fanf 99/12/19 21:24:28
Modified: src/modules/standard mod_vhost_alias.c
Log:
Fix for the security problem spotted by Lars Eilebrecht <[EMAIL PROTECTED]>
Revision Changes Path
1.3 +9 -4 apache-1.3/src/modules/standard/mod_vhost_alias.c
Index: mod_vhost_alias.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/modules/standard/mod_vhost_alias.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- mod_vhost_alias.c 1999/06/22 15:33:17 1.2
+++ mod_vhost_alias.c 1999/12/20 05:24:22 1.3
@@ -278,8 +278,8 @@
}
}
-static void vhost_alias_interpolate(request_rec *r, const char *name,
- const char *map, const char *uri)
+static int vhost_alias_interpolate(request_rec *r, const char *name,
+ const char *map, const char *uri)
{
/* 0..9 9..0 */
enum { MAXDOTS = 19 };
@@ -391,6 +391,8 @@
}
vhost_alias_checkspace(r, buf, &dest, end - start);
for (p = start; p < end; ++p) {
+ if (!isalnum(*p) && *p != '-' && *p != '.')
+ return HTTP_BAD_REQUEST;
*dest++ = ap_tolower(*p);
}
}
@@ -405,6 +407,7 @@
else {
r->filename = ap_pstrcat(r->pool, buf, uri, NULL);
}
+ return OK;
}
static int mva_translate(request_rec *r)
@@ -412,7 +415,7 @@
mva_sconf_t *conf;
const char *name, *map, *uri;
mva_mode_e mode;
- int cgi;
+ int cgi, bad;
conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
&vhost_alias_module);
@@ -446,7 +449,9 @@
return DECLINED;
}
- vhost_alias_interpolate(r, name, map, uri);
+ bad = vhost_alias_interpolate(r, name, map, uri);
+ if (bad != OK)
+ return bad;
if (cgi) {
/* see is_scriptaliased() in mod_cgi */
