httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 41867] <DirectoryMatch> Matches Files
Date Thu, 22 Jan 2015 00:11:03 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=41867

--- Comment #22 from William A. Rowe Jr. <wrowe@apache.org> ---
Hopefully, this will help somewhat, clearing the resolved bit.

The appropriate patch will track the length of all directory-related path
segments for later comparison.  This snippet below is just a part of
accomplishing this task; 

--- request.c   (revision 1653666)
+++ request.c   (working copy)
@@ -566,6 +566,8 @@
     walk_cache_t *cache;
     char *entry_dir;
     apr_status_t rv;
+    apr_size_t dir_len;
+    char save_ch;
     int cached;

     /* XXX: Better (faster) tests needed!!!
@@ -1169,6 +1170,9 @@
                 return r->status = HTTP_FORBIDDEN;
             }

+            /* directory-path string length here for DirectoryMatch */
+            dir_len = strlen(r->filename);
+
             ++seg;
         } while (thisinfo.filetype == APR_DIR);


the optimizations earlier in the code would cause dir_len to remain unset on
subrequests, owing to the fact that we don't 'parse twice' any identical path
elements.  I just haven't had time to evaluate each of the 'continue'/'break'
cases in the intervening code.

Provided that the accumulated dir_len is correct, and that we ensure
r->filename, at this stage of the game, is allocated one byte longer than the
given string, then we can play this quick trick to always compare the path
-including- any provided trailing slash against the directorymatch regular
expression strings;

@@ -1191,10 +1195,17 @@
             }
         }

-        /*
-         * Now we'll deal with the regexes, note we pick up sec_idx
-         * where we left off (we gave up after we hit entry_core->r)
+        /* Now we'll deal with the DirectoryMatch regex's
+         *
+         * First, shorten r->filename to dir_len, plus the trailing
+         * slash when present
          */
+        save_ch = r->filename[dir_len + 1];
+        r->filename[dir_len + 1] = '\0';
+
+        /* Note we pick up sec_idx where we left off
+         * (we gave up above once we hit entry_core->r)
+         */
         for (; sec_idx < num_sec; ++sec_idx) {

             int nmatch = 0;
@@ -1216,6 +1227,8 @@
                 pmatch = apr_palloc(rxpool, nmatch*sizeof(ap_regmatch_t));
             }

+            /* r->filename here has been truncated to the directory path
+             * component -including- trailing slash
             if (ap_regexec(entry_core->r, r->filename, nmatch, pmatch, 0)) {
                 continue;
             }
@@ -1268,6 +1281,8 @@
             last_walk->matched = sec_ent[sec_idx];
             last_walk->merged = now_merged;
         }
+        /* Restore filename  now that we have processed DirectoryMatch'es */
+        r->filename[dir_len + 1] = save_ch;

         if (rxpool) {
             apr_pool_destroy(rxpool);


I'll come back to this and invite everyone to beat me to completing this patch,
and preventing the case described in #1 above.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message