Bug 50994 - NULL pointer dereference with "RewriteMap foo int:undefined"
NULL pointer dereference with "RewriteMap foo int:undefined"
Status: RESOLVED FIXED
Product: Apache httpd-2
Classification: Unclassified
Component: mod_rewrite
2.5-HEAD
All All
: P2 normal (vote)
: ---
Assigned To: Apache HTTPD Bugs Mailing List
: FixedInTrunk
Depends on:
Blocks:
  Show dependency tree
 
Reported: 2011-03-29 19:20 UTC by Ben Noordhuis
Modified: 2011-09-17 15:27 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ben Noordhuis 2011-03-29 19:20:35 UTC
Quoting the commit log:

"Fix NULL pointer dereference in mod_rewrite.

Example config that triggers this behaviour.

  # RewriteEngine is off here
  RewriteMap crash int:crash
  <Location /crashme>
    RewriteEngine on
    RewriteRule (.+) ${crash:$1}
  </Location>

The RewriteMap directive must check the validity of its arguments
regardless of the value of RewriteEngine at the time of processing."

This bug exists in HEAD and (at least) Apache 2.2.14.

Color diff and patch:

https://github.com/bnoordhuis/httpd/compare/mod_rewrite-rewritemap-segfault
https://github.com/bnoordhuis/httpd/compare/mod_rewrite-rewritemap-segfault.patch
Comment 1 Ben Noordhuis 2011-03-29 20:47:13 UTC
Something this patch exposes is that registering mod_rewrite extension functions from the optional_fn_retrieve hook doesn't work because that runs after the config phase. Doing it from the pre-config hook works but is perhaps not the proper approach.
Comment 2 Eric Covener 2011-08-08 02:31:08 UTC
Thanks Ben -- commited to trunk in r1154808 and will propose for backport.
Comment 3 Stefan Fritsch 2011-09-17 15:27:19 UTC
fixed in r1164941 in 2.2.21