From: William A. Rowe Jr Date: Thu, 27 Jun 2013 16:54:14 +0000 (+0000) Subject: mod_dav: Sending an If or If-Match header with an invalid ETag doesn't X-Git-Tag: 2.2.25~17 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=902a1abd3b7651cd363d0bc587d2a35d009f5e52;p=thirdparty%2Fapache%2Fhttpd.git mod_dav: Sending an If or If-Match header with an invalid ETag doesn't result in a 412 Precondition Failed for a COPY operation. PR: 54610 Submitted by: Timothy Wood Backports: r1476604 (2.4: r1486456) Reviewed by: minfrin, wrowe, rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1497441 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c746c1d306b..da953a7dc07 100644 --- a/CHANGES +++ b/CHANGES @@ -38,6 +38,10 @@ Changes with Apache 2.2.25 *) mod_dav: Make sure that when we prepare an If URL for Etag comparison, we compare unencoded paths. PR 53910 [Timothy Wood ] + *) mod_dav: Sending a If or If-Match header with an invalid ETag doesn't + result in a 412 Precondition Failed. PR54610 [Timothy Wood + ] + Changes with Apache 2.2.24 *) SECURITY: CVE-2012-3499 (cve.mitre.org) diff --git a/STATUS b/STATUS index 0f0151b30a6..bd51e400dac 100644 --- a/STATUS +++ b/STATUS @@ -96,18 +96,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_dav: Sending a If or If-Match header with an invalid ETag doesn't - result in a 412 Precondition Failed. PR54610 - [Timothy Wood ] - trunk patch: http://svn.apache.org/r1476604 - 2.4.x patch: http://svn.apache.org/r1486456 - 2.2.x patch: trunk patch works (minus CHANGES) - +1: minfrin, wrowe, rjung - rjung: I think we should also mention that this is for the COPY - method only (mention in CHANGES of 2.2 and 2.4 and the three - commit messages). - wrowe: feel free to enhance the commit message/CHANGES across all branches. - * mod_dav: When a PROPPATCH attempts to remove a non-existent dead property on a resource for which there is no dead property in the same namespace httpd segfaults. PR 52559 diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c index 9bbd63297ad..05d19028d31 100644 --- a/modules/dav/main/mod_dav.c +++ b/modules/dav/main/mod_dav.c @@ -2719,10 +2719,10 @@ static int dav_method_copymove(request_rec *r, int is_move) } /* - * Check If-Headers and existing locks for each resource in the source - * if we are performing a MOVE. We will return a 424 response with a - * DAV:multistatus body. The multistatus responses will contain the - * information about any resource that fails the validation. + * Check If-Headers and existing locks for each resource in the source. + * We will return a 424 response with a DAV:multistatus body. + * The multistatus responses will contain the information about any + * resource that fails the validation. * * We check the parent resource, too, since this is a MOVE. Moving the * resource effectively removes it from the parent collection, so we @@ -2731,17 +2731,17 @@ static int dav_method_copymove(request_rec *r, int is_move) * If a problem occurs with the Request-URI itself, then a plain error * (rather than a multistatus) will be returned. */ - if (is_move - && (err = dav_validate_request(r, resource, depth, NULL, - &multi_response, - DAV_VALIDATE_PARENT - | DAV_VALIDATE_USE_424, - NULL)) != NULL) { + if ((err = dav_validate_request(r, resource, depth, NULL, + &multi_response, + DAV_VALIDATE_PARENT + | DAV_VALIDATE_USE_424, + NULL)) != NULL) { err = dav_push_error(r->pool, err->status, 0, apr_psprintf(r->pool, - "Could not MOVE %s due to a failed " + "Could not %s %s due to a failed " "precondition on the source " "(e.g. locks).", + is_move ? "MOVE" : "COPY", ap_escape_html(r->pool, r->uri)), err); return dav_handle_err(r, err, multi_response);