httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: IBM HTTP SERVER / APACHE (fwd)
Date Fri, 02 Jun 2000 03:55:02 GMT
> From: Allan Edwards [mailto:ake@raleigh.ibm.com]
> Sent: Thursday, June 01, 2000 10:17 PM
> 
> How this translates to the reported bug: call sequence is-
> 
> handle_dir
> 	ap_subreq_lookupuri c:/apache/htdocs///...//index.html 
> (260 bytes), 
> 		directory_walk
>             	get_path_info
>                   	ap_os_is_filename_valid  - returns OK
>                    	stat for ...///index.html fails, loop again
>                    	stat for c:/apache/htdocs succeeeds, 
> 					finfo.st_mode indicates director
>                   get_path_info sets st_mode = 0, returns OK
> 			ap_os_is_filename_valid returns OK
>             directory_walk returns status 200, st_mode=0
> 	      since st_mode=0 we do not internal redirect,
> 		pass to next handler mod_autoindex, BUG!!

Observations:

1) If the directory containing the obscurely failed file exists, but is
   protected with no Options Index, then we should not observe this
   effect, correct?  If their _private directory on their web is set
   up properly (no Index, at least :0) then nothing is comprimized.
   Additionally, files that would not be shown (.* etc) should continue
   to be invisible.

2) I don't like the stat fault escape here.  There has to be some
   additional work to get this right.  stat could fault for other 
   causes, I'm guessing.  Not that this invalidates your patch.



Mime
View raw message