httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@locus.apache.org
Subject cvs commit: apache-1.3/src/os/win32 util_win32.c
Date Fri, 23 Jun 2000 19:44:33 GMT
wrowe       00/06/23 12:44:32

  Modified:    .        STATUS
               src      CHANGES
               src/os/win32 util_win32.c
  Log:
    This incorporates Allen's fix into a broader set of potential Win32
    security holes.  With that I believe Marc's concerns are addressed, as
    the hold appears to be very Win32 specific.
  
  Revision  Changes    Path
  1.830     +19 -14    apache-1.3/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/apache-1.3/STATUS,v
  retrieving revision 1.829
  retrieving revision 1.830
  diff -u -r1.829 -r1.830
  --- STATUS	2000/06/17 07:02:04	1.829
  +++ STATUS	2000/06/23 19:44:26	1.830
  @@ -1,9 +1,9 @@
     1.3 STATUS:
  -  Last modified at [$Date: 2000/06/17 07:02:04 $]
  +  Last modified at [$Date: 2000/06/23 19:44:26 $]
   
   Release:
   
  -    1.3.13-dev: In development - targeted to freeze June 15th?
  +    1.3.13-dev: In development - ready to freeze?
       1.3.12: Tagged and rolled Feb. 23, 2000. Released and
               announced on the 25th.
       1.3.11: Tagged and rolled Jan. 19, 2000. Released and
  @@ -25,16 +25,14 @@
   
   RELEASE SHOWSTOPPERS:
   
  -    * Close the security hole in stat() by testing for anything other 
  -        than conventional file-not-found, permission-denied errors and
  -        rejecting the request then and there.  By rights, all of these 
  -        cases aught to be Not Found, not Permission Denied, or maybe 500?
  +    * Add a simple Win32 hold console open patch (wait for close or
  +        the ESC key, with a nice message) if the server died a 
  +        bad death (non-zero exit code) in console mode.  At the 
  +        moment the fix on the table is shelling to %comspec% /k
  +        RunApache.bat that will exit if apache.exe succeeds, but leave
  +        the console open on error.  This allows users to read the error,
  +        type logs and edit config files as necessary.
   
  -    * Windows install script review/revision?
  -        Need to play with a wrapper .bat file for the user icons, so the
  -        console don't close when Apache exits with an error.
  -        - Daniel S. Reichenbach is cooking something up.
  -
   RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
   
       * long pathnames with many components and no AllowOverride None
  @@ -385,12 +383,19 @@
   
    In progress:
   
  +    * Windows install script review/revision?
  +        - Daniel S. Reichenbach is cooking something up.
  +
       * Ben's ASP work... All agree it sounds cool.
   
  -    * DDA's adding a tray application to the Windoze version for ease of
  +    * Adding a tray application to the Windoze version for ease of
         status/management.  (PR3594, PR4873)
  -	<01BCDB29.2C04DEB0@caravan.individual.com>
  -	<01BCDB2A.F8C09010@caravan.individual.com>
  +	DDA's <01BCDB29.2C04DEB0@caravan.individual.com>
  +	DDA's <01BCDB2A.F8C09010@caravan.individual.com>
  +        There is no code here, only concept.  Noone has implemented a pure
  +        C language WinAPI (no MFC) multiple-services aware taskbar app for 
  +        both WinNT and Win95.  Open to anyone proposing something complete.
  +        If it comes between releases, add it to contrib right away!
   	Status: Ken +1, Sameer +1, Martin +1, Ben +1 (as long as
   		we get a single executable)
   	Paul: No like Win95 specific stuff
  
  
  
  1.1561    +6 -1      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1560
  retrieving revision 1.1561
  diff -u -r1.1560 -r1.1561
  --- CHANGES	2000/06/19 20:36:32	1.1560
  +++ CHANGES	2000/06/23 19:44:28	1.1561
  @@ -1,5 +1,10 @@
   Changes with Apache 1.3.13
   
  +  *) Expand Win32 protection for pathname length, to provide protection
  +     from future potential bugs such as that which caused directory index 
  +     to be displayed rather than returning an error.
  +     [William Rowe, Allan Edwards <ake@raleigh.ibm.com>]
  +
     *) USE_SYSVSEM_SERIALIZED_ACCEPT locking on OS/390
        [Ovies Brabson]
   
  @@ -7,7 +12,7 @@
        helper apps that invoke Apache.exe without a console.  Recognize that
        we are running NT, and use the STARTF_FORCEOFFFEEDBACK flag to be
        sure that the SCM has invoked the process. [William Rowe,
  -       Jim Patterson <jim-patterson@ncf.ca>, Kevin Kiley, TOKILEY@aol.com]
  +       Jim Patterson <jim-patterson@ncf.ca>, Kevin Kiley <TOKILEY@aol.com>]
   
     *) Export from Win32 the ap_start_shutdown and ap_start_restart symbols 
        for modules and executables dynamically linked to the core.
  
  
  
  1.36      +5 -2      apache-1.3/src/os/win32/util_win32.c
  
  Index: util_win32.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/os/win32/util_win32.c,v
  retrieving revision 1.35
  retrieving revision 1.36
  diff -u -r1.35 -r1.36
  --- util_win32.c	2000/06/22 22:57:31	1.35
  +++ util_win32.c	2000/06/23 19:44:31	1.36
  @@ -288,8 +288,9 @@
   API_EXPORT(int) os_stat(const char *szPath, struct stat *pStat)
   {
       int n;
  +    int len = strlen(szPath);
       
  -    if (strlen(szPath) == 0) {
  +    if ((len == 0) || (len >= MAX_PATH)) {
           return -1;
       }
   
  @@ -298,7 +299,6 @@
   	char *s;
   	int nSlashes = 0;
   
  -	ap_assert(strlen(szPath) < _MAX_PATH);
   	strcpy(buf, szPath);
   	for (s = buf; *s; ++s) {
   	    if (*s == '/') {
  @@ -308,6 +308,9 @@
   	}
   	/* then we need to add one more to get \\machine\share\ */
   	if (nSlashes == 3) {
  +            if (++len >= MAX_PATH) {
  +                return -1;
  +            }
   	    *s++ = '\\';
   	}
   	*s = '\0';
  
  
  

Mime
View raw message