You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Petr Lampa <la...@fee.vutbr.cz> on 1997/02/06 00:00:01 UTC

general/162: core dump in sub_req_lookup_file() if invalid directive in .htaccess

	The contract type is `' with a response time of 3 business hours.
	A first analysis should be sent before: Thu Feb 06 09:00:01 PST 1997


>Number:         162
>Category:       general
>Synopsis:       core dump in sub_req_lookup_file() if invalid directive in .htaccess
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    gnats-admin (GNATS administrator)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Feb  5 15:00:01 1997
>Originator:     lampa@fee.vutbr.cz
>Organization:
apache
>Release:        1.1*, 1.2b*
>Environment:
FreeBSD-2.2BETA
>Description:
Bug reported for 1.1, 1.2b4, not resolved yet.

If a bad directive occurs in .htaccess, and sub_request() goes
first to this directory, then log_reason() will dump,
because it doesn't have initialized r->per_dir_config.

Program received signal SIGSEGV, Segmentation fault.
0x90ee in get_module_config (conf_vector=0x0, m=0x38a20) at http_config.c:112
112        return confv[m->module_index];
(gdb) where
#0  0x90ee in get_module_config (conf_vector=0x0, m=0x38a20)
    at http_config.c:112
#1  0x6138 in get_remote_host (conn=0x5401c, dir_config=0x0, type=1)
    at http_core.c:316
#2  0xdccf in log_reason (reason=0x5a77c "Invalid command LanguageChacha",
    file=0x5a6fc "/home2/WWW/root/BRNO/.htaccess", r=0x5a034) at http_log.c:191
#3  0xaad8 in parse_htaccess (result=0xefbf1a94, r=0x5a034, override=6,
    d=0x5a6e4 "/home2/WWW/root/BRNO/",
    filename=0x5a6fc "/home2/WWW/root/BRNO/.htaccess") at http_config.c:813
#4  0xbff6 in directory_walk (r=0x5a034) at http_request.c:388
#5  0xcad3 in sub_req_lookup_file (new_file=0xefbf3b00 "BRNO/brno.html",
    r=0x54084) at http_request.c:707
#6  0x236c4 in handle_include (in=0x80d3b6c, r=0x54084,
    error=0xefbf9b30 "[an error occurred while processing this directive]",
    noexec=0) at mod_include.c:470
#7  0x2657d in send_parsed_content (f=0x80d3b6c, r=0x54084)
    at mod_include.c:1616
#8  0x26a0e in send_parsed_file (r=0x54084) at mod_include.c:1724
#9  0x26a49 in send_shtml_file (r=0x54084) at mod_include.c:1733
>How-To-Repeat:

>Fix:

Initialize r->per_dir_config for sub_request exactly as in regular request!
Or initialize it at least at the beginning of directory_walk():

*** http_request.c.old  Mon Jan 20 11:45:46 1997
--- http_request.c      Mon Jan 20 11:40:47 1997
***************
*** 226,231 ****
--- 226,232 ----
 * fake one. But don't run through the directory entries.
 */

+     r->per_dir_config = per_dir_defaults;
      if (test_filename == NULL) {
      r->filename = pstrdup(r->pool, r->uri);
      r->finfo.st_mode = 0;   /* Not really a file... */

%0
>Audit-Trail:
>Unformatted: