httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m...@hyperreal.org
Subject cvs commit: apache/src http_config.c
Date Mon, 05 Jan 1998 20:46:13 GMT
marc        98/01/05 12:46:13

  Modified:    src      Tag: APACHE_1_2_X http_config.c
  Log:
  SECURITY: If a htaccess file can not be read due to bad permissions,
  deny access to the directory with a HTTP_FORBIDDEN.  The previous
  behavior was to ignore the htaccess file if it could not be read.
  This change may make some setups with unreadable htaccess files
  stop working.
  
  The previous lack of checking the return means that is some obscure
  cases it may be possible to bypass a htaccess file if a full path
  including the htaccess is too long (ie. > PATH_MAX) yet the path to
  a file in the same directory isn't.
  
  PR: 817
  Reviewed by:	Martin Kraemer, Mark J Cox, Dean Gaudet, Randy Terbush
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.49.2.3  +10 -2     apache/src/http_config.c
  
  Index: http_config.c
  ===================================================================
  RCS file: /export/home/cvs/apache/src/http_config.c,v
  retrieving revision 1.49.2.2
  retrieving revision 1.49.2.3
  diff -u -r1.49.2.2 -r1.49.2.3
  --- http_config.c	1997/06/29 18:08:36	1.49.2.2
  +++ http_config.c	1998/01/05 20:46:12	1.49.2.3
  @@ -821,8 +821,16 @@
   	}
   	
   	*result = dc;
  -    } else
  -	dc = NULL;
  +    } else {
  +	if (errno == ENOENT || errno == ENOTDIR)
  +	    dc = NULL;
  +	else {
  +	    log_unixerr("pfopen", filename,
  +		"unable to check htaccess file, ensure it is readable",
  +		r->server);
  +	    return HTTP_FORBIDDEN;
  +	}
  +    }
   
   /* cache it */
       new = palloc(r->pool, sizeof(struct htaccess_result));
  
  
  

Mime
View raw message