[5893] in bugtraq
Re: Apache DoS attack?
daemon@ATHENA.MIT.EDU (Marc Slemko)
Tue Dec 30 15:40:12 1997
Date: Tue, 30 Dec 1997 13:30:56 -0700
Reply-To: Marc Slemko <marcs@znep.com>
From: Marc Slemko <marcs@ZNEP.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.BSF.3.95.971230122347.2417H-100000@alive.znep.com>
On Tue, 30 Dec 1997, Marc Slemko wrote:
[...]
> Please see the patch Dean Gaudet has posted to bugtraq for the solution.
Since people are telling me that Dean's post has not made it yet and
asking for the patch, and I don't see it here yet, I am reposting his
patch for 1.2. A similar thing applies to 1.3.
This patch has been applied to the Apache CVS tree and will be available
in a new release at some point in the reasonably near future.
Index: src/util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.52.2.2
diff -u -r1.52.2.2 util.c
--- util.c 1997/06/27 01:47:47 1.52.2.2
+++ util.c 1997/12/30 18:09:15
@@ -328,14 +328,22 @@
}
}
-void no2slash(char *name) {
- register int x,y;
+void no2slash(char *name)
+{
+ char *d, *s;
- for(x=0; name[x];)
- if(x && (name[x-1] == '/') && (name[x] == '/'))
- for(y=x+1;name[y-1];y++)
- name[y-1] = name[y];
- else x++;
+ s = d = name;
+ while (*s) {
+ if ((*d++ = *s) == '/') {
+ do {
+ ++s;
+ } while (*s == '/');
+ }
+ else {
+ ++s;
+ }
+ }
+ *d = '\0';
}
char *make_dirstr(pool *p, const char *s, int n) {
