mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with

the source href (sent as part of the request body as XML) pointing to a
URI that is not configured for DAV will trigger a segfault.

Backports: r1485668
Reviewed by: minfrin, trawick, wrowe
Submitted by: Ben Reser <ben reser.org>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497101 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 698311a983bd46cbffd32ac093bdd910e3edacc6..a4764f7a362774023f0dcf7fc1ea05c2be61a15e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -16,6 +16,11 @@ Changes with Apache 2.2.25
      with SSLProxyMachineCertificateFile/Path directives. PR 52212, PR 54698.
      [Keith Burdis <keith burdis.org>, Joe Orton, Kaspar Brand]
 
+  *) mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
+     the source href (sent as part of the request body as XML) pointing to a
+     URI that is not configured for DAV will trigger a segfault. [Ben Reser
+     <ben reser.org>]
+
 Changes with Apache 2.2.24
 
   *) SECURITY: CVE-2012-3499 (cve.mitre.org)

diff --git a/STATUS b/STATUS
index 78d3181d28a715567be48d9e421b719828f9ee6c..04d73276bc288c361cc3b797ffed7a859922dc8a 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -114,13 +114,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
   
-  * mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with
-    the source href (sent as part of the request body as XML) pointing to a
-    URI that is not configured for DAV will trigger a segfault.
-    trunk patch: http://svn.apache.org/r1485668
-    2.2.x patch: trunk works, modulo CHANGES
-    +1: minfrin, trawick, wrowe
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]

diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index 90370c6cc32d44188da948e8d2139854059e21c5..cae1bfd173ac63ab97f0e8b3dc26c1297b8d9f01 100644 (file)
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -719,6 +719,12 @@ static dav_error *dav_get_resource(request_rec *r, int label_allowed,
 
     conf = ap_get_module_config(r->per_dir_config, &dav_module);
     /* assert: conf->provider != NULL */
+    if (conf->provider == NULL) {
+        return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0, 0,
+                             apr_psprintf(r->pool,
+                                         "DAV not enabled for %s",
+                                         ap_escape_html(r->pool, r->uri)));
+    }
 
     /* resolve the resource */
     err = (*conf->provider->repos->get_resource)(r, conf->dir,
@@ -2650,11 +2656,6 @@ static int dav_method_copymove(request_rec *r, int is_move)
                                   "Destination URI had an error.");
     }
 
-    if (dav_get_provider(lookup.rnew) == NULL) {
-        return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
-                                  "DAV not enabled for Destination URI.");
-    }
-
     /* Resolve destination resource */
     err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
                            0 /* use_checked_in */, &resnew);