httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@arctic.org>
Subject Re: [PATCH] PR#1031 using a type map as a custom error document
Date Mon, 25 May 1998 07:47:27 GMT
Hey can you explain why you're using r->no_local_copy?  I'm confused... 
Actually I think I'm just confused because r->no_local_copy appears to
be true iff this expression is true:

    r->status != HTTP_OK && !is_initial_req(r)

... and that doesn't make sense to me as a fix for this. 

Of course I'm the person who introduced the bug... mod_negotiation.c:

|revision 1.43
|date: 1997/06/24 03:03:49;  author: dgaudet;  state: Exp;  lines: +9 -6
|Fix a few security problems.  Avoid problems with pipes, sockets, etc. in
|the filesystem.  Use sub_req_lookup_file for various functions that
|open ancillary files, so that they have to pass the symlink tests.  Also
|disallow slashes in HeaderName and ReadmeName to avoid ../../../hacks.

... I'd say that the correct fix is to remove the r->status test from
read_type_map and push it into read_types_multi, which is the only caller
that needs the security protection.  When read_type_map is called by
handle_map_file() the security protection has already been taken care of.

Dean

On Sat, 23 May 1998, Lars Eilebrecht wrote:

> Hi,
> 
> the attachment contains a patch which should fix PR#1031
> and make it possible to use a type map as a target for an ErrorDocument
> directive.
> 
> 
> ciao...
> -- 
> Lars Eilebrecht                           - It's been Monday all week.
> sfx@unix-ag.org
> http://www.home.unix-ag.org/sfx/
> 
> 

Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message