httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@lnd.com>
Subject RE: IBM HTTP SERVER / APACHE (fwd)
Date Sun, 04 Jun 2000 02:59:34 GMT
> From: Marc Slemko [mailto:marcs@znep.com]
> Sent: Saturday, June 03, 2000 8:45 PM
> 
> FYI, FWIW, if I have made any mistakes let me know and I can 
> probably get
> them corrected before it makes its way through the moderator.
> 
> I would still like to know why the code isn't just checking the stat()
> return code, and puking for unexpected (ie. other than "file 
> not found", etc.) errors.

Here is a reworking of some additional util_win32.c security testing,
but still not what Marc is discussing.  I've been drawn to the fact
that relatively obscure device drivers may be installed that are outside
the 'standard' exclusions list.  These extra tests are also a performance
drain, although they affect only 3-4 character name segments.  Howdy.html
isn't impacted, but a tree like /docs/app/rev/ is heavily impacted.

Please review, and comment.

Note that FILE_ATTRIBUTE_NORMAL, or value 0x80, has been a device
driver file flag for many, many years.  I believe, based on the fact
that we test -every- segment to the end name, that this would also
maintain security against the well-publicized Windows 95 security hole
against multiple device names in the path; i.e. /con/con/nul/blowup.html 


Index: src/os/win32/util_win32.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/os/win32/util_win32.c,v
retrieving revision 1.34
diff -u -r1.34 util_win32.c
--- src/os/win32/util_win32.c	2000/06/02 16:30:27	1.34
+++ src/os/win32/util_win32.c	2000/06/03 23:59:52
@@ -113,6 +113,9 @@
             if (hFind == INVALID_HANDLE_VALUE) {
                 bFileExists = FALSE;
             }
+            else if (wfd.dwFileAttributes & FILE_ATTRIBUTE_NORMAL) {
+                bFileExists = FALSE;
+            }
             else {
                 FindClose(hFind);
 
@@ -574,10 +577,6 @@
     unsigned int seglength;
     const char *pos;
     static const char * const invalid_characters = "?\"<>*|:";
-    static const char * const invalid_filenames[] = { 
-	"CON", "AUX", "COM1", "COM2", "COM3", 
-	"COM4", "LPT1", "LPT2", "LPT3", "PRN", "NUL", NULL 
-    };
 
     /* Test 1 */
     if (strlen(file) >= MAX_PATH) {
@@ -652,25 +651,12 @@
 	if (segstart[seglength-1] == '.') {
 	    return 0;
 	}
-
-	/* Test 4 */
-	for (baselength = 0; baselength < seglength; baselength++) {
-	    if (segstart[baselength] == '.') {
-		break;
-	    }
-	}
 
-	/* baselength is the number of characters in the base path of
-	 * the segment (which could be the same as the whole segment length,
-	 * if it does not include any dot characters). */
-	if (baselength == 3 || baselength == 4) {
-	    for (idx = 0; invalid_filenames[idx]; idx++) {
-		if (strlen(invalid_filenames[idx]) == baselength &&
-		    !strnicmp(invalid_filenames[idx], segstart, baselength)) {
-		    return 0;
-		}
-	    }
-	}
+        /*  Eliminated 4th test.  Special DOS device names are
+         *  handled by stat(), FindFirstFile etc... 
+         *  stat() returns all nulls, and
+         *  FindFirstFile returns a FILE_ATTRIBUTE_NORMAL
+         */
     }
 
     return 1;

Mime
View raw message