Bug 39490 - Wildcards (*) are ignored in Include directive since 1.3.35
Summary: Wildcards (*) are ignored in Include directive since 1.3.35
Status: RESOLVED FIXED
Alias: None
Product: Apache httpd-1.3
Classification: Unclassified
Component: core (show other bugs)
Version: 1.3.34
Hardware: All Linux
: P3 regression (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
: 39513 39531 39545 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-05-05 10:05 UTC by Jan Schroeter
Modified: 2006-05-15 06:37 UTC (History)
6 users (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Schroeter 2006-05-05 10:05:46 UTC
Since Apache 1.3.35 the "Include" directive in the Apache config file seems to
ignore wildcards, which correctly worked in the 1.3.34 as it should work, like
described in de Apache documentation
(http://httpd.apache.org/docs/1.3/mod/core.html#include).

Worked in 1.3.34, not working in 1.3.35:
Include /path/to/httpd/config/*.conf

Errorlog doesn't tell me anything - no errormessages at all.
Comment 1 Jan Schroeter 2006-05-05 10:15:32 UTC
Other Includes work as expected:
Include /path/to/httpd/config/file.conf
-> Works in 1.3.34 and 1.3.35
Include /path/to/httpd/config/
-> Also works
Comment 2 Joe Orton 2006-05-08 10:37:19 UTC
This is presumably a regression caused by
http://svn.apache.org/viewcvs?rev=396294&view=rev
Comment 3 Joe Orton 2006-05-09 09:15:42 UTC
*** Bug 39516 has been marked as a duplicate of this bug. ***
Comment 4 Joe Orton 2006-05-09 09:16:15 UTC
*** Bug 39513 has been marked as a duplicate of this bug. ***
Comment 5 Joe Orton 2006-05-09 14:20:34 UTC
*** Bug 39531 has been marked as a duplicate of this bug. ***
Comment 7 jas 2006-05-10 12:32:11 UTC
The patch doesn't seem to solve all problems.

One of my web servers has a configuration file that includes another file, and
that file includes another file.  This worked fine with 1.3.34, but produces
a segmentation fault on 1.3.35.  The problem is totally reproducible using the
example below..

Create 3 files in /tmp as follows:
/tmp/1.config containing:
Include /tmp/2.config

/tmp/2.config containing:
Include /tmp/3.config

/tmp/3.config containing:
#

With 1.3.34, I could:
./configure
cd src
./httpd -f /tmp/1.config

With 1.3.35, when I do the same thing, I get a segmentation fault.  Applying the
patch above does not solve this problem.
Comment 8 jas 2006-05-10 12:47:06 UTC
If I run through gdb, I get:

#0  0x4207abfd in free () from /lib/i686/libc.so.6
#1  0x4206b551 in fclose@@GLIBC_2.1 () from /lib/i686/libc.so.6
#2  0x0806369f in ap_pfclose ()
#3  0x0808025f in cfg_close ()
#4  0x0808022b in ap_cfg_closefile ()
#5  0x08068038 in ap_process_include_config ()
#6  0x0806d8bb in include_config ()
#7  0x08066d6e in invoke_cmd ()
#8  0x080677ef in ap_handle_command ()
#9  0x0806787a in ap_srm_command_loop ()
#10 0x0806857d in ap_process_resource_config ()
#11 0x08068ea1 in ap_read_config ()
#12 0x08074d03 in main ()

If I run the same app on my newer RedHat glibc2.3 based system, I get:
*** glibc detected *** double free or corruption (top): 0x080b5478 ***


Comment 9 Joe Orton 2006-05-10 15:34:48 UTC
*** Bug 39545 has been marked as a duplicate of this bug. ***
Comment 10 Tony J. White 2006-05-10 15:57:48 UTC
(In reply to comment #9)
> *** Bug 39545 has been marked as a duplicate of this bug. ***

Sorry for the duplicate, but I didn't notice it because my problem had nothing
to do with wildcards.

Include in an Include is apperantly borked too.

As I mentioned in bug 39545, anyone who wants the CVE-2005-3352 fix and doesn't
want to rewrite their configs can simply copy the src/main/http_core.c file from
1.3.34 to 1.3.35 to effectively revert the Include change to 1.3.34 behaviour.

Comment 11 William A. Rowe Jr. 2006-05-15 04:15:10 UTC
As much as we would like to tell you this is fixed, with the subdirectory
feature from 1.3.35 retained - the answer was to back out that patch.

This regression from 1.3.34 is resolved in 1.3.36, sans Include subdir/
new feature :(
Comment 12 jas 2006-05-15 13:37:33 UTC
When will 1.3.36 be available on the apache site?