httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Jagielski <...@jaguNET.com>
Subject Re: translate_userdir()
Date Mon, 18 Mar 1996 17:19:43 GMT
Alexei Kosut wrote:
> 
> On Mon, 18 Mar 1996, Jim Jagielski wrote:
> 
> > 	  /*
> > 	   * Ok. Let's get this straight. At this point we know
> > 	   * that the getpwnam() call failed. Why? Because the user
> > 	   * doesn't exist. This must mean that no matter what, we'll
> > 	   * never find the right filename. We should return NOT_FOUND.
> > 	   * We don't wait until we stat() because filename at this
> > 	   * point is NULL.
> > 	   */
> 
> Not true. (not NULL, the first part) If I use the followin UserDir statement:
> 
> UserDir public_html /usr/www
> 

Try these 2 cases:

   1	UserDir public_html
	GET '/~nonexistantuser'

	At this point, filename is NULL, the getpwnam() call fails,
	we are at the last entry so we create r->filename, which will
	contain garbage since pstrcat() uses filename (which is
	NULL) and does zero-out allocated memory. Bad news.

   2	UserDir public_html stuff_here
	GET '/~nonexistantuser'

	Again, filename is NULL and getpwnam() fails so filename
	remains NULL. We do the test and !*userdirs is false so
	we need to do that stat. Oops! We are stating a NULL
	reference... Boom.

Ben Laurie, who understood what you were trying to do much better than I :)
came up with a nice simple fix, which I just Emailed to the list.

I failed to take into account possible http: references so assumed all
filename resolution could be (and was) local.
-- 
Jim Jagielski  << jim@jaguNET.com >>   |      "That's a Smith & Wesson,
  **  jaguNET Access Services  **      |       and you've had your six" 
      Email: info@jaguNET.com          |             - James Bond
++    http://www.jaguNET.com/         +++      Voice/Fax: 410-931-7060       ++

Mime
View raw message