You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2004/04/06 00:06:01 UTC
DO NOT REPLY [Bug 28218] New: -
errors in regular expressions for LocationMatch cause silent failures
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28218>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28218
errors in regular expressions for LocationMatch cause silent failures
Summary: errors in regular expressions for LocationMatch cause
silent failures
Product: Apache httpd-1.3
Version: 1.3.29
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Other
Component: core
AssignedTo: bugs@httpd.apache.org
ReportedBy: kjw@acm.org
We discovered a Location block that was not working in one of our apache
configs and one of the few changes was the addition of a slightly broken
looking regular expression which featured something like this
<Location ~ ^/something/||^/something-else/>
</Location>
The problem turned out to be the ||. I had a quick glance through the code and
it reads like the regular expression library doesn't like this and regards it
as an error (i note solaris egrep errors, perl thinks its ok). The problem is
that this error is not reported to the user so the configuration appears to be
ok when the process is started. I think this is both confused to the naive
configuration creator and potentially dangerous if the Location block contains
some critical (say, security-related) directives.
It looks like the (handful of) ap_pregcomp calls in http_core.c do not check
for a NULL return code that would indicate a failed compilation. So this
affects Location ~, LocationMatch, Directory ~, DirectoryMatch, Files ~,
FilesMatch.
Perhaps this problem exists in apache 2.0 as well? And maybe other areas of
apache 1.3 (not mod_alias, just had a look there!).
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org