Thanks Kris. Keep them coming ;-)
Kris Verbeeck wrote: > Hi, > > Someone in our QA team tried the following test: > > telnet <host> 80 > GET https://whatever.html HTTP/1.0 > > this resulted in a segfault for the child that handled the request. > Agreed, this is not a normal HTTP request, but firing enough of them > will surely DoS the server. > > Our apache runs on Sparc/Solaris8 and 'httpd -l' gives: > > Compiled in modules: > core.c > mod_access.c > mod_cache.c > mod_disk_cache.c > mod_deflate.c > mod_jk.c > mod_log_config.c > mod_env.c > mod_setenvif.c > mod_ssl.c > prefork.c > http_core.c > mod_mime.c > mod_alias.c > > Gdb told me that there was a null ppinter dereference in > ap_cache_get_cache_type when it tried to compare the request's > URL with the prefix from the configuration. > > The patch will just return NULL when the URL is NULL and results > in no caching for that request (which seems reasonable since there > ios no URL to cache). > > ps: I don't know whether the actual fix of this problem should > be in cache_util.c or somewhere in the URI parsing routines. > > > > ------------------------------------------------------------------------ > > --- httpd-2.0.40/modules/experimental/cache_util.c Sun Jun 23 08:10:00 2002 > +++ httpd-2.0.40-PATCHED/modules/experimental/cache_util.c Mon Aug 26 17:28:37 >2002 > @@ -104,6 +104,12 @@ > const char *type = NULL; > int i; > > + /* we can't cache if there's no URL > + * fixes segfault for 'GET https://whatever.html HTTP/1.0' request > + * on HTTP port (e.g. 80) > + */ > + if (!url) return NULL; > + > /* loop through all the cacheenable entries */ > for (i = 0; i < conf->cacheenable->nelts; i++) { > struct cache_enable *ent =
