From: Ruediger Pluem Date: Sun, 10 May 2009 10:31:35 +0000 (+0000) Subject: * Fix for the following configuration where the exec command was disabled X-Git-Tag: 2.3.3~633 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2a8cb24343ecb7e946611c0c7ca971bba6ba352b;p=thirdparty%2Fapache%2Fhttpd.git * Fix for the following configuration where the exec command was disabled in /subdir. All CVE-2009-1195 tests still pass with this patch. # only two containers in the config Options Includes AllowOverride None # with this container, mod_cgi/mod_cgid complains about exec being off # without it, exec cmd= works as expected SetEnv foo bar git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@773322 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/server/core.c b/server/core.c index ad6494ff772..8c0a828159d 100644 --- a/server/core.c +++ b/server/core.c @@ -242,8 +242,9 @@ static void *merge_core_dir_configs(apr_pool_t *a, void *basev, void *newv) /* if Includes was enabled without exec in the new config, but * was enabled with exec in the base, then disable exec in the * resulting options. */ - if ((base->opts & OPT_INC_WITH_EXEC) - && (new->opts & OPT_INC_WITH_EXEC) == 0) { + if ((base->opts & OPT_INC_WITH_EXEC) + && (new->opts & OPT_INC_WITH_EXEC) == 0 + && (new->opts & OPT_INCLUDES)) { conf->opts &= ~OPT_INC_WITH_EXEC; } }