Return-Path: <new-httpd-owner-new-httpd-archive=hyperreal.org@apache.org>
Delivered-To: new-httpd-archive@hyperreal.org
Received: (qmail 13461 invoked by uid 6000); 25 May 1998 07:05:49 -0000
Received: (qmail 13451 invoked from network); 25 May 1998 07:05:47 -0000
Received: from twinlark.arctic.org (204.62.130.91)
  by taz.hyperreal.org with SMTP; 25 May 1998 07:05:47 -0000
Received: (qmail 7425 invoked by uid 500); 25 May 1998 07:47:27 -0000
Date: Mon, 25 May 1998 00:47:27 -0700 (PDT)
From: Dean Gaudet <dgaudet@arctic.org>
To: new-httpd@apache.org
Subject: Re: [PATCH] PR#1031 using a type map as a custom error document
In-Reply-To: <XFMail.980523030258.sfx@unix-ag.org>
Message-ID: <Pine.LNX.3.96dg4.980525002925.27195X-100000@twinlark.arctic.org>
X-Comment: Visit http://www.arctic.org/~dgaudet/legal for information
 regarding copyright and disclaimer.
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
 BOUNDARY="_=XFMail.1.3.p0/sfx.Linux:980523030258:362=_"
Content-ID: <Pine.LNX.3.96dg4.980525002925.27195Y@twinlark.arctic.org>
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--_=XFMail.1.3.p0/sfx.Linux:980523030258:362=_
Content-Type: TEXT/PLAIN; CHARSET=iso-8859-1
Content-ID: <Pine.LNX.3.96dg4.980525002925.27195Z@twinlark.arctic.org>

Hey can you explain why you're using r->no_local_copy?  I'm confused... 
Actually I think I'm just confused because r->no_local_copy appears to
be true iff this expression is true:

    r->status != HTTP_OK && !is_initial_req(r)

... and that doesn't make sense to me as a fix for this. 

Of course I'm the person who introduced the bug... mod_negotiation.c:

|revision 1.43
|date: 1997/06/24 03:03:49;  author: dgaudet;  state: Exp;  lines: +9 -6
|Fix a few security problems.  Avoid problems with pipes, sockets, etc. in
|the filesystem.  Use sub_req_lookup_file for various functions that
|open ancillary files, so that they have to pass the symlink tests.  Also
|disallow slashes in HeaderName and ReadmeName to avoid ../../../hacks.

... I'd say that the correct fix is to remove the r->status test from
read_type_map and push it into read_types_multi, which is the only caller
that needs the security protection.  When read_type_map is called by
handle_map_file() the security protection has already been taken care of.

Dean

On Sat, 23 May 1998, Lars Eilebrecht wrote:

> Hi,
> 
> the attachment contains a patch which should fix PR#1031
> and make it possible to use a type map as a target for an ErrorDocument
> directive.
> 
> 
> ciao...
> -- 
> Lars Eilebrecht                           - It's been Monday all week.
> sfx@unix-ag.org
> http://www.home.unix-ag.org/sfx/
> 
> 

--_=XFMail.1.3.p0/sfx.Linux:980523030258:362=_--