From: Joe Orton Date: Mon, 20 Sep 2004 20:12:20 +0000 (+0000) Subject: * server/core.c (merge_core_dir_configs): Fix Satisfy merging since X-Git-Tag: 2.1.1~234 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91fdc42dc266273dd44841fb08189d9a19c09e0e;p=thirdparty%2Fapache%2Fhttpd.git * server/core.c (merge_core_dir_configs): Fix Satisfy merging since per-method Satisfy feature was added. PR: 31315 Submitted by: Rici Lake git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105215 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index dbed042fe5c..ed6faf0e167 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) SECURITY: CAN-2004-0811 (cve.mitre.org) + Fix merging of the Satisfy directive, which was applied to + the surrounding context and could allow access despite configured + authentication. PR 31315. [Rici Lake ] + *) Fix the global mutex crash when the global mutex is never allocated due to disabled/empty caches. [Jess Holle ] diff --git a/server/core.c b/server/core.c index e5cb1880a4c..1e5a34ad916 100644 --- a/server/core.c +++ b/server/core.c @@ -353,9 +353,13 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) /* Otherwise we simply use the base->sec_file array */ + /* use a separate ->satisfy[] array either way */ + conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS); for (i = 0; i < METHODS; ++i) { if (new->satisfy[i] != SATISFY_NOSPEC) { conf->satisfy[i] = new->satisfy[i]; + } else { + conf->satisfy[i] = base->satisfy[i]; } }