* Prevent a segfault if the destination URI of a copy / move operation is

  not under DAV control. Return 405 (Method not allowed) instead.

PR: 44734

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@644050 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 9b0b8c4fb81f283dcb940f3908e340c1dfc3ba7e..2ece280a61720eedd505557b70691a537306fc18 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,9 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_dav: Return "method not allowed" if the destination URI of a WebDAV
+     copy / move operation is no DAV resource. PR 44734 [Ruediger Pluem]
+
   *) Introduced ap_expr API for expression evaluation.
      This is adapted from mod_include, which is the first module
      to use the new API.

diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index a40959b9e7b12a93682e07c3e4048de806f4ff4d..e6ee2b2a5d88475ccc67201c261fe0eb25649ae2 100644 (file)
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -2632,6 +2632,11 @@ static int dav_method_copymove(request_rec *r, int is_move)
                                   "Destination URI had an error.");
     }
 
+    if (dav_get_provider(lookup.rnew) == NULL) {
+        return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
+                                  "DAV not enabled for Destination URI.");
+    }
+
     /* Resolve destination resource */
     err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
                            0 /* use_checked_in */, &resnew);