Received: (qmail 17253 invoked by uid 501); 2 Sep 2001 19:04:53 -0000
Message-Id: <20010902190453.17252.qmail@apache.org>
Date: 2 Sep 2001 19:04:53 -0000
From: Mark Montague <markmont@umich.edu>
Reply-To: markmont@umich.edu
To: submit@bugz.apache.org
Subject: "allow from <IP-address>" broken in 64-bit mode on Solaris
X-Send-Pr-Version: 3.110

>Number:         8283
>Category:       mod_access
>Synopsis:       "allow from <IP-address>" broken in 64-bit mode on Solaris
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Sun Sep 02 12:10:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator:     markmont@umich.edu
>Release:        1.3.20
>Organization:
apache
>Environment:
SunOS mill.lsait.lsa.umich.edu 5.8 Generic_108528-08 sun4u sparc SUNW,Ultra-60
Sun Forte C compiler 6.0
>Description:
In Directory and .htaccess context, the directives
  Order Deny,Allow
  Deny from all
  Allow from 141.211.61.55
do not work properly (regardless of IP address).  Clients visiting pages in
the directory get "403 Access Forbidden".  However, changing the Allow to
  Allow from 141.211.61.255/32
allows clients to access the pages as expected.
>How-To-Repeat:
Compile Apache 1.3.20 as a 64-bit binary on Solaris 7 or later
(with Sun Forte C compiler, compile with the "-fast -xtarget=generic64"
flags).  Set up a test page with access controls as described above.
>Fix:
The problem is caused by sign extension on platforms where
sizeof(long) != sizeof(int).  The following patch fixes the problem:

--- src/modules/standard/mod_access.c.orig      Sun Sep  2 13:53:06 2001
+++ src/modules/standard/mod_access.c   Sun Sep  2 14:45:07 2001
@@ -241,7 +241,7 @@
                a->type = T_FAIL;
                return "each octet must be between 0 and 255 inclusive";
            }
-           a->x.ip.net |= octet << shift;
+           a->x.ip.net |= ((unsigned long) octet) << shift;
            a->x.ip.mask |= 0xFFUL << shift;
            s = t;
            shift -= 8;

Hope this is helpful.  Please let me know if I can do/provide anything
else.  Thanks for a great piece of software!
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <apbugs@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]