You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by mi...@apache.org on 2013/05/23 14:52:06 UTC
svn commit: r1485668 - in /httpd/httpd/trunk: CHANGES
modules/dav/main/mod_dav.c
Author: minfrin
Date: Thu May 23 12:52:06 2013
New Revision: 1485668
URL: http://svn.apache.org/r1485668
Log:
mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/dav/main/mod_dav.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1485668&r1=1485667&r2=1485668&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Thu May 23 12:52:06 2013
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+ the source href (sent as part of the request body as XML) pointing to a
+ URI that is not configured for DAV will trigger a segfault. [Ben Reser
+ <ben reser.org>]
+
*) mod_logio: new format-specifier %C (combined) which is the sum of received
and sent byte counts.
PR54015 [Christophe Jaillet]
Modified: httpd/httpd/trunk/modules/dav/main/mod_dav.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?rev=1485668&r1=1485667&r2=1485668&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/dav/main/mod_dav.c (original)
+++ httpd/httpd/trunk/modules/dav/main/mod_dav.c Thu May 23 12:52:06 2013
@@ -709,6 +709,12 @@ static dav_error *dav_get_resource(reque
conf = ap_get_module_config(r->per_dir_config, &dav_module);
/* assert: conf->provider != NULL */
+ if (conf->provider == NULL) {
+ return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,
+ apr_psprintf(r->pool,
+ "DAV not enabled for %s",
+ ap_escape_html(r->pool, r->uri)));
+ }
/* resolve the resource */
err = (*conf->provider->repos->get_resource)(r, conf->dir,
@@ -2691,11 +2697,6 @@ static int dav_method_copymove(request_r
"Destination URI had an error.");
}
- if (dav_get_provider(lookup.rnew) == NULL) {
- return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
- "DAV not enabled for Destination URI.");
- }
-
/* Resolve destination resource */
err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
0 /* use_checked_in */, &resnew);