* modules/aaa/mod_authz_host.c (host_check_authorization): Simplify

  comment stripping in "Require host"; log a warning if a comment is
  used in 'Require host', or an error if the expression is empty with
  the comment stripped. (Currently in 2.4, #comment part is parsed)

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1826207 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c
index 4439d98523c19417033441f6afc1e92b79620576..b43414f41060f5bb1b614874158b2877c5639c92 100644 (file)
--- a/modules/aaa/mod_authz_host.c
+++ b/modules/aaa/mod_authz_host.c
@@ -164,8 +164,7 @@ static authz_status host_check_authorization(request_rec *r,
                                              const char *require_line,
                                              const void *parsed_require_line)
 {
-    const char *t;
-    char *w, *hash_ptr;
+    const char *t, *w;
     const char *remotehost = NULL;
     int remotehost_is_ip;
 
@@ -193,22 +192,31 @@ static authz_status host_check_authorization(request_rec *r,
             host names to check rather than a single name.  This is different
             from the previous host based syntax. */
         t = require;
-        while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
-            /* '#' is not valid hostname character and admin could specify
-             * 'Require host localhost# Add example.com later'. We should not
-             * grant access to 'example.com' in that case. */
-            if ((hash_ptr = ap_strchr(w, '#'))) {
-                if (hash_ptr == w) {
-                    break;
-                }
-                *hash_ptr = '\0';
+
+        /* '#' is not a valid hostname character and admin could
+         * specify 'Require host localhost# Add example.com later'. We
+         * should not grant access to 'example.com' in that case. */
+        w = ap_strchr_c(t, '#');
+        if (w) {
+            if (w == t) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10120)
+                              "authz_host authorize: dubious empty "
+                              "'Require host %s' with only comment", t);
+                return AUTHZ_DENIED;
             }
+
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10121)
+                          "authz_host authorize: ignoring comment in "
+                          "'Require host %s'", t);
+
+            /* Truncate the string at the #. */
+            t = apr_pstrmemdup(r->pool, t, w - t);
+        }
+        
+        while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
             if (in_domain(w, remotehost)) {
                 return AUTHZ_GRANTED;
             }
-            if (hash_ptr) {
-                break;
-            }
         }
     }