From owner-freebsd-www  Wed Dec 31 02:49:57 1997
Return-Path: <owner-freebsd-www>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id CAA18429
          for www-outgoing; Wed, 31 Dec 1997 02:49:57 -0800 (PST)
          (envelope-from owner-freebsd-www)
Received: from mail.cs.tu-berlin.de (root@mail.cs.tu-berlin.de [130.149.17.13])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id CAA18410
          for <www@freebsd.org>; Wed, 31 Dec 1997 02:49:44 -0800 (PST)
          (envelope-from wosch@cs.tu-berlin.de)
Received: from panke.panke.de (anonymous215.ppp.cs.tu-berlin.de [130.149.17.215])
	by mail.cs.tu-berlin.de (8.8.6/8.8.8) with ESMTP id LAA23902
	for <www@freebsd.org>; Wed, 31 Dec 1997 11:47:17 +0100 (MET)
Received: (from wosch@localhost) by panke.panke.de (8.8.5/8.6.12) id LAA00614; Wed, 31 Dec 1997 11:45:30 +0100 (MET)
To: www@FreeBSD.ORG
Subject: [Marc Slemko <marcs@znep.com>] Re: Apache DoS attack?
From: Wolfram Schneider <wosch@cs.tu-berlin.de>
Date: 31 Dec 1997 11:45:26 +0100
Message-ID: <p1i4t3psse1.fsf@panke.panke.de>
Lines: 60
Sender: owner-freebsd-www@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

------- Start of forwarded message -------
Message-ID: <Pine.BSF.3.95.971230132752.2417U-100000@alive.znep.com>
Date: 	Tue, 30 Dec 1997 13:30:56 -0700
Reply-To: Marc Slemko <marcs@znep.com>
From: Marc Slemko <marcs@znep.com>
Subject:      Re: Apache DoS attack?
To: BUGTRAQ@NETSPACE.ORG

On Tue, 30 Dec 1997, Marc Slemko wrote:

[...]

> Please see the patch Dean Gaudet has posted to bugtraq for the solution.

Since people are telling me that Dean's post has not made it yet and
asking for the patch, and I don't see it here yet, I am reposting his
patch for 1.2.  A similar thing applies to 1.3.

This patch has been applied to the Apache CVS tree and will be available
in a new release at some point in the reasonably near future.

Index: src/util.c
===================================================================
RCS file: /export/home/cvs/apache/src/util.c,v
retrieving revision 1.52.2.2
diff -u -r1.52.2.2 util.c
--- util.c      1997/06/27 01:47:47     1.52.2.2
+++ util.c      1997/12/30 18:09:15
@@ -328,14 +328,22 @@
     }
 }

-void no2slash(char *name) {
-    register int x,y;
+void no2slash(char *name)
+{
+    char *d, *s;

-    for(x=0; name[x];)
-        if(x && (name[x-1] == '/') && (name[x] == '/'))
-            for(y=x+1;name[y-1];y++)
-                name[y-1] = name[y];
-       else x++;
+    s = d = name;
+    while (*s) {
+        if ((*d++ = *s) == '/') {
+            do {
+                ++s;
+            } while (*s == '/');
+        }
+        else {
+            ++s;
+        }
+    }
+    *d = '\0';
 }

 char *make_dirstr(pool *p, const char *s, int n) {

------- End of forwarded message -------