diff options
author | Ralf S. Engelschall <rse@apache.org> | 1997-08-01 08:48:17 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@apache.org> | 1997-08-01 08:48:17 +0000 |
commit | a9f106fc5a5cd339c378677d6a82a5013d282e8a (patch) | |
tree | b891b6b1f8bf764af5ba5e064e6f2566f633118c | |
parent | 4711d18588ec57194e6be6c2308667b724e0d62b (diff) | |
download | httpd-a9f106fc5a5cd339c378677d6a82a5013d282e8a.tar.gz |
Fixed an infinite loop for references above the server root.
PR: 748
Submitted by: Dean Gaudet
Reviewed by: Brian Behlendorf
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@78847 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | APACHE_1_2_X/src/CHANGES | 3 | ||||
-rw-r--r-- | APACHE_1_2_X/src/modules/standard/mod_imap.c | 4 |
2 files changed, 7 insertions, 0 deletions
diff --git a/APACHE_1_2_X/src/CHANGES b/APACHE_1_2_X/src/CHANGES index 41e377d4e0..66f438959a 100644 --- a/APACHE_1_2_X/src/CHANGES +++ b/APACHE_1_2_X/src/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 1.2.2 + *) Fixed an infinite loop in mod_imap for references above the server root + [Dean Gaudet] PR#748 + *) mod_include cleanup showed that handle_else was being used to handle endif. It didn't cause problems, but it was cleaned up too. [Howard Fear] diff --git a/APACHE_1_2_X/src/modules/standard/mod_imap.c b/APACHE_1_2_X/src/modules/standard/mod_imap.c index e65925b5a3..11d7fe7382 100644 --- a/APACHE_1_2_X/src/modules/standard/mod_imap.c +++ b/APACHE_1_2_X/src/modules/standard/mod_imap.c @@ -475,6 +475,10 @@ void imap_url(request_rec *r, char *base, char *value, char *url) } value += 2; /* jump over the '..' that we found in the value */ + } else if (directory) { + url[0] = '\0'; + log_reason("invalid directory name in map file", r->uri, r); + return; } if (! strncmp(value, "/../", 4) || ! strcmp(value, "/..") ) |