>Number: 5757 >Category: mod_include >Synopsis: A server request tries to reference a NULL ptr. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Feb 14 14:50:01 PST 2000 >Closed-Date: >Last-Modified: >Originator: [EMAIL PROTECTED] >Release: 1.3.9 and 1.3.11 >Organization: apache >Environment: Windows NT 4.0 with service pack 6a Visual C++ 5.0 compiler >Description: The function handle_include in mod_include.c has a call to strcmp (the third strcmp call in that function) that can sometimes have a null argument. q->filename is the arguement that can sometimes be null. >How-To-Repeat: There seem to be two ways where you can get q->filename to be null. 1) have a URL that starts with a slash followed by two dots e.g. /.. 2) Send many post requests to the server at one time. >Fix: In mod_include.c, put in an extra check for the third strcmp in the handle_include function. Check if q->filename is NULL before doing the strcmp. >Release-Note: >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, you need] [to include <[EMAIL PROTECTED]> in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]
