httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject cvs commit: httpd-2.0/server core.c
Date Thu, 25 Sep 2003 16:00:57 GMT
trawick     2003/09/25 09:00:57

  Modified:    .        CHANGES
               server   core.c
  Log:
  Log an error when requests for URIs which fail to map to a valid
  filesystem name are rejected with 403.
  
  Revision  Changes    Path
  1.1279    +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1278
  retrieving revision 1.1279
  diff -u -r1.1278 -r1.1279
  --- CHANGES	23 Sep 2003 22:40:23 -0000	1.1278
  +++ CHANGES	25 Sep 2003 16:00:56 -0000	1.1279
  @@ -2,6 +2,9 @@
   
     [Remove entries to the current 2.0 section below, when backported]
   
  +  *) Log an error when requests for URIs which fail to map to a valid 
  +     filesystem name are rejected with 403.  [Jeff Trawick]
  +
     *) Fixed mod_usertrack to not get false positive matches on the
        user-tracking cookie's name.  PR 16661.
        [Manni Wood <manniwood@planet-save.com>]
  
  
  
  1.244     +11 -6     httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.243
  retrieving revision 1.244
  diff -u -r1.243 -r1.244
  --- core.c	3 Sep 2003 19:27:09 -0000	1.243
  +++ core.c	25 Sep 2003 16:00:56 -0000	1.244
  @@ -3274,6 +3274,7 @@
   {
       void *sconf = r->server->module_config;
       core_server_config *conf = ap_get_module_config(sconf, &core_module);
  +    apr_status_t rv;
   
       /* XXX this seems too specific, this should probably become
        * some general-case test
  @@ -3300,10 +3301,12 @@
           while (*path == '/') {
               ++path;
           }
  -        if (apr_filepath_merge(&r->filename, conf->ap_document_root, path,
  -                               APR_FILEPATH_TRUENAME
  -                             | APR_FILEPATH_SECUREROOT, r->pool)
  +        if ((rv = apr_filepath_merge(&r->filename, conf->ap_document_root, path,
  +                                     APR_FILEPATH_TRUENAME
  +                                   | APR_FILEPATH_SECUREROOT, r->pool))
                       != APR_SUCCESS) {
  +            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
  +                         "URI in request %s maps to invalid filename", r->the_request);
               return HTTP_FORBIDDEN;
           }
           r->canonical_filename = r->filename;
  @@ -3321,10 +3324,12 @@
           while (*path == '/') {
               ++path;
           }
  -        if (apr_filepath_merge(&r->filename, conf->ap_document_root, path,
  -                               APR_FILEPATH_TRUENAME
  -                             | APR_FILEPATH_SECUREROOT, r->pool)
  +        if ((rv = apr_filepath_merge(&r->filename, conf->ap_document_root, path,
  +                                     APR_FILEPATH_TRUENAME
  +                                   | APR_FILEPATH_SECUREROOT, r->pool))
                       != APR_SUCCESS) {
  +            ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
  +                         "URI in request %s maps to invalid filename", r->the_request);
               return HTTP_FORBIDDEN;
           }
           r->canonical_filename = r->filename;
  
  
  

Mime
View raw message