httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: Repost: [BUG] PR#1031: ErrorDocument with type-maps
Date Wed, 03 Sep 1997 16:23:12 GMT
Ah ok now this makes sense.  Well, removing the r->status check definately
defeats the purpose of that patch.  It is expecting to check the status of
the subrequest ... not the main request.  So (a) sounds like the more
appropriate solution.  I haven't considered the side-effects of (a) yet
though ...

Dean

On Wed, 3 Sep 1997, Paul Sutton wrote:

> On Tue, 2 Sep 1997, Dean Gaudet wrote:
> > On Wed, 27 Aug 1997, Lars Eilebrecht wrote:
> > 
> > > Any ideas why ErrorDocuments to .var files are broken?
> > 
> > Did it ever "work"?
> 
> Yeah, it worked prior to version 1.43 of mod_negotiation.c. It stopped
> with the patch (below) associated with the log message: 
> 
> date: 1997/06/24 03:03:49;  author: dgaudet;  state: Exp;  lines: +9 -6
>   Fix a few security problems.  Avoid problems with pipes, sockets, etc.
>   in the filesystem.  Use sub_req_lookup_file for various functions that
>   open ancillary files, so that they have to pass the symlink tests.
>   Also disallow slashes in HeaderName and ReadmeName to avoid
>   ../../../hacks.o
> 
> The problem is that read_type_map() now checks to see if the status of the
> request in progress is not HTTP_OK and if it is not, returns that status.
> Unfortunately when an error document starts it inherits the main
> document's error code (e.g. HTTP_NOT_FOUND) in
> internal_internal_redirect(). 
> 
> Two possible fixes are 
> 
>  a. get send_error_response() to reset r->status to HTTP_OK on the
>     subrequest
>  b. remove the check for r->status in read_type_map().
> 
> Both of these are likely to have security implications though.
> 
> //pcs
> 
> Index: mod_negotiation.c
> ===================================================================
> RCS file: /export/home/cvs/apachen/src/modules/standard/mod_negotiation.c,v
> retrieving revision 1.42
> retrieving revision 1.43
> diff -u -r1.42 -r1.43
> --- mod_negotiation.c	1997/06/17 00:09:14	1.42
> +++ mod_negotiation.c	1997/06/24 03:03:49	1.43
> @@ -645,17 +645,20 @@
>      return cp;
>  }
>  
> -int read_type_map (negotiation_state *neg, char *map_name)
> +static int read_type_map (negotiation_state *neg, request_rec *rr)
>  {
>      request_rec *r = neg->r;
> -    FILE *map = pfopen (neg->pool, map_name, "r");
> -
> +    FILE *map;
>      char buffer[MAX_STRING_LEN];
>      enum header_state hstate;
>      struct var_rec mime_info;
>      
> +    if (rr->status != HTTP_OK) {
> +	return rr->status;
> +    }
> +    map = pfopen (neg->pool, rr->filename, "r");
>      if (map == NULL) {
> -        log_reason("cannot access type map file", map_name, r);
> +        log_reason("cannot access type map file", rr->filename, r);
>  	return FORBIDDEN;
>      }
>  
> @@ -783,7 +786,7 @@
>  	    closedir(dirp);
>  	    
>  	    neg->avail_vars->nelts = 0;
> -	    return read_type_map (neg, sub_req->filename);
> +	    return read_type_map (neg, sub_req);
>  	}
>  	
>  	/* Have reasonable variant --- gather notes.
> @@ -1853,7 +1856,7 @@
>      
>      char *udir;
>      
> -    if ((res = read_type_map (neg, r->filename))) return res;
> +    if ((res = read_type_map (neg, r))) return res;
>      
>      maybe_add_default_encodings(neg, 0);
>      
> 
> 
> 


Mime
View raw message