httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: problem with log url overflow found
Date Sat, 11 Jan 1997 20:57:28 GMT
No.  The trick is that right now we are saying that a failure to stat
the path (while looking for the index file) means the file doesn't
exist, so there is no index file, so make a directory listing.

However, there are other reasons that stat can fail.  

How portable would a check something like

        if (errno == ENAMETOOLONG) { refuse the request or something }

be?

Or should we only generate an index if (errno == ENOENT)?

I think checking the errno would be easier than checking the length of
the path before calling stat, since various systems may have various
limits and I'm not sure they all use the same define to say what the
max is.

Damn, I think some systems may silently truncate the path before
checking.  Grr.  Reasonably easy to fix (aside from the fact that
there isn't a nice pretty defined way to return what we want to the
caller), but portability is hell.  

The good thing is that it looks like _ALL_ this bug can do is get you
a directory index of the directory you request, and nothing more
devious.

On Sat, 11 Jan 1997, Randy Terbush wrote:

> 
> Cool. So is the fix just to change the comparison below to:
> 
> if (rv == 0)

Umm.. what is the difference between rv == 0 and !rv?

> 
> 
> > Check out http_request.c, line 160:
> > 
> >         rv = stat(path, &r->finfo);
> > 
> > On some systems, when you get too many '/'s, the stat will return -1.
> > That is why some people can't see it.  I would be other web servers 
> > (and lots of other programs) have the same problem.


Mime
View raw message