The function uri_meets_conditions() expects r->parsed_uri.path to not be NULL, but an "invalid" GET request may lead to a NULL path, e.g.: GET http://www.foo.bar HTTP/1.1 This causes a call to strncmp with a NULL value, backtrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 46912499703168 (LWP 619)] 0x0000003703470004 in strncmp () from /lib64/tls/libc.so.6 (gdb) bt #0 0x0000003703470004 in strncmp () from /lib64/tls/libc.so.6 #1 0x00000000004421a5 in uri_meets_conditions (filter= {scheme = 0x0, hostinfo = 0x0, user = 0x0, password = 0x0, hostname = 0x0, port_str = 0x0, path = 0x651800 "/", query = 0x0, fragment = 0x0, hostent = 0x0, port = 0, is_initialized = 1, dns_looked_up = 0, dns_resolved = 0}, pathlen=1, url= {scheme = 0x6c2800 "http", hostinfo = 0x6c2808 "login.yahoo.com", user = 0x0, password = 0x0, hostname = 0x6c2818 "login.yahoo.com", port_str = 0x0, path = 0x0, query = 0x0, fragment = 0x0, hostent = 0x0, port = 0, is_initialized = 1, dns_looked_up = 0, dns_resolved = 0}) at cache_util.c:71 #2 0x000000000044237b in ap_cache_get_providers (r=0x6c11b8, conf=0x666840, uri= {scheme = 0x6c2800 "http", hostinfo = 0x6c2808 "login.yahoo.com", user = 0x0, password = 0x0, hostname = 0x6c2818 "login.yahoo.com", port_str = 0x0, path = 0x0, query = 0x0, fragment = 0x0, hostent = 0x0, port = 0, is_initialized = 1, dns_looked_up = 0, dns_resolved = 0}) at cache_util.c:85 #3 0x000000000044012e in cache_url_handler (r=0x6c11b8, lookup=0) at mod_cache.c:71 #4 0x0000000000434d71 in ap_run_quick_handler (r=0x6c11b8, lookup=0) at config.c:160 #5 0x000000000046677f in ap_process_request (r=0x6c11b8) at http_request.c:254 #6 0x00000000004642fd in ap_process_http_connection (c=0x6b9368) at http_core.c:171 #7 0x000000000043b3f3 in ap_run_process_connection (c=0x6b9368) at connection.c:43 #8 0x0000000000477de0 in child_main (child_num_arg=Variable "child_num_arg" is not available. ) at prefork.c:640 #9 0x00000000004780a6 in make_child (s=0x5c5098, slot=0) at prefork.c:680 #10 0x0000000000478667 in ap_mpm_run (_pconf=Variable "_pconf" is not available. ) at prefork.c:956 #11 0x0000000000422b25 in main (argc=4, argv=0x7fffffccad28) at main.c:712
Created attachment 18050 [details] Patch against 2.2.x
Committed to trunk as r393037 (http://svn.apache.org/viewcvs?rev=393037&view=rev). Thanks.
Reopen the PR as the attached patch was vetoed.
Created attachment 18054 [details] abs_path fix Setting an empty abs_path to "/" is HTTP specific.
Ping ?
I changed product to apr as this should be fixed inside of apr_uri_parse in apr-utils as Roy pointed out during discussion on the dev list: http://mail-archives.apache.org/mod_mbox/httpd-dev/200604.mbox/%3c0E115721-5B8E-40D1-95A3-6587223DDC6B@gbiv.com%3e
Mass reassign the 44 open apr-bugs to apr bug list
Fixed in httpd by r45063 (http://svn.apache.org/viewvc?view=rev&rev=450063) and proposed for backport to 2.2.x as r450064 (http://svn.apache.org/viewvc?view=rev&rev=450064). Nevertheless it might make sense to pursue the fix for apr_uri_parse.