From: Chris Darroch Date: Sat, 10 May 2008 00:49:03 +0000 (+0000) Subject: When testing for slash-terminated configuration paths in X-Git-Tag: 2.3.0~650 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff9487248a5bc3f367eb203e942278127f38468f;p=thirdparty%2Fapache%2Fhttpd.git When testing for slash-terminated configuration paths in ap_location_walk(), don't look past the start of an empty string such as that created by a directive. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@654998 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index af0a36e33ca..1411e50d467 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) core: When testing for slash-terminated configuration paths in + ap_location_walk(), don't look past the start of an empty string + such as that created by a directive. + [Chris Darroch] + *) core, mod_proxy: If a kept_body is present, it becomes safe for subrequests to support message bodies. Make sure that safety checks within the core and within the proxy are not triggered diff --git a/server/request.c b/server/request.c index 5d4c9aa4b62..159d8a04afd 100644 --- a/server/request.c +++ b/server/request.c @@ -1315,7 +1315,8 @@ AP_DECLARE(int) ap_location_walk(request_rec *r) : (entry_core->d_is_fnmatch ? apr_fnmatch(entry_core->d, cache->cached, APR_FNM_PATHNAME) : (strncmp(entry_core->d, cache->cached, len) - || (entry_core->d[len - 1] != '/' + || (len > 0 + && entry_core->d[len - 1] != '/' && cache->cached[len] != '/' && cache->cached[len] != '\0')))) { continue;