httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: 1.1.2 plan
Date Sun, 12 Jan 1997 04:16:02 GMT
On Sat, 11 Jan 1997, Randy Terbush wrote:

> > On Sat, 11 Jan 1997, Randy Terbush wrote:
> > 
> > > > What do people think of my updated directory index patch with the
> > > > ifdef?
> > > > 
> > > > If there end up being lots of systems without ENOENT defined, having
> > > > some provisions for that in 1.1.2 could avoid the need for 1.1.3...
> > > 
> > > Probably a good idea. If you get the CVS mail, you'll see that I have
> > > applied this to 1.1.2 and am just waiting on dust to settle before
> > > tagging.
> > > 
> > > Seems like adding the #error would also be a good idea so this does
> > > not quitely compile for people if they don't have ENOENT.
> > 
> > I was just about to suggest this patch (I am wondering if some compilers
> > may stop on the first error and not display the rest), but I see you have
> > just committed one.  The one you committed looks fine, but in case anyone
> > cares, what i was going to suggest is included below.
> 
> If anyone wants me to change it, I will. I figured the 3 #errors
> would make them remove all three. *shrug*

Yup, they just may only see the first one and be too stupid to figure out
to look at the line in the source.  <g>  Doesn't matter to me.

> 
> > (oh, and what exactly is the difference between where HTTP_FORBIDDEN and
> > FORBIDDEN should be used?  Looking at it, FORBIDDEN does seem to be the
> > right one to use as your patch fixes.)
> 
> These defines were prefixed with HTTP_ for 1.2. The patches that you
> see commited are to the 1.1 branch.

But in 1.2 is FORBIDDEN just for backwards compat?

> 
> I've rolled the release and will hold until I hear further from
> you about the core dumps.
> 

Two changes.  First, replace log_reason in http_request.c with:

	log_printf(r->server, "access to %s failed for client; unable to determine if index file
eixsts (stat() returned unexpected error)",r->filename);

I was getting a null r->per_dir_config in log_reason; the easiest
fix is just not to use it.  

The other patch is below; it is needed to make mod_dir check the
status code.  Pulled from the 1.2 tree.

After that, it all should work.  If you want, put a copy somewhere
I can get it before release and I will double check it again.

Index: mod_dir.c
===================================================================
RCS file: /home/marcs/archive/apache/cvs/apache/src/mod_dir.c,v
retrieving revision 1.10
diff -c -r1.10 mod_dir.c
*** mod_dir.c	1996/06/21 20:12:07	1.10
--- mod_dir.c	1997/01/12 03:25:30
***************
*** 768,773 ****
--- 768,775 ----
        (dir_config_rec *)get_module_config (r->per_dir_config, &dir_module);
      char *names_ptr = d->index_names ? d->index_names : DEFAULT_INDEX;
      int allow_opts = allow_options (r);
+     int error_notfound = 0;
+ 
  
      if (r->uri[0] == '\0' || r->uri[strlen(r->uri)-1] != '/') {
  	char* ifile;
***************
*** 808,816 ****
  	    return OK;
  	}
  
!         destroy_sub_req (rr);
!     }
! 
      if (r->method_number != M_GET) return NOT_IMPLEMENTED;
      
      /* OK, nothing easy.  Trot out the heavy artillery... */
--- 810,833 ----
  	    return OK;
  	}
  
!        /* If the request returned something other than 404 (or 200),
!         * it means the module encountered some sort of problem. To be
!         * secure, we should return the error, rather than create
!         * along a (possibly unsafe) directory index.
!         *
!         * So we store the error, and if none of the listed files
!         * exist, we return the last error response we got, instead
!         * of a directory listing.
!         */
!        if (rr->status && rr->status != 404 && rr->status != 200)
!            error_notfound = rr->status;
! 
!          destroy_sub_req (rr);
!      }
! 
!     if (error_notfound)
!        return error_notfound;
!  
      if (r->method_number != M_GET) return NOT_IMPLEMENTED;
      
      /* OK, nothing easy.  Trot out the heavy artillery... */


Mime
View raw message