httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From c...@apache.org
Subject svn commit: r396294 - in /httpd/httpd/branches/1.3.x: STATUS src/CHANGES src/include/http_config.h src/main/http_config.c src/main/http_core.c
Date Sun, 23 Apr 2006 17:22:02 GMT
Author: colm
Date: Sun Apr 23 10:21:58 2006
New Revision: 396294

URL: http://svn.apache.org/viewcvs?rev=396294&view=rev
Log:
  * Backport the include directive patch for 1.3

  * Add a changelog entry for same

  * reorder the changelog to put security first.

Modified:
    httpd/httpd/branches/1.3.x/STATUS
    httpd/httpd/branches/1.3.x/src/CHANGES
    httpd/httpd/branches/1.3.x/src/include/http_config.h
    httpd/httpd/branches/1.3.x/src/main/http_config.c
    httpd/httpd/branches/1.3.x/src/main/http_core.c

Modified: httpd/httpd/branches/1.3.x/STATUS
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/1.3.x/STATUS?rev=396294&r1=396293&r2=396294&view=diff
==============================================================================
--- httpd/httpd/branches/1.3.x/STATUS (original)
+++ httpd/httpd/branches/1.3.x/STATUS Sun Apr 23 10:21:58 2006
@@ -74,11 +74,6 @@
       +1: nd, jerenkrantz, wrowe (in principal)
       -1: jim (until we see the 1.3 version)
 
-   *) core: Make "Include" directives work inside previously "Include"'d
-      files.
-      http://people.apache.org/~colm/include_directive-1.3.patch
-      +1: colm, wrowe, jim
-
 RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
 
    * backport fix for mod_log_config logging "0" for %b

Modified: httpd/httpd/branches/1.3.x/src/CHANGES
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/1.3.x/src/CHANGES?rev=396294&r1=396293&r2=396294&view=diff
==============================================================================
--- httpd/httpd/branches/1.3.x/src/CHANGES (original)
+++ httpd/httpd/branches/1.3.x/src/CHANGES Sun Apr 23 10:21:58 2006
@@ -1,15 +1,18 @@
 Changes with Apache 1.3.35
 
-  *) HTML-escape the Expect error message.  Not classed as security as
-     an attacker has no way to influence the Expect header a victim will
-     send to a target site.  Reported by Thiago Zaninotti 
-     <thiango nstalker.com>. [Mark Cox]
-
   *) SECURITY: CVE-2005-3352 (cve.mitre.org)
      mod_imap: Escape untrusted referer header before outputting in HTML
      to avoid potential cross-site scripting.  Change also made to
      ap_escape_html so we escape quotes.  Reported by JPCERT.
      [Mark Cox]
+
+  *) core: Allow usage of the "Include" configuration directive within
+     previously "Include"d files. [Colm MacCarthaigh]
+
+  *) HTML-escape the Expect error message.  Not classed as security as
+     an attacker has no way to influence the Expect header a victim will
+     send to a target site.  Reported by Thiago Zaninotti 
+     <thiango nstalker.com>. [Mark Cox]
 
   *) mod_cgi: Remove block on OPTIONS method so that scripts can
      respond to OPTIONS directly rather than via server default.

Modified: httpd/httpd/branches/1.3.x/src/include/http_config.h
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/1.3.x/src/include/http_config.h?rev=396294&r1=396293&r2=396294&view=diff
==============================================================================
--- httpd/httpd/branches/1.3.x/src/include/http_config.h (original)
+++ httpd/httpd/branches/1.3.x/src/include/http_config.h Sun Apr 23 10:21:58 2006
@@ -330,6 +330,8 @@
 CORE_EXPORT(const char *) ap_init_virtual_host(pool *p, const char *hostname,
 				server_rec *main_server, server_rec **);
 CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p, pool *ptemp);
+CORE_EXPORT(void) ap_process_include_config(server_rec *s, char *fname, pool *p, pool *ptemp,
+		                cmd_parms *parms);
 
 /* ap_check_cmd_context() definitions: */
 API_EXPORT(const char *) ap_check_cmd_context(cmd_parms *cmd, unsigned forbidden);

Modified: httpd/httpd/branches/1.3.x/src/main/http_config.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/1.3.x/src/main/http_config.c?rev=396294&r1=396293&r2=396294&view=diff
==============================================================================
--- httpd/httpd/branches/1.3.x/src/main/http_config.c (original)
+++ httpd/httpd/branches/1.3.x/src/main/http_config.c Sun Apr 23 10:21:58 2006
@@ -1164,6 +1164,101 @@
     return strcmp(f1->fname,f2->fname);
 }
 
+CORE_EXPORT(void) ap_process_include_config(server_rec *s, char *fname, pool *p, pool *ptemp,

+		cmd_parms *parms)
+{
+    const char *errmsg;
+    struct stat finfo;
+
+    fname = ap_server_root_relative(p, fname);
+
+    if (stat(fname, &finfo) == -1)
+	    return;
+
+    /* 
+     * here we want to check if the candidate file is really a
+     * directory, and most definitely NOT a symlink (to prevent
+     * horrible loops).  If so, let's recurse and toss it back into
+     * the function.
+     */
+    if (ap_is_rdirectory(fname)) {
+	DIR *dirp;
+	struct DIR_TYPE *dir_entry;
+	int current;
+	array_header *candidates = NULL;
+	fnames *fnew;
+
+	/*
+	 * first course of business is to grok all the directory
+	 * entries here and store 'em away. Recall we need full pathnames
+	 * for this.
+	 */
+	fprintf(stderr, "Processing config directory: %s\n", fname);
+	dirp = ap_popendir(p, fname);
+	if (dirp == NULL) {
+	    perror("fopen");
+	    fprintf(stderr, "%s: could not open config directory %s\n",
+		ap_server_argv0, fname);
+#ifdef NETWARE
+	    clean_parent_exit(1);
+#else
+	    exit(1);
+#endif
+	}
+	candidates = ap_make_array(p, 1, sizeof(fnames));
+	while ((dir_entry = readdir(dirp)) != NULL) {
+	    /* strip out '.' and '..' */
+	    if (strcmp(dir_entry->d_name, ".") &&
+		strcmp(dir_entry->d_name, "..")) {
+		fnew = (fnames *) ap_push_array(candidates);
+		fnew->fname = ap_make_full_path(p, fname, dir_entry->d_name);
+	    }
+	}
+	ap_pclosedir(p, dirp);
+	if (candidates->nelts != 0) {
+            qsort((void *) candidates->elts, candidates->nelts,
+              sizeof(fnames), fname_alphasort);
+	    /*
+	     * Now recurse these... we handle errors and subdirectories
+	     * via the recursion, which is nice
+	     */
+	    for (current = 0; current < candidates->nelts; ++current) {
+	        fnew = &((fnames *) candidates->elts)[current];
+		fprintf(stderr, " Processing config file: %s\n", fnew->fname);
+		ap_process_resource_config(s, fnew->fname, p, ptemp);
+	    }
+	}
+	return;
+    }
+    
+    if (!(parms->config_file = ap_pcfg_openfile(p,fname))) {
+	perror("fopen");
+	fprintf(stderr, "%s: could not open document config file %s\n",
+		ap_server_argv0, fname);
+#ifdef NETWARE
+        clean_parent_exit(1);
+#else
+	exit(1);
+#endif
+    }
+
+    errmsg = ap_srm_command_loop(parms, s->lookup_defaults);
+
+    if (errmsg) {
+	fprintf(stderr, "Syntax error on line %d of %s:\n",
+		parms->config_file->line_number, parms->config_file->name);
+	fprintf(stderr, "%s\n", errmsg);
+#ifdef NETWARE
+        clean_parent_exit(1);
+#else
+	exit(1);
+#endif
+    }
+
+    ap_cfg_closefile(parms->config_file);
+}
+
+
 CORE_EXPORT(void) ap_process_resource_config(server_rec *s, char *fname, pool *p, pool *ptemp)
 {
     const char *errmsg;

Modified: httpd/httpd/branches/1.3.x/src/main/http_core.c
URL: http://svn.apache.org/viewcvs/httpd/httpd/branches/1.3.x/src/main/http_core.c?rev=396294&r1=396293&r2=396294&view=diff
==============================================================================
--- httpd/httpd/branches/1.3.x/src/main/http_core.c (original)
+++ httpd/httpd/branches/1.3.x/src/main/http_core.c Sun Apr 23 10:21:58 2006
@@ -2770,9 +2770,12 @@
 
 static const char *include_config (cmd_parms *cmd, void *dummy, char *name)
 {
+    static cmd_parms parms;
     name = ap_server_root_relative(cmd->pool, name);
+
+    memcpy(&parms, cmd, sizeof(parms));
     
-    ap_process_resource_config(cmd->server, name, cmd->pool, cmd->temp_pool);
+    ap_process_include_config(cmd->server, name, cmd->pool, cmd->temp_pool, &parms);
 
     return NULL;
 }



Mime
View raw message