You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2009/05/10 12:31:36 UTC
svn commit: r773322 - /httpd/httpd/trunk/server/core.c
Author: rpluem
Date: Sun May 10 10:31:35 2009
New Revision: 773322
URL: http://svn.apache.org/viewvc?rev=773322&view=rev
Log:
* Fix for the following configuration where the exec command was disabled
in /subdir. All CVE-2009-1195 tests still pass with this patch.
# only two containers in the config
<Directory />
Options Includes
AllowOverride None
</Directory>
<Directory /subdir>
# with this container, mod_cgi/mod_cgid complains about exec being off
# without it, exec cmd= works as expected
SetEnv foo bar
</Directory>
Modified:
httpd/httpd/trunk/server/core.c
Modified: httpd/httpd/trunk/server/core.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?rev=773322&r1=773321&r2=773322&view=diff
==============================================================================
--- httpd/httpd/trunk/server/core.c (original)
+++ httpd/httpd/trunk/server/core.c Sun May 10 10:31:35 2009
@@ -242,8 +242,9 @@
/* if Includes was enabled without exec in the new config, but
* was enabled with exec in the base, then disable exec in the
* resulting options. */
- if ((base->opts & OPT_INC_WITH_EXEC)
- && (new->opts & OPT_INC_WITH_EXEC) == 0) {
+ if ((base->opts & OPT_INC_WITH_EXEC)
+ && (new->opts & OPT_INC_WITH_EXEC) == 0
+ && (new->opts & OPT_INCLUDES)) {
conf->opts &= ~OPT_INC_WITH_EXEC;
}
}