You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Taketo Kabe <ka...@sra-tohoku.co.jp> on 2001/11/19 19:41:18 UTC
mod_include/8804: [PATCH] XBitHack behaves as always "on"
>Number: 8804
>Category: mod_include
>Synopsis: [PATCH] XBitHack behaves as always "on"
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: apache
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Mon Nov 19 10:50:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: kabe@sra-tohoku.co.jp
>Release: 2.0.28
>Organization:
apache
>Environment:
SunOS 5.8 Generic_108528-05 sun4u sparc SUNW,Ultra-60
gcc version 2.95.2 19991024 (release)
>Description:
XBitHack behaved as always "on" regardess of any settings.
This will cause any HTML files accidentally chmod +x 'ed to be
processed through INCLUDES filter (if Options +Includes in effect).
This seems to be caused by modules/filters/mod_include.c:xbithack_handler()
incorrectly extracting the module config structure.
The [PATCH] below fixes the reference into "standard" method.
>How-To-Repeat:
.htaccess:
Options +Includes
XBitHack off
test.html:
<BODY>
<!--#exec cmd="ls"-->
</BODY>
$ chmod +x test.html
$ GET http://www/~your/dir/test.html
You shouldn't have SSI invoked but actually is (BAD).
>Fix:
#********************************* mod_include.c XBitHack always full patch
##dist11
# Fix:
# XBitHack behaved as always "full"
#
##find httpd-2_0_28 -name '*.dist11' -exec ./0diff {} \;
/usr/local/gnu/bin/patch -p1 --backup --suffix=.dist11 << 'EOP'
=============================== {
diff -u httpd-2_0_28/modules/filters/mod_include.c.dist11 httpd-2_0_28/modules/filters/mod_include.c
--- httpd-2_0_28/modules/filters/mod_include.c.dist11 Wed Sep 19 06:25:07 2001
+++ httpd-2_0_28/modules/filters/mod_include.c Mon Nov 19 18:16:45 2001
@@ -3167,7 +3167,7 @@
/* OS/2 dosen't currently support the xbithack. This is being worked on. */
return DECLINED;
#else
- enum xbithack *state;
+ include_dir_config *conf;
if (ap_strcmp_match(r->handler, "text/html")) {
return DECLINED;
@@ -3176,10 +3176,10 @@
return DECLINED;
}
- state = (enum xbithack *) ap_get_module_config(r->per_dir_config,
+ conf = (include_dir_config *) ap_get_module_config(r->per_dir_config,
&include_module);
- if (*state == xbithack_off) {
+ if (*conf->xbithack == xbithack_off) {
return DECLINED;
}
/* We always return declined, because the default handler will actually
=============================== }}
EOP
>Release-Note:
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, you need]
[to include <ap...@Apache.Org> in the Cc line and make sure the]
[subject line starts with the report component and number, with ]
[or without any 'Re:' prefixes (such as "general/1098:" or ]
["Re: general/1098:"). If the subject doesn't match this ]
[pattern, your message will be misfiled and ignored. The ]
["apbugs" address is not added to the Cc line of messages from ]
[the database automatically because of the potential for mail ]
[loops. If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request from a ]
[developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]