Re: [PATCH] fixes segfault in mod_cache (2.0.40)

Tue, 27 Aug 2002 01:32:10 -0700 

Apache behaviour with this patch (or without mod_cache):

The request:

        GET https://whatever.html HTTP/1.0

is equivalent to:

        GET / HTTP/1.0

I'm wondering whether this is the desired behaviour?  This is
also the behaviour of a 1.3.x Apache.  Maybe Apache should block
this kind of requests and return an error message??

Kris Verbeeck wrote:
> 
> Hi,
> 
> Someone in our QA team tried the following test:
> 
>         telnet <host> 80
>         GET https://whatever.html HTTP/1.0
> 
> this resulted in a segfault for the child that handled the request.
> Agreed, this is not a normal HTTP request, but firing enough of them
> will surely DoS the server.
> 
> Our apache runs on Sparc/Solaris8 and 'httpd -l' gives:
> 
>   Compiled in modules:
>     core.c
>     mod_access.c
>     mod_cache.c
>     mod_disk_cache.c
>     mod_deflate.c
>     mod_jk.c
>     mod_log_config.c
>     mod_env.c
>     mod_setenvif.c
>     mod_ssl.c
>     prefork.c
>     http_core.c
>     mod_mime.c
>     mod_alias.c
> 
> Gdb told me that there was a null ppinter dereference in
> ap_cache_get_cache_type when it tried to compare the request's
> URL with the prefix from the configuration.
> 
> The patch will just return NULL when the URL is NULL and results
> in no caching for that request (which seems reasonable since there
> ios no URL to cache).
> 
> ps: I don't know whether the actual fix of this problem should
> be in cache_util.c or somewhere in the URI parsing routines.
> 
> --
> ir. Kris Verbeeck
> Development Engineer
> 
> Ubizen - Ubicenter - Philipssite 5 - 3001 Leuven - Belgium
> T:  +32 16 28 70 64
> F:  +32 16 28 70 77
> 
> Ubizen - We Secure e-business - www.ubizen.com
> 
>   
>----------------------------------------------------------------------------------------------------------------------------------------------------------------
> --- httpd-2.0.40/modules/experimental/cache_util.c      Sun Jun 23 08:10:00 2002
> +++ httpd-2.0.40-PATCHED/modules/experimental/cache_util.c      Mon Aug 26 17:28:37 
>2002
> @@ -104,6 +104,12 @@
>      const char *type = NULL;
>      int i;
> 
> +    /* we can't cache if there's no URL
> +     * fixes segfault for 'GET https://whatever.html HTTP/1.0' request
> +     * on HTTP port (e.g. 80)
> +     */
> +    if (!url) return NULL;
> +
>      /* loop through all the cacheenable entries */
>      for (i = 0; i < conf->cacheenable->nelts; i++) {
>          struct cache_enable *ent =

-- 
ir. Kris Verbeeck
Development Engineer

Ubizen - Ubicenter - Philipssite 5 - 3001 Leuven - Belgium
T:  +32 16 28 70 64
F:  +32 16 28 70 77

Ubizen - We Secure e-business - www.ubizen.com

Reply via email to