From 91fdc42dc266273dd44841fb08189d9a19c09e0e Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Mon, 20 Sep 2004 20:12:20 +0000 Subject: [PATCH] * server/core.c (merge_core_dir_configs): Fix Satisfy merging since per-method Satisfy feature was added. PR: 31315 Submitted by: Rici Lake git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@105215 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 5 +++++ server/core.c | 4 ++++ 2 files changed, 9 insertions(+) diff --git a/CHANGES b/CHANGES index dbed042fe5c..ed6faf0e167 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,11 @@ Changes with Apache 2.1.0-dev [Remove entries to the current 2.0 section below, when backported] + *) SECURITY: CAN-2004-0811 (cve.mitre.org) + Fix merging of the Satisfy directive, which was applied to + the surrounding context and could allow access despite configured + authentication. PR 31315. [Rici Lake ] + *) Fix the global mutex crash when the global mutex is never allocated due to disabled/empty caches. [Jess Holle ] diff --git a/server/core.c b/server/core.c index e5cb1880a4c..1e5a34ad916 100644 --- a/server/core.c +++ b/server/core.c @@ -353,9 +353,13 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) /* Otherwise we simply use the base->sec_file array */ + /* use a separate ->satisfy[] array either way */ + conf->satisfy = apr_palloc(a, sizeof(*conf->satisfy) * METHODS); for (i = 0; i < METHODS; ++i) { if (new->satisfy[i] != SATISFY_NOSPEC) { conf->satisfy[i] = new->satisfy[i]; + } else { + conf->satisfy[i] = base->satisfy[i]; } } -- 2.47.2