<!--#include virtual="file" --> with a request URI containing
%2f would result in a segfault (NULL pointer deref, not a
security problem).
PR: 8362
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@91097
13f79535-47bb-0310-9956-
ffa450edef68
Changes with Apache 1.3.21
+ *) ErrorDocument 404 pointing to a parsed html file with a
+ <!--#include virtual="file" --> with a request URI containing
+ %2f would result in a segfault (NULL pointer deref, not a
+ security problem). [Jeff Moe <tux@themoes.org>, Dean Gaudet] PR#8362
+
*) UnsetEnv from main body of httpd.conf file didn't work; backport
of bugfix from 2.0 codebase. [Gary Benson <gbenson@redhat.com>] PR#8254
char *unparsed_uri; /* the uri without any parsing performed */
char *uri; /* the path portion of the URI */
- char *filename;
+ char *filename; /* filename if found, otherwise NULL */
char *path_info;
char *args; /* QUERY_ARGS, if any */
struct stat finfo; /* ST_MODE set to zero if no such file */
for (p = r; p != NULL && !founddupe; p = p->main) {
request_rec *q;
for (q = p; q != NULL; q = q->prev) {
- if ( (strcmp(q->filename, rr->filename) == 0) ||
+ if ( (q->filename && strcmp(q->filename, rr->filename) == 0) ||
(strcmp(q->uri, rr->uri) == 0) ){
founddupe = 1;
break;
projects / thirdparty / apache / httpd.git / commitdiff
