httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n..@apache.org
Subject svn commit: r632947 - in /httpd/httpd/trunk: CHANGES server/request.c
Date Mon, 03 Mar 2008 06:14:01 GMT
Author: niq
Date: Sun Mar  2 22:13:59 2008
New Revision: 632947

URL: http://svn.apache.org/viewvc?rev=632947&view=rev
Log:
core: fix SymlinksIfOwnerMatch checking:
  (1) Fix Origin checking (PR 36783 - Robert L Mathews)
  (2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/request.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=632947&r1=632946&r2=632947&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Sun Mar  2 22:13:59 2008
@@ -2,6 +2,12 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) core: check symlink ownership if both FollowSymlinks and
+     SymlinksIfOwnerMatch are set [Nick Kew]
+
+  *) core: fix origin checking in SymlinksIfOwnerMatch
+     PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
+
   *) mod_cache: Revalidate cache entities which have Cache-Control: no-cache
      set in their response headers. PR 44511 [Ruediger Pluem]
 

Modified: httpd/httpd/trunk/server/request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/request.c?rev=632947&r1=632946&r2=632947&view=diff
==============================================================================
--- httpd/httpd/trunk/server/request.c (original)
+++ httpd/httpd/trunk/server/request.c Sun Mar  2 22:13:59 2008
@@ -331,7 +331,8 @@
     /* Save the name from the valid bits. */
     savename = (lfi->valid & APR_FINFO_NAME) ? lfi->name : NULL;
 
-    if (opts & OPT_SYM_LINKS) {
+    /* if OPT_SYM_OWNER is unset, we only need to check target accessible */
+    if (!(opts & OPT_SYM_OWNER)) {
         if ((res = apr_stat(&fi, d, lfi->valid & ~(APR_FINFO_NAME
                                                  | APR_FINFO_LINK), p))
                  != APR_SUCCESS) {
@@ -353,7 +354,7 @@
      * owner of the symlink, then get the info of the target.
      */
     if (!(lfi->valid & APR_FINFO_OWNER)) {
-        if ((res = apr_stat(&fi, d,
+        if ((res = apr_stat(&lfi, d,
                             lfi->valid | APR_FINFO_LINK | APR_FINFO_OWNER, p))
             != APR_SUCCESS) {
             return HTTP_FORBIDDEN;



Mime
View raw message