marc 97/02/16 16:45:08
Modified: src mod_imap.c CHANGES
Log:
Fix possibly infinite loop in mod_imap. Note that the base
directive in an imagemap file is parsed incorrectly and relative
directories are done incorrectly; this does not fix that, but just
avoids the loop.
Closes PR#130.
Reviewed by: Dean Gaudet, Roy Fielding
Revision Changes Path
1.18 +5 -0 apache/src/mod_imap.c
Index: mod_imap.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_imap.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -C3 -r1.17 -r1.18
*** mod_imap.c 1997/01/27 00:16:18 1.17
--- mod_imap.c 1997/02/17 00:45:05 1.18
***************
*** 424,429 ****
--- 424,434 ----
strncpy(my_base, base, sizeof(my_base)-1); /* must be a relative URL to
be combined with base */
my_base[sizeof(my_base)-1] = '\0';
+ if (strchr(my_base, '/') == NULL && (!strncmp(value, "../", 3) ||
!strcmp(value, "..")) ) {
+ url[0] = '\0';
+ log_reason("invalid base directive in map file", r->uri, r);
+ return;
+ }
string_pos = my_base;
while (*string_pos) {
if (*string_pos == '/' && *(string_pos+1) == '/') {
1.164 +4 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.163
retrieving revision 1.164
diff -C3 -r1.163 -r1.164
*** CHANGES 1997/02/16 23:32:32 1.163
--- CHANGES 1997/02/17 00:45:06 1.164
***************
*** 1,5 ****
--- 1,9 ----
Changes with Apache 1.2b7
+ *) Eliminated possible infinite loop in mod_imap when relative URLs are
+ used with a 'base' directive that does not have a '/' in it.
+ [Marc Slemko, reported by Onno Witvliet <[EMAIL PROTECTED]>]
+
*) Reduced the default timeout from 1200 seconds to 300, and the
one in the sample configfile from 400 to 300. [Marc Slemko]
