cvs commit: apache/src CHANGES mod_include.c
dgaudet 97/11/05 03:40:14 Modified:src Tag: APACHE_1_2_X CHANGES mod_include.c Log: mod_include did not properly handle all possible redirects from sub-reqs. Submitted by: Ken Coar Reviewed by: Dean Gaudet, Roy Fielding, Ralf Engelschall Revision ChangesPath No revision No revision 1.286.2.57 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.56 retrieving revision 1.286.2.57 diff -u -r1.286.2.56 -r1.286.2.57 --- CHANGES 1997/11/05 11:38:51 1.286.2.56 +++ CHANGES 1997/11/05 11:40:12 1.286.2.57 @@ -6,6 +6,9 @@ r-filename. Since those two are meant to be in sync with each other this is a bug. [Paul B. Henson [EMAIL PROTECTED]] + *) mod_include did not properly handle all possible redirects from sub- + requests. [Ken Coar] + *) Inetd mode (which is buggy) uses timeouts without having setup the jmpbuffer. [Dean Gaudet] PR#1064 1.33.2.6 +3 -1 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.33.2.5 retrieving revision 1.33.2.6 diff -u -r1.33.2.5 -r1.33.2.6 --- mod_include.c 1997/07/31 08:50:02 1.33.2.5 +++ mod_include.c 1997/11/05 11:40:13 1.33.2.6 @@ -494,6 +494,7 @@ int include_cgi(char *s, request_rec *r) { request_rec *rr = sub_req_lookup_uri (s, r); +int rr_status; if (rr-status != 200) return -1; @@ -515,7 +516,8 @@ /* Run it. */ -if (run_sub_req (rr) == REDIRECT) { +rr_status = run_sub_req(rr); +if (is_HTTP_REDIRECT(rr_status)) { char *location = table_get (rr-headers_out, Location); location = escape_html(rr-pool, location); rvputs(r,A HREF=\, location, \, location, /A, NULL);
cvs commit: apache/src CHANGES mod_include.c
dgaudet 97/11/05 03:46:23 Modified:src Tag: APACHE_1_2_X CHANGES mod_include.c Log: fix bogus uninitialized data for and || PR: 1139 Submitted by: Brian Slesinsky [EMAIL PROTECTED] Reviewed by: Dean Gaudet, Roy Fielding, Ralf Engelschall Revision ChangesPath No revision No revision 1.286.2.59 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.58 retrieving revision 1.286.2.59 diff -u -r1.286.2.58 -r1.286.2.59 --- CHANGES 1997/11/05 11:43:13 1.286.2.58 +++ CHANGES 1997/11/05 11:46:20 1.286.2.59 @@ -1,5 +1,8 @@ Changes with Apache 1.2.5 + *) mod_include used uninitialized data for some uses of and ||. + [Brian Slesinsky [EMAIL PROTECTED]] PR#1139 + *) mod_imap should decline all non-GET methods. [Jay Bloodworth [EMAIL PROTECTED]] 1.33.2.7 +2 -0 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.33.2.6 retrieving revision 1.33.2.7 diff -u -r1.33.2.6 -r1.33.2.7 --- mod_include.c 1997/11/05 11:40:13 1.33.2.6 +++ mod_include.c 1997/11/05 11:46:21 1.33.2.7 @@ -1334,6 +1334,7 @@ strncpy(current-left-token.value, buffer, MAX_STRING_LEN-1); current-left-token.value[MAX_STRING_LEN-1] = '\0'; + current-left-value = (current-token.value[0] != '\0'); current-left-done = 1; break; default: @@ -1349,6 +1350,7 @@ strncpy(current-right-token.value, buffer, MAX_STRING_LEN-1); current-right-token.value[MAX_STRING_LEN-1] = '\0'; + current-right-value = (current-token.value[0] != '\0'); current-right-done = 1; break; default:
cvs commit: apache/src CHANGES mod_include.c
rse 97/07/31 01:50:05 Modified:src Tag: APACHE_1_2_X CHANGES mod_include.c Log: handle_else was being used to handle endif. Submitted by: Howard Fear Reviewed by: Ralf S. Engelschall, Jim Jagielski, Randy Terbush Revision ChangesPath No revision No revision 1.286.2.37 +4 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.36 retrieving revision 1.286.2.37 diff -u -r1.286.2.36 -r1.286.2.37 --- CHANGES 1997/07/31 08:43:13 1.286.2.36 +++ CHANGES 1997/07/31 08:50:01 1.286.2.37 @@ -1,5 +1,9 @@ Changes with Apache 1.2.2 + *) mod_include cleanup showed that handle_else was being used to handle + endif. It didn't cause problems, but it was cleaned up too. + [Howard Fear] + *) Last official synchonisation of mod_rewrite with author version (because mod_rewrite is now directly developed by the author at the Apache Group): o added diff between mod_rewrite 3.0.6+ and 3.0.9 1.33.2.5 +2 -2 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.33.2.4 retrieving revision 1.33.2.5 diff -u -r1.33.2.4 -r1.33.2.5 --- mod_include.c 1997/07/20 18:24:25 1.33.2.4 +++ mod_include.c 1997/07/31 08:50:02 1.33.2.5 @@ -1589,6 +1589,7 @@ #ifdef DEBUG_INCLUDE rvputs(r, endif conditional_status=\, *conditional_status ? 1 : 0, \\n, NULL); #endif +*printing = 1; *conditional_status = 1; return 0; } else { @@ -1704,8 +1705,7 @@ continue; } else if(!strcmp(directive,endif)) { if (!if_nesting) { -ret=handle_else(f, r, error, conditional_status, printing); -printing = 1; +ret = handle_endif(f, r, error, conditional_status, printing); } else { if_nesting--; }
cvs commit: apache/src CHANGES mod_include.c
dgaudet 97/07/28 01:46:45 Modified:src CHANGES mod_include.c Log: fixed unused handle_endif Submitted by: Howard Fear Reviewed by: Dean Gaudet, Marc Slemko Revision ChangesPath 1.369 +4 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.368 retrieving revision 1.369 diff -u -r1.368 -r1.369 --- CHANGES 1997/07/27 02:38:03 1.368 +++ CHANGES 1997/07/28 08:46:41 1.369 @@ -1,5 +1,9 @@ Changes with Apache 1.3a2 + *) mod_include cleanup showed that handle_else was being used to handle + endif. It didn't cause problems, but it was cleaned up too. + [Howard Fear] + *) mod_cern_meta would attempt to find meta files for the directory itself in some cases, but not in others. It now avoids it in all cases. [Dean Gaudet] 1.45 +2 -2 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.44 retrieving revision 1.45 diff -u -r1.44 -r1.45 --- mod_include.c 1997/07/27 01:43:26 1.44 +++ mod_include.c 1997/07/28 08:46:42 1.45 @@ -1728,6 +1728,7 @@ #ifdef DEBUG_INCLUDE rvputs(r, endif conditional_status=\, *conditional_status ? 1 : 0, \\n, NULL); #endif +*printing = 1; *conditional_status = 1; return 0; } else { @@ -1843,8 +1844,7 @@ continue; } else if (!strcmp(directive, endif)) { if (!if_nesting) { -ret = handle_else(f, r, error, conditional_status, printing); -printing = 1; +ret = handle_endif(f, r, error, conditional_status, printing); } else { if_nesting--; }
cvs commit: apache/src CHANGES mod_include.c
dgaudet 97/07/20 11:24:28 Modified:src Tag: APACHE_1_2_X CHANGES mod_include.c Log: fixup of mod_include logging Reviewed by: Jim Jagielski, Dean Gaudet Submitted by: Marc Slemko PR: 797 Revision ChangesPath No revision No revision 1.286.2.30 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.29 retrieving revision 1.286.2.30 diff -C3 -r1.286.2.29 -r1.286.2.30 *** CHANGES 1997/07/20 18:22:02 1.286.2.29 --- CHANGES 1997/07/20 18:24:24 1.286.2.30 *** *** 1,5 --- 1,8 Changes with Apache 1.2.2 + *) mod_include would log some bogus values occasionally. + [Skip Montanaro [EMAIL PROTECTED], Marc Slemko] PR#797 + *) PORT: The slack fd changes in 1.2.1 introduced a problem with SIGHUP under Solaris 2.x (up through 2.5.1). It has been fixed. [Dean Gaudet] PR#832 1.33.2.4 +40 -36apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.33.2.3 retrieving revision 1.33.2.4 diff -C3 -r1.33.2.3 -r1.33.2.4 *** mod_include.c 1997/06/28 22:01:42 1.33.2.3 --- mod_include.c 1997/07/20 18:24:25 1.33.2.4 *** *** 458,464 var[vlen] = vtext[vtlen] = '\0'; if (braces == 1) { if (*in != '}') { ! log_printf(r-server, Invalid variable %s%s, vtext,in); *next = '\0'; return; } else --- 458,464 var[vlen] = vtext[vtlen] = '\0'; if (braces == 1) { if (*in != '}') { ! log_printf(r-server, Invalid variable \%s%s\, vtext,in); *next = '\0'; return; } else *** *** 545,563 char tmp[MAX_STRING_LEN+2]; ap_snprintf(tmp, sizeof(tmp), /%s/, parsed_string); if (parsed_string[0] == '/' || strstr(tmp, /../) != NULL) ! error_fmt = unable to include file %s in parsed file %s; else rr = sub_req_lookup_file (parsed_string, r); } else rr = sub_req_lookup_uri (parsed_string, r); if (!error_fmt rr-status != 200) ! error_fmt = unable to include %s in parsed file %s; if (!error_fmt noexec rr-content_type (strncmp (rr-content_type, text/, 5))) error_fmt = ! unable to include potential exec %s in parsed file %s; if (error_fmt == NULL) { request_rec *p; --- 545,563 char tmp[MAX_STRING_LEN+2]; ap_snprintf(tmp, sizeof(tmp), /%s/, parsed_string); if (parsed_string[0] == '/' || strstr(tmp, /../) != NULL) ! error_fmt = unable to include file \%s\ in parsed file %s; else rr = sub_req_lookup_file (parsed_string, r); } else rr = sub_req_lookup_uri (parsed_string, r); if (!error_fmt rr-status != 200) ! error_fmt = unable to include \%s\ in parsed file %s; if (!error_fmt noexec rr-content_type (strncmp (rr-content_type, text/, 5))) error_fmt = ! unable to include potential exec \%s\ in parsed file %s; if (error_fmt == NULL) { request_rec *p; *** *** 565,575 for (p=r; p != NULL; p=p-main) if (strcmp(p-filename, rr-filename) == 0) break; if (p != NULL) ! error_fmt = Recursive include of %s in parsed file %s; } if (!error_fmt run_sub_req (rr)) ! error_fmt = unable to include %s in parsed file %s; chdir_file(r-filename); if (error_fmt) { --- 565,575 for (p=r; p != NULL; p=p-main) if (strcmp(p-filename, rr-filename) == 0) break; if (p != NULL) ! error_fmt = Recursive include of \%s\ in parsed file %s; } if (!error_fmt run_sub_req (rr)) ! error_fmt = unable to include \%s\ in parsed file %s; chdir_file(r-filename); if (error_fmt) {
cvs commit: apache/src CHANGES mod_include.c
dgaudet 97/06/28 15:01:44 Modified:src Tag: APACHE_1_2_X CHANGES mod_include.c Log: PR#644: mod_include trampled on r-args when it shouldn't Revision ChangesPath No revision No revision 1.286.2.16 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.286.2.15 retrieving revision 1.286.2.16 diff -C3 -r1.286.2.15 -r1.286.2.16 *** CHANGES 1997/06/28 22:00:15 1.286.2.15 --- CHANGES 1997/06/28 22:01:41 1.286.2.16 *** *** 20,25 --- 20,28 for the net if we require people that actually need this data to enable it. [Linus Torvalds] + *) QUERY_STRING was unescaped in mod_include, it shouldn't be. + [Dean Gaudet] PR#644 + *) mod_include was not properly changing the current directory. [Marc Slemko] PR#742 1.33.2.3 +12 -6 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.33.2.2 retrieving revision 1.33.2.3 diff -C3 -r1.33.2.2 -r1.33.2.3 *** mod_include.c 1997/06/28 19:50:15 1.33.2.2 --- mod_include.c 1997/06/28 22:01:42 1.33.2.3 *** *** 128,136 else table_set (e, DOCUMENT_NAME, r-uri); if (r-args) { ! unescape_url (r-args); table_set (e, QUERY_STRING_UNESCAPED, !escape_shell_cmd (r-pool, r-args)); } } --- 128,138 else table_set (e, DOCUMENT_NAME, r-uri); if (r-args) { ! char *arg_copy = pstrdup (r-pool, r-args); ! ! unescape_url (arg_copy); table_set (e, QUERY_STRING_UNESCAPED, !escape_shell_cmd (r-pool, arg_copy)); } } *** *** 625,634 } if (r-args) { table_set (env, QUERY_STRING, r-args); ! unescape_url (r-args); table_set (env, QUERY_STRING_UNESCAPED, !escape_shell_cmd (r-pool, r-args)); } error_log2stderr (r-server); --- 627,638 } if (r-args) { + char *arg_copy = pstrdup (r-pool, r-args); + table_set (env, QUERY_STRING, r-args); ! unescape_url (arg_copy); table_set (env, QUERY_STRING_UNESCAPED, !escape_shell_cmd (r-pool, arg_copy)); } error_log2stderr (r-server); *** *** 1666,1675 chdir_file (r-filename); if (r-args) { /* add QUERY stuff to env cause it ain't yet */ table_set (r-subprocess_env, QUERY_STRING, r-args); ! unescape_url (r-args); table_set (r-subprocess_env, QUERY_STRING_UNESCAPED, ! escape_shell_cmd (r-pool, r-args)); } while(1) { --- 1670,1681 chdir_file (r-filename); if (r-args) { /* add QUERY stuff to env cause it ain't yet */ + char *arg_copy = pstrdup (r-pool, r-args); + table_set (r-subprocess_env, QUERY_STRING, r-args); ! unescape_url (arg_copy); table_set (r-subprocess_env, QUERY_STRING_UNESCAPED, ! escape_shell_cmd (r-pool, arg_copy)); } while(1) {
cvs commit: apache/src CHANGES mod_include.c
fielding97/05/28 21:23:13 Modified:src CHANGES mod_include.c Log: If Options Includes and USE_PERL_SSI is defined, allow #perl SSI to invoke routines governed by mod_perl. Submitted by: Rob Hartill Reviewed by: Randy Terbush, Doug MacEachern, Roy Fielding Revision ChangesPath 1.282 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.281 retrieving revision 1.282 diff -C3 -r1.281 -r1.282 *** CHANGES 1997/05/29 03:44:30 1.281 --- CHANGES 1997/05/29 04:23:11 1.282 *** *** 1,5 --- 1,8 Changes with Apache 1.2 + *) Added undocumented perl SSI mechanism for -DUSE_PERL_SSI and mod_perl. + [Rob Hartill] + *) Log correct status code if we timeout before receiving a request (408) or if we received a request-line that was too long to process (414). [Ed Korthof and Roy Fielding] PR#601 1.32 +46 -0 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.31 retrieving revision 1.32 diff -C3 -r1.31 -r1.32 *** mod_include.c 1997/05/08 13:09:25 1.31 --- mod_include.c 1997/05/29 04:23:12 1.32 *** *** 57,63 --- 57,78 * incorporated into the Apache module framework by rst. * */ + /* + * sub key may be anything a Perl*Handler can be: + * subroutine name, package name (defaults to package::handler), + * Class-method call or anoymous sub {} + * + * Child !--#perl sub=sub {print $$} -- accessed + * !--#perl sub=sub {print ++$Access::Cnt } -- times. br + * + * !--#perl arg=one sub=mymod::includer -- + * + * -Doug MacEachern + */ + #ifdef USE_PERL_SSI + #include modules/perl/mod_perl.h + #else #include httpd.h #include http_config.h #include http_request.h *** *** 66,71 --- 81,87 #include http_log.h #include http_main.h #include util_script.h + #endif #define STARTING_SEQUENCE !--# #define ENDING_SEQUENCE -- *** *** 710,715 --- 726,757 } } } + #ifdef USE_PERL_SSI + int handle_perl (FILE *in, request_rec *r, char *error) { + char tag[MAX_STRING_LEN]; + char *tag_val; + SV *sub = Nullsv; + AV *av = newAV(); + + if (!(allow_options (r) OPT_INCLUDES)) { + log_printf(r-server, + httpd: #perl SSI disallowed by IncludesNoExec in %s, r-filename); + return DECLINED; + } + while(1) { + if(!(tag_val = get_tag (r-pool, in, tag, MAX_STRING_LEN, 1))) + break; + if(strnEQ(tag, sub, 3)) + sub = newSVpv(tag_val,0); + else if(strnEQ(tag, arg, 3)) + av_push(av, newSVpv(tag_val,0)); + else if(strnEQ(tag,done, 4)) + break; + } + perl_call_handler(sub, r, av); + return OK; + } + #endif /* error and tf must point to a string with room for at * least MAX_STRING_LEN characters *** *** 1674,1679 --- 1716,1725 ret=handle_flastmod(f, r, error, timefmt); else if(!strcmp(directive,printenv)) ret=handle_printenv(f, r, error); + #ifdef USE_PERL_SSI + else if(!strcmp(directive,perl)) + ret=handle_perl(f, r, error); + #endif else { log_printf(r-server, httpd: unknown directive %s in parsed doc %s,
cvs commit: apache/src CHANGES mod_include.c
marc97/02/19 00:18:58 Modified:src CHANGES mod_include.c Log: Modify mod_include escaping so a '\' only signifies an escaped character if the next character is one that needs escaping. Reviewed by: Dean Gaudet, Roy Fielding, Marc Slemko Submitted by: Ben Laurie Revision ChangesPath 1.169 +4 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.168 retrieving revision 1.169 diff -C3 -r1.168 -r1.169 *** CHANGES 1997/02/18 14:41:28 1.168 --- CHANGES 1997/02/19 08:18:56 1.169 *** *** 1,5 --- 1,9 Changes with Apache 1.2b7 + *) Modify mod_include escaping so a '\' only signifies an escaped + character if the next character is one that needs + escaping. [Ben Laurie] + *) Eliminated possible infinite loop in mod_imap when relative URLs are used with a 'base' directive that does not have a '/' in it. [Marc Slemko, reported by Onno Witvliet [EMAIL PROTECTED]] 1.24 +4 -1 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.23 retrieving revision 1.24 diff -C3 -r1.23 -r1.24 *** mod_include.c 1997/02/17 10:56:19 1.23 --- mod_include.c 1997/02/19 08:18:56 1.24 *** *** 404,410 while ((ch = *in++) != '\0') { switch(ch) { case '\\': ! *next++ = (*in != '\0') ? *in++ : '\0'; break; case '$': { --- 404,413 while ((ch = *in++) != '\0') { switch(ch) { case '\\': ! if(*in == '$') ! *next++=*in++; ! else ! *next++=ch; break; case '$': {
cvs commit: apache/src CHANGES mod_include.c
fielding97/02/16 21:22:58 Modified:src CHANGES mod_include.c Log: Added double-buffering to mod_include to improve performance on server-side includes. Submitted by: Marc Slemko Reviewed by: Roy Fielding, Brian Behlendorf, Dean Gaudet Revision ChangesPath 1.166 +3 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.165 retrieving revision 1.166 diff -C3 -r1.165 -r1.166 *** CHANGES 1997/02/17 04:52:38 1.165 --- CHANGES 1997/02/17 05:22:56 1.166 *** *** 33,38 --- 33,41 auto initializers, multiple is_matchexp calls on a static string, and excessive merging of response_code_strings. [Dean Gaudet] + *) Added double-buffering to mod_include to improve performance on + server-side includes. [Marc Slemko] + *) Several fixes for suexec wrapper. [Randy Terbush] - Make wrapper work for files on NFS filesystem. - Fix portability problem of MAXPATHLEN. 1.22 +67 -14apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.21 retrieving revision 1.22 diff -C3 -r1.21 -r1.22 *** mod_include.c 1997/01/20 04:28:13 1.21 --- mod_include.c 1997/02/17 05:22:57 1.22 *** *** 113,156 } } ! #define GET_CHAR(f,c,r,p) \ { \ int i = getc(f); \ !if(feof(f) || ferror(f) || (i == -1)) { \ ! pfclose(p,f); \ ! return r; \ } \ c = (char)i; \ } - /* --- Parser functions --- */ - - /* G... rputc makes this slow as all-get-out. Elsewhere, it doesn't - * matter much, but this is an inner loop... - */ - int find_string(FILE *in,char *str, request_rec *r, int printing) { int x,l=strlen(str),p; char c; p=0; while(1) { ! GET_CHAR(in,c,1,r-pool); if(c == str[p]) { ! if((++p) == l) return 0; } else { if (printing) { for(x=0;xp;x++) { ! rputc(str[x],r); } ! rputc(c,r); } p=0; } } } /* * decodes a string containing html entities or numeric character references. --- 113,209 } } ! ! ! /* --- Parser functions --- */ ! ! #define OUTBUFSIZE 4096 ! /* PUT_CHAR and FLUSH_BUF currently only work within the scope of ! * find_string(); they are hacks to avoid calling rputc for each and ! * every character output. A common set of buffering calls for this ! * type of output SHOULD be implemented. ! */ ! #define PUT_CHAR(c,r) \ ! { \ !outbuf[outind++] = c; \ !if (outind == OUTBUFSIZE) { FLUSH_BUF(r) }; \ ! } ! ! /* there SHOULD be some error checking on the return value of ! * rwrite, however it is unclear what the API for rwrite returning ! * errors is and little can really be done to help the error in ! * any case. ! */ ! #define FLUSH_BUF(r) \ ! { \ !rwrite(outbuf, outind, r); \ !outind = 0; \ ! } ! ! /* ! * f: file handle being read from ! * c: character to read into ! * ret: return value to use if input fails ! * r: current request_rec ! * ! * This macro is redefined after find_string() for historical reasons ! * to avoid too many code changes. This is one of the many things ! * that should be fixed. ! */ ! #define GET_CHAR(f,c,ret,r) \ { \ int i = getc(f); \ !if(i == EOF) { /* either EOF or error -- needs error handling if latter */ \ !if (ferror(f)) \ !fprintf(stderr, encountered error in GET_CHAR macro, mod_include.\n); \ !FLUSH_BUF(r); \ !pfclose(r-pool,f); \ !return ret; \ } \ c = (char)i; \ } int find_string(FILE *in,char *str, request_rec *r, int printing) { int x,l=strlen(str),p; + char outbuf[OUTBUFSIZE]; + int outind = 0; char c; p=0; while(1) { ! GET_CHAR(in,c,1,r); if(c == str[p]) { ! if((++p) == l) { ! FLUSH_BUF(r); return 0; + } } else { if (printing) { for(x=0;xp;x++) { ! PUT_CHAR(str[x],r); } ! PUT_CHAR(c,r); } p=0; } } } + +
cvs commit: apache/src CHANGES mod_include.c
randy 96/12/24 11:53:06 Modified:src CHANGES mod_include.c Log: find_string() dereferences a NULL pointer when printing during an error. Reviewed by: Chuck Murcko, Randy Terbush Submitted by: Howard Fear Revision ChangesPath 1.100 +2 -0 apache/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apache/src/CHANGES,v retrieving revision 1.99 retrieving revision 1.100 diff -C3 -r1.99 -r1.100 *** CHANGES 1996/12/24 19:43:47 1.99 --- CHANGES 1996/12/24 19:53:04 1.100 *** *** 1,5 --- 1,7 Changes with Apache 1.2b3: + *) Fix find_string() NULL pointer dereference. [Howard Fear] + *) Add set_flag_slot() at the request of Dirk and others. [Dirk vanGulik] 1.19 +6 -8 apache/src/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apache/src/mod_include.c,v retrieving revision 1.18 retrieving revision 1.19 diff -C3 -r1.18 -r1.19 *** mod_include.c 1996/12/09 04:54:22 1.18 --- mod_include.c 1996/12/24 19:53:04 1.19 *** *** 141,153 return 0; } else { ! if(r) { ! if(p) { ! for(x=0;xp;x++) { ! if (printing) rputc(str[x],r); ! } } ! if (printing) rputc(c,r); } p=0; } --- 141,151 return 0; } else { ! if (printing) { ! for(x=0;xp;x++) { ! rputc(str[x],r); } ! rputc(c,r); } p=0; } *** *** 1590,1596 log_printf(r-server,httpd: exec used but not allowed in %s, r-filename); if (printing) rputs(error, r); ! ret = find_string(f,ENDING_SEQUENCE,NULL,printing); } else ret=handle_exec(f, r, error); } else if(!strcmp(directive,config)) --- 1588,1594 log_printf(r-server,httpd: exec used but not allowed in %s, r-filename); if (printing) rputs(error, r); ! ret = find_string(f,ENDING_SEQUENCE,r,0); } else ret=handle_exec(f, r, error); } else if(!strcmp(directive,config)) *** *** 1612,1618 httpd: unknown directive %s in parsed doc %s, directive,r-filename); if (printing) rputs(error, r); ! ret=find_string(f,ENDING_SEQUENCE,NULL,printing); } if(ret) { log_printf(r-server,httpd: premature EOF in parsed file %s, --- 1610,1616 httpd: unknown directive %s in parsed doc %s, directive,r-filename); if (printing) rputs(error, r); ! ret=find_string(f,ENDING_SEQUENCE,r,0); } if(ret) { log_printf(r-server,httpd: premature EOF in parsed file %s,