httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d...@ast.cam.ac.uk (David Robinson)
Subject Re: double slashes (was Re: WWW Form Bug Report: "Security bug involving ScriptAliased directories" on Linux)
Date Fri, 03 Nov 1995 15:33:00 GMT
Here is a much more concise patch that fixes the double slash problem at
it's root, instead of trying to fixup the alias module.

It simply causes any URL with // in a filename to be rejected with
404 Not Found.

 David.

*** http_request.c.orig	Tue Oct 10 23:06:36 1995
--- http_request.c	Fri Nov  3 15:24:12 1995
***************
*** 189,195 ****
      core_dir_config **sec = (core_dir_config **)sec_array->elts;
      int num_sec = sec_array->nelts;
      void *per_dir_defaults = r->server->lookup_defaults;
-     char *test_filename = pstrdup (r->pool, r->filename);
  
      int num_dirs, res;
      int i;
--- 189,194 ----
***************
*** 202,210 ****
       * for the moment, that's not worth the trouble.
       */
  
-     no2slash (test_filename);
-     num_dirs = count_dirs(test_filename);
      get_path_info (r);
      
      if (S_ISDIR (r->finfo.st_mode)) ++num_dirs;
  
--- 201,209 ----
       * for the moment, that's not worth the trouble.
       */
  
      get_path_info (r);
+     if (strstr(r->filename, "//") != NULL) return NOT_FOUND;
+     num_dirs = count_dirs(r->filename);
      
      if (S_ISDIR (r->finfo.st_mode)) ++num_dirs;
  
***************
*** 214,220 ****
  	int allowed_here = core_dir->opts;
  	int overrides_here = core_dir->override;
          void *this_conf = NULL, *htaccess_conf = NULL;
! 	char *this_dir = make_dirstr (r->pool, test_filename, i);
  	char *config_name = make_full_path(r->pool, this_dir,
  					   sconf->access_name);
  	int j;
--- 213,219 ----
  	int allowed_here = core_dir->opts;
  	int overrides_here = core_dir->override;
          void *this_conf = NULL, *htaccess_conf = NULL;
! 	char *this_dir = make_dirstr (r->pool, r->filename, i);
  	char *config_name = make_full_path(r->pool, this_dir,
  					   sconf->access_name);
  	int j;
*** util.c.orig	Tue Oct 10 23:10:23 1995
--- util.c	Fri Nov  3 15:27:14 1995
***************
*** 214,219 ****
--- 214,220 ----
      }
  }
  
+ #if 0
  void no2slash(char *name) {
      register int x,y;
  
***************
*** 222,227 ****
--- 223,229 ----
              for(y=x+1;name[y-1];y++)
                  name[y-1] = name[y];
  }
+ #endif
  
  char *make_dirstr(pool *p, char *s, int n) {
      register int x,f;

Mime
View raw message