Overview

File httpd-2.2.x-bnc829056-CVE-2013-1896-pr1482522-mod_dav.diff of Package apache2

diff -rNU 30 ../httpd-2.2.12-o/modules/dav/main/mod_dav.c ./modules/dav/main/mod_dav.c
--- ../httpd-2.2.12-o/modules/dav/main/mod_dav.c	2008-05-27 17:57:23.000000000 +0200
+++ ./modules/dav/main/mod_dav.c	2013-07-22 17:59:11.000000000 +0200
@@ -692,60 +692,66 @@
     /* The caller will return an HTTP_BAD_REQUEST. This will augment the
      * default message that Apache provides. */
     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                   "An invalid Overwrite header was specified.");
     return -1;
 }
 
 /* resolve a request URI to a resource descriptor.
  *
  * If label_allowed != 0, then allow the request target to be altered by
  * a Label: header.
  *
  * If use_checked_in is true, then the repository provider should return
  * the resource identified by the DAV:checked-in property of the resource
  * identified by the Request-URI.
  */
 static dav_error *dav_get_resource(request_rec *r, int label_allowed,
                                    int use_checked_in, dav_resource **res_p)
 {
     dav_dir_conf *conf;
     const char *label = NULL;
     dav_error *err;
 
     /* if the request target can be overridden, get any target selector */
     if (label_allowed) {
         label = apr_table_get(r->headers_in, "label");
     }
 
     conf = ap_get_module_config(r->per_dir_config, &dav_module);
     /* assert: conf->provider != NULL */
+    if (conf->provider == NULL) {
+        return dav_new_error(r->pool, HTTP_METHOD_NOT_ALLOWED, 0,
+                             apr_psprintf(r->pool,
+				          "DAV not enabled for %s",
+					  ap_escape_html(r->pool, r->uri)));
+    }
 
     /* resolve the resource */
     err = (*conf->provider->repos->get_resource)(r, conf->dir,
                                                  label, use_checked_in,
                                                  res_p);
     if (err != NULL) {
         err = dav_push_error(r->pool, err->status, 0,
                              "Could not fetch resource information.", err);
         return err;
     }
 
     /* Note: this shouldn't happen, but just be sure... */
     if (*res_p == NULL) {
         /* ### maybe use HTTP_INTERNAL_SERVER_ERROR */
         return dav_new_error(r->pool, HTTP_NOT_FOUND, 0,
                              apr_psprintf(r->pool,
                                           "The provider did not define a "
                                           "resource for %s.",
                                           ap_escape_html(r->pool, r->uri)));
     }
 
     /* ### hmm. this doesn't feel like the right place or thing to do */
     /* if there were any input headers requiring a Vary header in the response,
      * add it now */
     dav_add_vary_header(r, r, *res_p);
 
     return NULL;
 }
 
 static dav_error * dav_open_lockdb(request_rec *r, int ro, dav_lockdb **lockdb)
@@ -2611,65 +2617,60 @@
 
     lookup = dav_lookup_uri(dest, r, 1 /* must_be_absolute */);
     if (lookup.rnew == NULL) {
         if (lookup.err.status == HTTP_BAD_REQUEST) {
             /* This supplies additional information for the default message. */
             ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                           "%s", lookup.err.desc);
             return HTTP_BAD_REQUEST;
         }
 
         /* ### this assumes that dav_lookup_uri() only generates a status
          * ### that Apache can provide a status line for!! */
 
         return dav_error_response(r, lookup.err.status, lookup.err.desc);
     }
     if (lookup.rnew->status != HTTP_OK) {
         const char *auth = apr_table_get(lookup.rnew->err_headers_out,
                                         "WWW-Authenticate");
         if (lookup.rnew->status == HTTP_UNAUTHORIZED && auth != NULL) {
             /* propagate the WWW-Authorization header up from the
              * subreq so the client sees it. */
             apr_table_set(r->err_headers_out, "WWW-Authenticate",
                           apr_pstrdup(r->pool, auth));
         }
 
         /* ### how best to report this... */
         return dav_error_response(r, lookup.rnew->status,
                                   "Destination URI had an error.");
     }
 
-    if (dav_get_provider(lookup.rnew) == NULL) {
-        return dav_error_response(r, HTTP_METHOD_NOT_ALLOWED,
-                                  "DAV not enabled for Destination URI.");
-    }
-
     /* Resolve destination resource */
     err = dav_get_resource(lookup.rnew, 0 /* label_allowed */,
                            0 /* use_checked_in */, &resnew);
     if (err != NULL)
         return dav_handle_err(r, err, NULL);
 
     /* are the two resources handled by the same repository? */
     if (resource->hooks != resnew->hooks) {
         /* ### this message exposes some backend config, but screw it... */
         return dav_error_response(r, HTTP_BAD_GATEWAY,
                                   "Destination URI is handled by a "
                                   "different repository than the source URI. "
                                   "MOVE or COPY between repositories is "
                                   "not possible.");
     }
 
     /* get and parse the overwrite header value */
     if ((overwrite = dav_get_overwrite(r)) < 0) {
         /* dav_get_overwrite() supplies additional information for the
          * default message. */
         return HTTP_BAD_REQUEST;
     }
 
     /* quick failure test: if dest exists and overwrite is false. */
     if (resnew->exists && !overwrite) {
         /* Supply some text for the error response body. */
         return dav_error_response(r, HTTP_PRECONDITION_FAILED,
                                   "Destination is not empty and "
                                   "Overwrite is not \"T\"");
     }
openSUSE Build Service is sponsored by
Places