From: Ruediger Pluem Date: Tue, 27 May 2008 15:57:23 +0000 (+0000) Subject: Merge r644050 from trunk: X-Git-Tag: 2.2.9~119 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=134f174983660c1ea523d973fe7f7a5de8e45955;p=thirdparty%2Fapache%2Fhttpd.git Merge r644050 from trunk: * Prevent a segfault if the destination URI of a copy / move operation is not under DAV control. Return 405 (Method not allowed) instead. PR: 44734 Submitted by: rpluem Reviewed by: rpluem, niq, trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@660571 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 05245a0c0a5..c221533832a 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.9 + *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV + copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem] + *) http_filters: Don't return 100-continue on redirects. PR 43711 [Ruediger Pluem] diff --git a/STATUS b/STATUS index fdc7fb9f819..a2458396870 100644 --- a/STATUS +++ b/STATUS @@ -134,14 +134,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK: http://people.apache.org/~fielding/p/ab-sync.txt +1: fielding, jim, wrowe - * mod_dav: Return "method not allowed" if the destination URI of a WebDAV - copy / move operation is no DAV resource. PR 44734 - Trunk version of patch: - http://svn.apache.org/viewvc?rev=644050&view=rev - Backport version for 2.2.x of patch: - Trunk version of patch works - +1: rpluem, niq, trawick - * mod_rewrite: Initialize hash needed by ap_register_rewrite_mapfunc early enough. PR 44641 Trunk version of patch: diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 24699bc0f6e..c57bffb32cd 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -2638,6 +2638,11 @@ static int dav_method_copymove(request_rec *r, int is_move) "Destination URI had an error."); } + if (dav_get_provider(lookup.rnew) == NULL) { + return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED, + "DAV not enabled for Destination URI."); + } + /* Resolve destination resource */ err = dav_get_resource(lookup.rnew, 0 /* label_allowed */, 0 /* use_checked_in */, &resnew);