More error checking for ap_pregsub

author Stefan Fritsch <sf@apache.org>

Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)

committer Stefan Fritsch <sf@apache.org>

Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)
author Stefan Fritsch <sf@apache.org>
Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)
committer Stefan Fritsch <sf@apache.org>
Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)
diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c

index 18b48f557e57d83ef42ba5b8964c36ce2736f1de..e0a17eacfb0eb2731682fa8eb289a90dac1f57e3 100644 (file)
--- a/modules/mappers/mod_alias.c
+++ b/modules/mappers/mod_alias.c
@@ -333,6 +333,9 @@ static int alias_matches(const char *uri, const char *alias_fakename)
      return urip - uri;
  }
  
+static char magic_error_value;
+#define PREGSUB_ERROR      (&magic_error_value)
+
  static char *try_alias_list(request_rec *r, apr_array_header_t *aliases,
                              int is_redir, int *status)
  {
@@ -379,6 +382,12 @@ static char *try_alias_list(request_rec *r, apr_array_header_t *aliases,
                                                                pathlen));
                         }
                      }
+                    else {
+                        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                                      "Regex substitution in '%s' failed. "
+                                      "Replacement too long?", alias->real);
+                        return PREGSUB_ERROR;
+                    }
                  }
                  else {
                      /* need something non-null */
@@ -438,6 +447,8 @@ static int translate_alias_redir(request_rec *r)
      }
  
      if ((ret = try_alias_list(r, serverconf->redirects, 1, &status)) != NULL) {
+        if (ret == PREGSUB_ERROR)
+            return HTTP_INTERNAL_SERVER_ERROR;
          if (ap_is_HTTP_REDIRECT(status)) {
              if (ret[0] == '/') {
                  char *orig_target = ret;
@@ -487,6 +498,8 @@ static int fixup_redir(request_rec *r)
      /* It may have changed since last time, so try again */
  
      if ((ret = try_alias_list(r, dirconf->redirects, 1, &status)) != NULL) {
+        if (ret == PREGSUB_ERROR)
+            return HTTP_INTERNAL_SERVER_ERROR;
          if (ap_is_HTTP_REDIRECT(status)) {
              if (ret[0] == '/') {
                  char *orig_target = ret;
diff --git a/modules/proxy/mod_proxy.c b/modules/proxy/mod_proxy.c

index d5cf9ea687f4a8f85613a1c7d76c391bff334fe2..dfce1d7bfc0c7959af35b131f8cfec3f8ae53845 100644 (file)
--- a/modules/proxy/mod_proxy.c
+++ b/modules/proxy/mod_proxy.c
@@ -576,6 +576,13 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
              }
              found = ap_pregsub(r->pool, real, use_uri, AP_MAX_REG_MATCH,
                      (use_uri == r->uri) ? regm : reg1);
+            if (!found) {
+                ap_log_rerror(APLOG_MARK, APLOG_CRIT, 0, r,
+                              "Substitution in regular expression failed. "
+                              "Replacement too long?");
+                return HTTP_INTERNAL_SERVER_ERROR;
+            }
+
              /* Note: The strcmp() below catches cases where there
               * was no regex substitution. This is so cases like:
               *
@@ -589,7 +596,7 @@ PROXY_DECLARE(int) ap_proxy_trans_match(request_rec *r, struct proxy_alias *ent,
               *
               * which may be confusing.
               */
-            if (found && strcmp(found, real)) {
+            if (strcmp(found, real) != 0) {
                  found = apr_pstrcat(r->pool, "proxy:", found, NULL);
              }
              else {
author	Stefan Fritsch <sf@apache.org>
	Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)
committer	Stefan Fritsch <sf@apache.org>
	Mon, 7 Nov 2011 22:58:52 +0000 (22:58 +0000)
modules/mappers/mod_alias.c		patch \| blob \| history
modules/proxy/mod_proxy.c		patch \| blob \| history