Mailing List Archive

From: Paul Richards <paul@netcraft.co.uk>
Date: Tue, 8 Aug 1995 18:54:03 +0100 (BST)

[. You can get directory listings out of the Web server... ]

Andy assures me this is such a widely relied on feature though that
a compromise would be to add an option to disable it.

It can be controlled via "Options" --- "Options Indexing" or "Options
All" enables it; anything else leaves it off.

rst

Andrew, I see that you still have the bug, but I'm not sure whether
you did apply the patch. (The "if (!reqs_arr)", in combination with
the fact that you had commented-out requires lines in some of the
failing examples, is what led me to believe that these *might* be the
same problem, but I'm not sure I have enough information to test that
guess from here...).

rst

> From: Paul Richards <paul@netcraft.co.uk>
> Date: Tue, 8 Aug 1995 18:54:03 +0100 (BST)
>
> [. You can get directory listings out of the Web server... ]
>
> Andy assures me this is such a widely relied on feature though that
> a compromise would be to add an option to disable it.
>
> It can be controlled via "Options" --- "Options Indexing" or "Options
> All" enables it; anything else leaves it off.


Yeah Paul, dint you know I'm useless at this.


> rst


Long day, long day, sleeep, sleeep...

> Andrew, I see that you still have the bug, but I'm not sure whether
> you did apply the patch. (The "if (!reqs_arr)", in combination with
> the fact that you had commented-out requires lines in some of the
> failing examples, is what led me to believe that these *might* be the
> same problem, but I'm not sure I have enough information to test that
> guess from here...).
>
> rst
>

Ok...(read on for a clue at 7)

1) 0.8.8x compiled with:

CFLAGS= -O2 -DMINIMAL_DNS -DXBITHACK -DSUNOS_LIB_PROTOTYPES

2) diffs...

40> diff -c3 mod_auth.c mod_auth.c.dist
*** mod_auth.c Wed Aug 9 09:41:07 1995
--- mod_auth.c.dist Wed Aug 9 09:39:36 1995
***************
*** 204,217 ****
int m = r->method_number;

array_header *reqs_arr = requires (r);
! require_line *reqs = reqs_arr ? (require_line *)reqs_arr->elts : NULL;

register int x;
char *t, *w;
table *grpstatus;

- if (!reqs_arr) return DECLINED;
-
if(sec->auth_grpfile)
grpstatus = init_group(r->pool, sec->auth_grpfile);
else
--- 204,215 ----
int m = r->method_number;

array_header *reqs_arr = requires (r);
! require_line *reqs = (require_line *)reqs_arr->elts;

register int x;
char *t, *w;
table *grpstatus;

if(sec->auth_grpfile)
grpstatus = init_group(r->pool, sec->auth_grpfile);
else
41>

3) .htaccess =

<limit GET POST>
require user TIS
</limit>

SUCCESS...

5) .htaccess =

<limit GET>
require user TIS
</limit>

AUTHORIZATION REQUIRED, SCRIPT NOT CALLED


6) .htaccess =

<limit GET POST>
#require user TIS
</limit>

[Wed Aug 9 10:17:28 1995] httpd: caught SIGSEGV, dumping core


So, the changes didn't make any difference.


7) I added:

register int x;
char *t, *w;
table *grpstatus;

fprintf( stderr, "check_user_access...\n");

if (!reqs_arr) return DECLINED;

which naturally produced a line to my console each time the check_user_access()
was called. I didn't get ANY line for (6) above. The crash is happening
before check_user_access() even gets called.

Ay, being no help again, and just about to type 'man gdb'.

Andrew Wilson URL: http://www.cm.cf.ac.uk/User/Andrew.Wilson/
Elsevier Science, Oxford Office: +44 01865 843155 Mobile: +44 0589 616144