httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: IBM HTTP SERVER / APACHE (fwd)
Date Fri, 02 Jun 2000 03:45:45 GMT
Ok, documentation bug on MS's part to suggest a filespec
can be MAX_PATH bytes...

WIN32_FIND_DATA among every other structure defining an
array of char by MAX_PATH is exactly MAX_PATH bytes.  No
extra byte allocated for a trailing null.

So clearly, MAX_PATH is the max null terminated length
of a file spec.  I'm satisfied this was the root of the
problem.  Thanks for tracking it down, Allan!

Commit the patch to 1.3.13-dev :-)

I will continue to research other side effects, including
why, with our reimplementation of stat in APR, we aren't
using it yet and why we continue to observe this effect 
in 2.0.  I'm disinclined to commit the patch to 2.0 until
we have the real fix, but your call, either commit it or
commit a showstopper to status.

Bill





> -----Original Message-----
> From: Allan Edwards [mailto:ake@raleigh.ibm.com]
> Sent: Thursday, June 01, 2000 10:17 PM
> To: new-httpd@apache.org
> Subject: RE: IBM HTTP SERVER / APACHE (fwd)
> 
> 
> As Ken said, I've been working on this and have a patch,
> I was making sure it held up before posting.
>  
> The bug is in ap_os_is_filename_valid (util_win32.c) 
> and the problem is that it checks for file path > MAX_PATH 
> (260 on NT), however stat fails for file paths >= MAX_PATH.
>  
> I've been able to reproduce the reported symptoms on 1.3 and
> and 2.0. Roy Marek's comments about variability from
> one server to another may be due to installation in different
> directories, it only fails for length 260.
>  
> How this translates to the reported bug: call sequence is-
> 
> handle_dir
> 	ap_subreq_lookupuri c:/apache/htdocs///...//index.html 
> (260 bytes), 
> 		directory_walk
>             	get_path_info
>                   	ap_os_is_filename_valid  - returns OK
>                    	stat for ...///index.html fails, loop again
>                    	stat for c:/apache/htdocs succeeeds, 
> 					finfo.st_mode indicates director
>                   get_path_info sets st_mode = 0, returns OK
> 			ap_os_is_filename_valid returns OK
>             directory_walk returns status 200, st_mode=0
> 	      since st_mode=0 we do not internal redirect,
> 		pass to next handler mod_autoindex, BUG!!
>  
> With the patch below we get the following correct sequence:
> 
> handle_dir
> 	ap_subreq_lookupuri c:/apache/htdocs///...//index.html 
> (260 bytes)
> 		directory_walk
> 			get_path_info
>                       	ap_os_is_filename_valid  - returns FAIL
>                       	loop again
>                       	stat for c:/apache/htdocs succeeeds, 
> 					finfo.st_mode indicates 
> directory
> 			get_path_info sets st_mode = 0, returns OK
> 			ap_os_is_filename_valid returns HTTP_FORBIDDEN
>                   rnew->status = 403 is returned (same as 
> paths > 260 bytes)
> 
> The Patch (against 1.3)
> ------------------------------------------------ 
> --- util_win32.c.org     Thu Jun 01 20:23:10 2000
> +++ util_win32.c    Thu Jun 01 20:23:38 2000
> @@ -580,7 +580,7 @@
>      };
> 
>      /* Test 1 */
> -    if (strlen(file) > MAX_PATH) {
> +    if (strlen(file) >= MAX_PATH) {
>      /* Path too long for Windows. Note that this test is not valid
>       * if the path starts with //?/ or \\?\. */
>      return 0;
> --------------------------------------------------
> 
> I'll apply this fix to 1.3 and 2.0 if no-one can see any holes in it.
> 
> Allan Edwards
> <ake@us.ibm.com>
> 

Mime
View raw message