httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Havard" <bri...@kheldar.apana.org.au>
Subject [PATCH] Plugging nice big security hole (OS/2)
Date Mon, 20 Jul 1998 11:44:05 GMT
Here's my first take on an ap_os_canonical_filename() for OS/2. Feel free to
suggest improvements or point out cases I've missed.

The API call I'm using here, DosQueryPathInfo(), resolves relative paths to
absolute, removes trailing spaces and dots from path components but doesn't
check that the path in question actually exists. It also changes forward
slashes to back slashes so they have to be changed back again afterwards.



Index: os/emx/Makefile.tmpl
===================================================================
RCS file: /cvs/apache-1.3/src/os/emx/Makefile.tmpl,v
retrieving revision 1.8
diff -u -w -r1.8 Makefile.tmpl
--- Makefile.tmpl	1998/05/10 13:04:37	1.8
+++ Makefile.tmpl	1998/07/20 11:19:39
@@ -3,7 +3,7 @@
 INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
 LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
 
-OBJS=	os.o os-inline.o
+OBJS=	os.o os-inline.o util_os2.o
 COPY=	os.h os-inline.c
 
 LIB=	libos.a
Index: os/emx/os.h
===================================================================
RCS file: /cvs/apache-1.3/src/os/emx/os.h,v
retrieving revision 1.7
diff -u -w -r1.7 os.h
--- os.h	1998/07/13 09:57:24	1.7
+++ os.h	1998/07/20 11:19:40
@@ -2,6 +2,7 @@
 #define APACHE_OS_H
 
 #define PLATFORM "OS/2"
+#define HAVE_CANONICAL_FILENAME
 
 /*
  * This file in included in all Apache source code. It contains definitions
Index: os/emx/util_os2.c
===================================================================
RCS file: util_os2.c
diff -N util_os2.c
--- /dev/null	Thu Aug 14 04:31:15 1997
+++ util_os2.c	Mon Jul 20 11:19:40 1998
@@ -0,0 +1,31 @@
+#define INCL_DOSFILEMGR
+#include <os2.h>
+#include "httpd.h"
+#include "http_log.h"
+
+
+API_EXPORT(char *)ap_os_canonical_filename(pool *pPool, const char *szFile)
+{
+    char buf[HUGE_STRING_LEN];
+    char buf2[HUGE_STRING_LEN];
+    int rc, len; 
+    char *pos;
+    
+/* Remove trailing slash unless it's a root directory */
+    strcpy(buf, szFile);
+    len = strlen(buf);
+    
+    if (len > 3 && buf[len-1] == '/')
+        buf[--len] = 0;
+      
+    rc = DosQueryPathInfo(buf, FIL_QUERYFULLNAME, buf2, HUGE_STRING_LEN);
+    ap_assert(rc == 0);
+    strlwr(buf2);
+    
+/* Switch backslashes to forward */
+    for (pos=buf2; *pos; pos++)
+        if (*pos == '\\')
+            *pos = '/';
+    
+    return ap_pstrdup(pPool, buf2);
+}

--
 ______________________________________________________________________________
 |  Brian Havard                 |  "He is not the messiah!                   |
 |  brianh@kheldar.apana.org.au  |  He's a very naughty boy!" - Life of Brian |
 ------------------------------------------------------------------------------


Mime
View raw message