Re: Another flaw in Apache?

From: Jedi/Sector One (jat_private)
Date: Sat Jun 22 2002 - 12:56:49 PDT

  • Next message: Alexander Yurchenko: "Re: Another flaw in Apache?"

      Hi Michal.
    
    On Sat, Jun 22, 2002 at 03:38:48PM -0400, Michal Zalewski wrote:
    > While this apparently is not an issue with "AllowOverride none" (I think
    > that's the default configuration for user-writable directories),
    
      This is indeed the default configuration. However, any hosting service
    provider will change it to AllowOverride All just because customers like to
    play with .htaccess .
    
      Not sure whether my second post has been delivered or not, but it doesn't
    seem to be related to SetEnv, but to the parser itself. In fact, *any* long
    line (not even syntaxically correct) triggers the bug. On my OpenBSD box, a
    line with about 7000 characters causes the server to do as if there were two
    distinct lines. With about 10000 chacters and above : segfault.
    
      On FreeBSD 4.5, I wasn't able to reproduce this. A long line is splitted
    in two different lines, but no segfault arises.
    
      Best regards,
      
             -Frank.
             
    -- 
     __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
     \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
      \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/
    



    This archive was generated by hypermail 2b30 : Sat Jun 22 2002 - 13:03:05 PDT