Merge r778942, r780648, r780655, r780692, r780697, r780699 from trunk:

mod_alias: Enforce sanity in args to Redirect
PR 44729

Fix error with arg counting

* Some custom defined response codes also do not require 3 arguments (all that
  are not redirects).

More adjustment for Redirect argument checking...

typo

Simplify... handle this below, even though it's
after some possible expensive regex

Reviewed/backported by: jim

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@792917 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index f96dcfc12239b1e55b8ba4513a5bae76bbb781c9..e6731ccfa7257f88ec4b8dc17fc033c0f87e1dfc 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -27,6 +27,9 @@ Changes with Apache 2.2.12
      different security issues which may affect particular configurations
      and third-party modules.
 
+  *) mod_alias: check sanity in Redirect arguments.
+     PR 44729 [Sönke Tesch <st kino-fahrplan.de>, Jim Jagielski]
+
   *) mod_proxy_http: fix Host: header for literal IPv6 addresses.
      PR 47177 [Carlos Garcia Braschi <cgbraschi gmail.com>]
 

diff --git a/STATUS b/STATUS
index ff09d4098ff9ac3c956de314fb309a3c5e493de0..d045cb4bdffac896f892b8478ec63b8e472594d5 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -85,16 +85,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
- * mod_alias: Enforce sanity in args to Redirect
-   PR 44729
-   patch: http://svn.apache.org/viewvc?view=rev&revision=778942
-          http://svn.apache.org/viewvc?view=rev&revision=780648
-          http://svn.apache.org/viewvc?view=rev&revision=780655
-          http://svn.apache.org/viewvc?view=rev&revision=780692
-          http://svn.apache.org/viewvc?view=rev&revision=780697
-          http://svn.apache.org/viewvc?view=rev&revision=780699
-   +1: niq, rpluem, takashi
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c
index 65a720a4fa40bac831126d98ebe91202fab37baa..6a6856c5ca52a5e299a0fb24da474cd632257d64 100644 (file)
--- a/modules/mappers/mod_alias.c
+++ b/modules/mappers/mod_alias.c
@@ -176,21 +176,41 @@ static const char *add_redirect_internal(cmd_parms *cmd,
     alias_server_conf *serverconf = ap_get_module_config(s->module_config,
                                                          &alias_module);
     int status = (int) (long) cmd->info;
+    int grokarg1 = 1;
     ap_regex_t *r = NULL;
     const char *f = arg2;
     const char *url = arg3;
 
-    if (!strcasecmp(arg1, "gone"))
-        status = HTTP_GONE;
-    else if (!strcasecmp(arg1, "permanent"))
+    /*
+     * Logic flow:
+     *   Go ahead and try to grok the 1st arg, in case it is a
+     *   Redirect status. Now if we have 3 args, we expect that
+     *   we were able to understand that 1st argument (it's something
+     *   we expected, so if not, then we bail
+     */
+    if (!strcasecmp(arg1, "permanent"))
         status = HTTP_MOVED_PERMANENTLY;
     else if (!strcasecmp(arg1, "temp"))
         status = HTTP_MOVED_TEMPORARILY;
     else if (!strcasecmp(arg1, "seeother"))
         status = HTTP_SEE_OTHER;
+    else if (!strcasecmp(arg1, "gone"))
+        status = HTTP_GONE;
     else if (apr_isdigit(*arg1))
         status = atoi(arg1);
-    else {
+    else
+        grokarg1 = 0;
+
+    if (arg3 && !grokarg1)
+        return "Redirect: invalid first argument (of three)";
+
+    /*
+     * if we don't have the 3rd arg and we didn't understand the 1st
+     * one, then assume URL-path URL. This also handles case, eg, GONE
+     * we even though we don't have a 3rd arg, we did understand the 1st
+     * one, so we don't want to re-arrange
+     */
+    if (!arg3 && !grokarg1) {
         f = arg1;
         url = arg2;
     }