From: Geoffrey Young <geoff@apache.org>
Date: Tue, 21 Sep 2004 13:21:16 +0000 (+0000)
Subject: SECURITY: CAN-2004-0811 (cve.mitre.org)
X-Git-Tag: 2.0.52~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ae2061682750963ff39043a89cc610f1ac8a6d2c;p=thirdparty%2Fapache%2Fhttpd.git

SECURITY: CAN-2004-0811 (cve.mitre.org)
Fix merging of the Satisfy directive, which was applied to
the surrounding context and could allow access despite configured
authentication.
PR: 31315
Submitted by:	Rici Lake <rici ricilake.net>
Reviewed by:	jorton, nd, pquerna, geoff


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@105227 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 9ccaf727b4c..769d0dbe275 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,10 @@
 Changes with Apache 2.0.52
 
+  *) SECURITY: CAN-2004-0811 (cve.mitre.org)
+     Fix merging of the Satisfy directive, which was applied to
+     the surrounding context and could allow access despite configured
+     authentication.  PR 31315.  [Rici Lake <rici ricilake.net>]
+
   *) Fix the handling of URIs containing %2F when AllowEncodedSlashes
      is enabled.  Previously, such urls would still be rejected.
      [Jeff Trawick, Bill Stoddard]
diff --git a/STATUS b/STATUS
index 294f376e47e..3f057f8c6c6 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/09/21 01:36:46 $]
+Last modified at [$Date: 2004/09/21 13:21:13 $]
 
 Release:
 
@@ -74,11 +74,6 @@ PATCHES TO BACKPORT FROM 2.1
   [ please place file names and revisions from HEAD here, so it is easy to
     identify exactly what the proposed changes are! ]
 
-    *) Fix Satisfy merging regression in 2.0.51.
-       http://cvs.apache.org/viewcvs.cgi/httpd-2.0/server/core.c?r1=1.285&r2=1.286    
-       PR: 31315
-       +1: jorton, nd, pquerna, geoff
-
     *) Fix the global mutex crash when the global mutex is never allocated
        due to disabled/empty caches.
          modules/ldap/util_ldap.c: 1.13
diff --git a/server/core.c b/server/core.c
index 257cffa21e3..cf23bbdb77c 100644
--- a/server/core.c
+++ b/server/core.c
@@ -351,9 +351,13 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv)
     /* Otherwise we simply use the base->sec_file array
      */
 
+    /* use a separate ->satisfy[] array either way */
+    conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS);
     for (i = 0; i < METHODS; ++i) {
         if (new->satisfy[i] != SATISFY_NOSPEC) {
             conf->satisfy[i] = new->satisfy[i];
+        } else {
+            conf->satisfy[i] = base->satisfy[i];
         }
     }