Merge r1667676, r1826207 from trunk:

* mod_access_compat, mod_authz_host: Handle '#' character.
For mod_access_compat, disable '#' in hostname completely.
For mod_authz_host, treat '#' as a comment and ignore everything after that.
This allows better handling of admin errors like
'Require host localhost# Add example.com later'.

* modules/aaa/mod_authz_host.c (host_check_authorization): Simplify
  comment stripping in "Require host"; log a warning if a comment is
  used in 'Require host', or an error if the expression is empty with
  the comment stripped. (Currently in 2.4, #comment part is parsed)

Submitted by: jkaluza, jorton
Reviewed by: jorton, jim, ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1826309 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 09923968b58f3f1ff9167afa52cc937c47c3396f..3ae7d27d8f50fb638a70ff7a5855482294f95ebb 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,13 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.32
 
+  *) mod_access_compat: Fail if a comment is found in an Allow or Deny
+     directive.  [Jan Kaluza]
+
+  *) mod_authz_host: Ignore comments after "Require host", logging a
+     warning, or logging an error if the line is otherwise empty.
+     [Jan Kaluza, Joe Orton]
+
   *) rotatelogs: Fix expansion of %Z in localtime (-l) mode, and fix
      Y2K38 bug.  [Joe Orton]
 

diff --git a/modules/aaa/mod_access_compat.c b/modules/aaa/mod_access_compat.c
index 30238033c99057ee055e4f2410c6f9806df77ddd..e9f1abe4835b03d1d90bb5e75f24d58fec4d5990 100644 (file)
--- a/modules/aaa/mod_access_compat.c
+++ b/modules/aaa/mod_access_compat.c
@@ -187,6 +187,9 @@ static const char *allow_cmd(cmd_parms *cmd, void *dv, const char *from,
             return apr_psprintf(cmd->pool, "%pm", &rv);
         a->type = T_IP;
     }
+    else if (ap_strchr(where, '#')) {
+        return "No comments are allowed here";
+    }
     else { /* no slash, didn't look like an IP address => must be a host */
         a->type = T_HOST;
     }

diff --git a/modules/aaa/mod_authz_host.c b/modules/aaa/mod_authz_host.c
index 76f95b8460fc54f54a1822507b59b9f5864ea8eb..b43414f41060f5bb1b614874158b2877c5639c92 100644 (file)
--- a/modules/aaa/mod_authz_host.c
+++ b/modules/aaa/mod_authz_host.c
@@ -192,6 +192,27 @@ static authz_status host_check_authorization(request_rec *r,
             host names to check rather than a single name.  This is different
             from the previous host based syntax. */
         t = require;
+
+        /* '#' is not a valid hostname character and admin could
+         * specify 'Require host localhost# Add example.com later'. We
+         * should not grant access to 'example.com' in that case. */
+        w = ap_strchr_c(t, '#');
+        if (w) {
+            if (w == t) {
+                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10120)
+                              "authz_host authorize: dubious empty "
+                              "'Require host %s' with only comment", t);
+                return AUTHZ_DENIED;
+            }
+
+            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(10121)
+                          "authz_host authorize: ignoring comment in "
+                          "'Require host %s'", t);
+
+            /* Truncate the string at the #. */
+            t = apr_pstrmemdup(r->pool, t, w - t);
+        }
+        
         while ((w = ap_getword_conf(r->pool, &t)) && w[0]) {
             if (in_domain(w, remotehost)) {
                 return AUTHZ_GRANTED;