Bug 10617 - SegFault in mod_ext_filter when content_type is null
Summary: SegFault in mod_ext_filter when content_type is null
Status: CLOSED FIXED
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_ext_filter (show other bugs)
Version: 2.0.39
Hardware: Sun Solaris
: P3 major (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-09 22:20 UTC by Arthur P. Smith
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arthur P. Smith 2002-07-09 22:20:39 UTC
This happens when a filtered URL returns a Location: redirect (the example I
looked at was the Zope management console) - the bucket-brigade for the
(non-existant) body is forwarded to the external filter, but no content_type is
set (and there is no content). You obviously don't want to filter a content-less
body. The following is a patch to mod_ext_filter.c that fixes the problem:

*** mod_ext_filter.c    Tue Jul  9 18:01:47 2002
--- mod_ext_filter.c_orig       Tue Jul  9 17:57:05 2002
***************
*** 491,499 ****
          return APR_EINVAL;
      }
      ctx->p = f->r->pool;
!     if ((f->r->content_type == NULL) ||
!       (ctx->filter->intype && ctx->filter->intype != INTYPE_ALL &&
!         strcasecmp(ctx->filter->intype, f->r->content_type))) {
          /* wrong IMT for us; don't mess with the output */
          ctx->noop = 1;
      }
--- 491,499 ----
          return APR_EINVAL;
      }
      ctx->p = f->r->pool;
!     if (ctx->filter->intype &&
!         ctx->filter->intype != INTYPE_ALL &&
!         strcasecmp(ctx->filter->intype, f->r->content_type)) {
          /* wrong IMT for us; don't mess with the output */
          ctx->noop = 1;
      }
Comment 1 Arthur P. Smith 2002-07-09 22:27:56 UTC
Note this was for a location also serviced by mod_proxy - I haven't tried it for
CGI or other ways you could get a Location: directive returned, so it could be
really a problem in mod_proxy. I'd suspect mod_ext_filter though first.
Comment 2 Jeff Trawick 2002-07-10 01:23:36 UTC
mod_ext_filter definitely needs to watch out for NULL content_type.
At the very least, the if statement should be changed to:

     if (ctx->filter->intype &&
         ctx->filter->intype != INTYPE_ALL &&
         (!f->r->content_type ||
          strcasecmp(ctx->filter->intype, f->r->content_type))) {

So if the user specifies a certain content_type to process we'll make
certain that there is a content_type associated with the response.
I do not know whether or not a NULL content_type always implies that there 
is no actual response body.  I doubt that it is true in general.  

mod_ext_filter should already handle an empty response okay (or that is another 
bug :) ), so the fix above should be sufficient for your problem and
we don't worry about whether or not there is a response body to filter.
Comment 3 Arthur P. Smith 2002-07-10 01:47:03 UTC
Good point - your fix is definitely the right one. Thanks!
Comment 4 Jeff Trawick 2002-07-10 11:59:47 UTC
The fix has been committed and will be in the next release of Apache.

Thanks for your report/patch, and thanks for using Apache!