httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r..@apache.org (Ralf S. Engelschall)
Subject cvs commit: apache/src CHANGES http_request.c
Date Mon, 11 Aug 1997 14:20:11 GMT
rse         97/08/11 07:20:08

  Modified:    src      CHANGES http_request.c
  Log:
  Last patch for 1.2.2: This is Dean's patch which fixes a long-standing bug in
  sub_req_lookup_file(). A too optimistic optimization is now avoided.
  
  Submitted by:	Dean Gaudet
  Reviewed by:	Dean Gaudet, Ralf S. Engelschall
  
  Revision  Changes    Path
  1.286.2.44 +5 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.286.2.43
  retrieving revision 1.286.2.44
  diff -u -r1.286.2.43 -r1.286.2.44
  --- CHANGES	1997/08/10 16:36:09	1.286.2.43
  +++ CHANGES	1997/08/11 14:20:00	1.286.2.44
  @@ -1,5 +1,10 @@
   Changes with Apache 1.2.2
   
  +  *) Fixed another long-standing bug in sub_req_lookup_file where it would
  +     happily skip past access checks on subdirectories looked up with relative
  +     paths.  (It's used by mod_dir, mod_negotiation, and mod_include.)
  +     [Dean Gaudet]
  +
     *) Add lockfile name to error message printed out when
        USE_FLOCK_SERIALIZED_ACCEPT is defined.
        [Marc Slemko]
  
  
  
  1.50.2.7  +23 -14    apache/src/http_request.c
  
  Index: http_request.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_request.c,v
  retrieving revision 1.50.2.6
  retrieving revision 1.50.2.7
  diff -u -r1.50.2.6 -r1.50.2.7
  --- http_request.c	1997/08/02 15:52:12	1.50.2.6
  +++ http_request.c	1997/08/11 14:20:03	1.50.2.7
  @@ -709,22 +709,31 @@
   
   	rnew->per_dir_config = r->per_dir_config;
   
  -	if ((res = check_symlinks (rnew->filename, allow_options (rnew)))) {
  -	    log_reason ("Symbolic link not allowed", rnew->filename, rnew);
  -	    rnew->status = res;
  -	    return rnew;
  -	}
  -	/* do a file_walk, if it doesn't change the per_dir_config then
  -	 * we know that we don't have to redo all the access checks */
  -	if ((res = file_walk (rnew))) {
  -	    rnew->status = res;
  -	    return rnew;
  -	}
  -	if (rnew->per_dir_config == r->per_dir_config) {
  -	    if ((res = find_types (rnew)) || (res = run_fixups (rnew))) {
  +	/* no matter what, if it's a subdirectory, we need to re-run
  +	 * directory_walk */
  +	if (S_ISDIR (rnew->finfo.st_mode)) {
  +	    res = directory_walk (rnew);
  +	    if (!res) {
  +		res = file_walk (rnew);
  +	    }
  +	} else {
  +	    if ((res = check_symlinks (rnew->filename, allow_options (rnew)))) {
  +		log_reason ("Symbolic link not allowed", rnew->filename, rnew);
  +		rnew->status = res;
  +		return rnew;
  +	    }
  +	    /* do a file_walk, if it doesn't change the per_dir_config then
  +	     * we know that we don't have to redo all the access checks */
  +	    if ((res = file_walk (rnew))) {
   		rnew->status = res;
  +		return rnew;
  +	    }
  +	    if (rnew->per_dir_config == r->per_dir_config) {
  +		if ((res = find_types (rnew)) || (res = run_fixups (rnew))) {
  +		    rnew->status = res;
  +		}
  +		return rnew;
   	    }
  -	    return rnew;
   	}
       } else {
   	/* XXX: this should be set properly like it is in the same-dir case
  
  
  

Mime
View raw message