| Summary: | NULL pointer dereference with "RewriteMap foo int:undefined" | ||
|---|---|---|---|
| Product: | Apache httpd-2 | Reporter: | Ben Noordhuis <info> |
| Component: | mod_rewrite | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Keywords: | FixedInTrunk |
| Priority: | P2 | ||
| Version: | 2.5-HEAD | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | All | ||
Something this patch exposes is that registering mod_rewrite extension functions from the optional_fn_retrieve hook doesn't work because that runs after the config phase. Doing it from the pre-config hook works but is perhaps not the proper approach. Thanks Ben -- commited to trunk in r1154808 and will propose for backport. |
Quoting the commit log: "Fix NULL pointer dereference in mod_rewrite. Example config that triggers this behaviour. # RewriteEngine is off here RewriteMap crash int:crash <Location /crashme> RewriteEngine on RewriteRule (.+) ${crash:$1} </Location> The RewriteMap directive must check the validity of its arguments regardless of the value of RewriteEngine at the time of processing." This bug exists in HEAD and (at least) Apache 2.2.14. Color diff and patch: https://github.com/bnoordhuis/httpd/compare/mod_rewrite-rewritemap-segfault https://github.com/bnoordhuis/httpd/compare/mod_rewrite-rewritemap-segfault.patch