Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:zhy20120210:failed_1
apache2
httpd-2.2.3-CVE-2009-1195-2.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File httpd-2.2.3-CVE-2009-1195-2.patch of Package apache2
Index: modules/filters/mod_include.c =================================================================== --- modules/filters/mod_include.c (Revision 779471) +++ modules/filters/mod_include.c (Revision 779472) @@ -3565,7 +3565,7 @@ intern->seen_eos = 0; intern->state = PARSE_PRE_HEAD; ctx->flags = (SSI_FLAG_PRINTING | SSI_FLAG_COND_TRUE); - if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) { + if (ap_allow_options(r) & OPT_INCNOEXEC) { ctx->flags |= SSI_FLAG_NO_EXEC; } intern->accessenable = conf->accessenable; Index: include/http_core.h =================================================================== --- include/http_core.h (Revision 779471) +++ include/http_core.h (Revision 779472) @@ -73,16 +73,29 @@ #define OPT_EXECCGI 8 /** directive unset */ #define OPT_UNSET 16 -/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */ -#define OPT_INC_WITH_EXEC 32 +/** IncludesNOEXEC directive */ +#define OPT_INCNOEXEC 32 /** SymLinksIfOwnerMatch directive */ #define OPT_SYM_OWNER 64 /** MultiViews directive */ #define OPT_MULTI 128 /** All directives */ -#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI) +#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INCNOEXEC|OPT_SYM_LINKS|OPT_EXECCGI) /** @} */ +#ifdef CORE_PRIVATE +/* For internal use only - since 2.2.12, the OPT_INCNOEXEC bit is + * internally replaced by OPT_INC_WITH_EXEC. The internal semantics + * of the two SSI-related bits are hence: + * + * OPT_INCLUDES => "enable SSI, without exec= permission" + * OPT_INC_WITH_EXEC => "iff OPT_INCLUDES is set, also enable exec=" + * + * The set of options exposed via ap_allow_options() retains the + * semantics of OPT_INCNOEXEC by flipping the bit. */ +#define OPT_INC_WITH_EXEC OPT_INCNOEXEC +#endif + /** * @defgroup get_remote_host Remote Host Resolution * @ingroup APACHE_CORE_HTTPD
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor