Received: (qmail 54924 invoked by uid 65534); 14 Feb 2000 22:49:02 -0000 Message-Id: <20000214224902.54923.qmail@locus.apache.org> Date: 14 Feb 2000 22:49:02 -0000 From: Akiyama@locus.apache.org, Trevor Reply-To: takiyama@webct.com To: submit@bugz.apache.org Subject: A server request tries to reference a NULL ptr. X-Send-Pr-Version: 3.110 >Number: 5757 >Category: mod_include >Synopsis: A server request tries to reference a NULL ptr. >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: analyzed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Mon Feb 14 14:50:01 PST 2000 >Closed-Date: >Last-Modified: Sun Oct 01 12:08:36 PDT 2000 >Originator: takiyama@webct.com >Release: 1.3.9 and 1.3.11 >Organization: >Environment: Windows NT 4.0 with service pack 6a Visual C++ 5.0 compiler >Description: The function handle_include in mod_include.c has a call to strcmp (the third strcmp call in that function) that can sometimes have a null argument. q->filename is the arguement that can sometimes be null. >How-To-Repeat: There seem to be two ways where you can get q->filename to be null. 1) have a URL that starts with a slash followed by two dots e.g. /.. 2) Send many post requests to the server at one time. >Fix: In mod_include.c, put in an extra check for the third strcmp in the handle_include function. Check if q->filename is NULL before doing the strcmp. >Release-Note: >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: wrowe State-Changed-When: Sun Oct 1 12:08:36 PDT 2000 State-Changed-Why: Needs to be reviewed and this fix applied, if correct. >Unformatted: [In order for any reply to be added to the PR database, you need] [to include in the Cc line and make sure the] [subject line starts with the report component and number, with ] [or without any 'Re:' prefixes (such as "general/1098:" or ] ["Re: general/1098:"). If the subject doesn't match this ] [pattern, your message will be misfiled and ignored. The ] ["apbugs" address is not added to the Cc line of messages from ] [the database automatically because of the potential for mail ] [loops. If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request from a ] [developer. Reply only with text; DO NOT SEND ATTACHMENTS! ]