Prevent the source code for CGIs from being revealed when using

mod_vhost_alias and the CGI directory is under the document root
and a user makes a request like http://www.example.com//cgi-bin/cgi
as reported in <news:960999105.344321@ernani.logica.co.uk>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@85575 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/mappers/mod_vhost_alias.c b/modules/mappers/mod_vhost_alias.c
index 9d6a258e0f8ae581dca50f32ca3fe5a708adb38a..1340e8731bd95e3b8e36e9d7d69b0216788a8580 100644 (file)
--- a/modules/mappers/mod_vhost_alias.c
+++ b/modules/mappers/mod_vhost_alias.c
@@ -415,25 +415,23 @@ static int mva_translate(request_rec *r)
     mva_sconf_t *conf;
     const char *name, *map, *uri;
     mva_mode_e mode;
-    int cgi;
+    const char *cgi;
   
     conf = (mva_sconf_t *) ap_get_module_config(r->server->module_config,
                                              &vhost_alias_module);
-    if (!strncmp(r->uri, "/cgi-bin/", 9)) {
+    cgi = strstr(r->uri, "cgi-bin/");
+    if (cgi && cgi - r->uri != strspn(r->uri, "/")) {
+        cgi = NULL;
+    }
+    if (cgi) {
        mode = conf->cgi_root_mode;
        map = conf->cgi_root;
-       uri = r->uri + 8;
-       /*
-        * can't force cgi immediately because we might not handle this
-        * call if the mode is wrong
-        */
-       cgi = 1;
+       uri = cgi + strlen("cgi-bin");
     }
     else if (r->uri[0] == '/') {
        mode = conf->doc_root_mode;
        map = conf->doc_root;
        uri = r->uri;
-       cgi = 0;
     }
     else {
        return DECLINED;