7 +859,7 @@
for (q = p; q != NULL; q = q->prev) {
if ((q->filename && rr->filename &&
(strcmp(q->filename, rr->filename) == 0)) ||
- (strcmp(q->uri, rr->uri) == 0))
+ ((*q->uri == '/') && (strcmp(q->uri, rr->uri) == 0)))
{
founddupe = 1;
break;