Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 11908 invoked by uid 6000); 12 May 1998 19:35:24 -0000
Received: (qmail 11901 invoked from network); 12 May 1998 19:35:23 -0000
Received: from gensym.com (192.156.185.2)
  by taz.hyperreal.org with SMTP; 12 May 1998 19:35:23 -0000
Received: by gensym.com (4.1/SMI-4.1)
	id AA24974; Tue, 12 May 98 15:35:21 EDT
Received: from unknown(1.0.2.6) by ftp.gensym.com via smap (V1.3)
	id sma024966; Tue May 12 15:34:51 1998
Received: from siam.gensym by gensym1.gensym.com (4.1/SMI-4.1)
	id AA05342; Tue, 12 May 98 15:34:50 EDT
Received: by siam.gensym (SMI-8.6/SMI-SVR4)
	id PAA27220; Tue, 12 May 1998 15:34:49 -0400
Date: Tue, 12 May 1998 15:34:49 -0400
From: bhyde@gensym.com (Ben Hyde)
Message-Id: <199805121934.PAA27220@siam.gensym>
To: new-httpd@apache.org
Subject: http://localhost/nul/auz.html -> \\.\aux
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org


>> >     * SECURITY: check if the magic con/aux/nul/etc names do anything
>> >         really bad
>> 
>> Discussion on this died down; when we last left it, I wondered aloud
>> whether the device-checking patch which was applied last week solved this
>> problem.
>
>Ah, yes - I was halfway through testing that, when I suddenly had to
>spend my time making the blasted thing work instead. By the time I had
>finished I'd forgotten why I was doing it.

notes dejour...

  http://localhost/nul/aux.html
initially maps (today) to 
  d:/bt/as/site0/htdocs/nul/aux.html

GetFullPathName via sub_canonical_filename via ap_os_canonical_filename
via directory_walk chews that into:
  \\.\aux\

That's likely to confuse the <directory> logic.

(an aside about GetFullPathName:  In spite of the documenation
szFilePart is not a substring of buf in this case that makes
the predicate in there "(szFilePart < buf+3)" suspect.)

ap_os_canonical_filename converts it to:  //./aux/

directory_walk doesn't like double // so soon it's
  /./aux

It is all too bogus at this point so I lost interest.

I'm sure I understand the theory of operation for d: 
and \\.\ and \\machine\ amoung {file,directory}_walk,
and ap_os_canonical_filename.  Ben - you have my
sympathy!

 - ben hyde