httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@gonzo.ben.algroup.co.uk>
Subject Re: translate_userdir()
Date Mon, 18 Mar 1996 17:35:52 GMT
> 
> Alexei Kosut wrote:
> > 
> > On Mon, 18 Mar 1996, Jim Jagielski wrote:
> > 
> > > 	  /*
> > > 	   * Ok. Let's get this straight. At this point we know
> > > 	   * that the getpwnam() call failed. Why? Because the user
> > > 	   * doesn't exist. This must mean that no matter what, we'll
> > > 	   * never find the right filename. We should return NOT_FOUND.
> > > 	   * We don't wait until we stat() because filename at this
> > > 	   * point is NULL.
> > > 	   */
> > 
> > Not true. (not NULL, the first part) If I use the followin UserDir statement:
> > 
> > UserDir public_html /usr/www
> > 
> 
> Try these 2 cases:
> 
>    1	UserDir public_html
> 	GET '/~nonexistantuser'
> 
> 	At this point, filename is NULL, the getpwnam() call fails,
> 	we are at the last entry so we create r->filename, which will
> 	contain garbage since pstrcat() uses filename (which is
> 	NULL) and does zero-out allocated memory. Bad news.
> 
>    2	UserDir public_html stuff_here
> 	GET '/~nonexistantuser'
> 
> 	Again, filename is NULL and getpwnam() fails so filename
> 	remains NULL. We do the test and !*userdirs is false so
> 	we need to do that stat. Oops! We are stating a NULL
> 	reference... Boom.
> 
> Ben Laurie, who understood what you were trying to do much better than I :)
> came up with a nice simple fix, which I just Emailed to the list.

I wouldn't go so far as to say that I understood it  ;-)

But, in essence, what is happening is the _last_ UserDir translation is used
_regardless of whether it makes any sense to the userdir module_, in the hope
that a handler will understand the resulting filename and be able to resolve it
(in particular the CGI handler). At least, that's what I think is happening.

This behaviour is undocumented, but perhaps desirable. So, to make everyone
happy it should be documented, at least in the source, to prevent further
misunderstanding.

I'm not sure how reliable the behaviour is - does it depend on module ordering,
for example?

Is it OK for a module to set a filename without knowing whether is is going to
work?

Would it perhaps be better to have an entirely seperate ExecUserDir directive?

Cheers,

Ben.

> 
> I failed to take into account possible http: references so assumed all
> filename resolution could be (and was) local.
> -- 
> Jim Jagielski  << jim@jaguNET.com >>   |      "That's a Smith & Wesson,
>   **  jaguNET Access Services  **      |       and you've had your six" 
>       Email: info@jaguNET.com          |             - James Bond
> ++    http://www.jaguNET.com/         +++      Voice/Fax: 410-931-7060       ++

-- 
Ben Laurie                  Phone: +44 (181) 994 6435
Freelance Consultant and    Fax:   +44 (181) 994 6472
Technical Director          Email: ben@algroup.co.uk
A.L. Digital Ltd,           URL: http://www.algroup.co.uk
London, England.

Mime
View raw message