Fix <Limit> and <LimitExcept> parsing to require a closing '>'

in the initial container.

PR:                25414
Submitted by:	   Geoffrey Young <geoff apache.org>]
Reviewed by:	   Jeff Trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@102021 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 164d7183ffa980dd036e4730c68fad24059f1644..e3219e3cc1408850a3932c8ce01dc7c14fc343cd 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@ Changes with Apache 2.1.0-dev
 
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) Fix <Limit> and <LimitExcept> parsing to require a closing '>' 
+     in the initial container.  PR 25414. 
+     [Geoffrey Young <geoff apache.org>]
+
   *) Fix memory leak in handling of request bodies during reverse
      proxy operations.  PR 24991. [Larry Toppi <larry.toppi citrix.com>]
 

diff --git a/server/core.c b/server/core.c
index 49b71b2ad3673663677f83cdb9e0ee89b248297b..f179a6e96f261374ca3f543e1a8fd39cff0da79a 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -1552,11 +1552,21 @@ static const char *require(cmd_parms *cmd, void *c_, const char *arg)
     return NULL;
 }
 
+/*
+ * Report a missing-'>' syntax error.
+ */
+static char *unclosed_directive(cmd_parms *cmd)
+{
+    return apr_pstrcat(cmd->pool, cmd->cmd->name,
+                       "> directive missing closing '>'", NULL);
+}
+
 AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
                                                       void *dummy,
                                                       const char *arg)
 {
-    const char *limited_methods = ap_getword(cmd->pool, &arg, '>');
+    const char *endp = ap_strrchr_c(arg, '>');
+    const char *limited_methods;
     void *tog = cmd->cmd->cmd_data;
     apr_int64_t limited = 0;
     const char *errmsg;
@@ -1566,6 +1576,12 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
         return err;
     }
 
+    if (endp == NULL) {
+        return unclosed_directive(cmd);
+    }
+
+    limited_methods = apr_pstrndup(cmd->pool, arg, endp - arg);
+
     while (limited_methods[0]) {
         char *method = ap_getword_conf(cmd->pool, &limited_methods);
         int methnum;
@@ -1610,15 +1626,6 @@ AP_CORE_DECLARE_NONSTD(const char *) ap_limit_section(cmd_parms *cmd,
 #define USE_ICASE 0
 #endif
 
-/*
- * Report a missing-'>' syntax error.
- */
-static char *unclosed_directive(cmd_parms *cmd)
-{
-    return apr_pstrcat(cmd->pool, cmd->cmd->name,
-                       "> directive missing closing '>'", NULL);
-}
-
 static const char *dirsection(cmd_parms *cmd, void *mconfig, const char *arg)
 {
     const char *errmsg;