httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: [patch 1.3.13] Win32/NW Filesystem '/' override patch
Date Tue, 19 Sep 2000 02:45:21 GMT

Waited for a few days, my brain is a little clearer... I think this
is my final comment on this issue.  I'll commit Wednesday night unless
anyone objects vehemently.  Here's the why

First a comment on my NetWare comment to httpd.h - I can't see how
Netware makes sense - since as well as I can remember, it isn't
case sensitive in file names.  NETWARE seems to map ap_os_*case_filename
to ap_os_canonical_filename.  Am I missing something here?

Second, also NetWare, for it to accept plain old server/, or properly 
decode server/vol:/ in a <Directory > block may still take work.  I've
run it through my head a few times, but please -carefully- check the
http_request.c patch that I've got this right.  For NetWare, it seems 
like http_core treated <Directory sys:/bleh> as a SPECIAL block.  
Finally, mod_include had problems with NetWare in is_only_below() -
I caught something similar in mod_userdir but have suggestion.

Next, OS2 and WINDOWS are overhauled in http_request.c (util.c was 
touched as well) - so that the <Directory > block parsing aught to 
work with /, or //, or //Server.  For OS2 to properly accept plain 
old // or //Server, though, the whole ap_os_*_filename schema under 
OS2 should be reexamined.  WIN32 includes some changes in util_win32.c
for the filename processing, *t is an optimization, while we fix the
case of the //machine/share name and unknown elements to lower, for
consistent testing.  [I really don't know about the unknown elements,
if this is such a good idea or not.]

  * Fixes a significant amount of case errors and UNC misrecognition
    in Win32.

  * New feature macro HAVE_UNC_PATHS will cover the //server/share/
    syntax.  Presumed that only OS2 and WIN32 need that symbol in os.h.

  * HAVE_UNC_PATHS is no longer directly tied to HAVE_DRIVE_LETTERS
    in http_request.c - any platform could (conceivably) define the
    HAVE_UNC_PATHS to bypass /, //, and //server checks of .htaccess,
    given the path is formatted //server/share/...

  * Incorporates Tim Costello's fix from PR3412 to process the 
    root <Directory /> block of any request if HAVE_DRIVE_LETTERS or 
    NETWARE is defined.

  * Fixes behavior to accept <Directory //>, <Directory //server>
    and so on, without actually tripping file system checks (that
    would be deadly) if HAVE_UNC_PATHS is defined.

  * Fixes behavior to accept <Directory server> on NETWARE
    without actually tripping file system checks.


I really suggest someone with OS2 takes a look at this patch for
opportunities to update their util_.c module filename processing.
I have no idea if the NETWARE solutions work at this moment.
More careful review needed (although I've been running this now for
a few days writing my security whitepaper)  Still asking, comments?


Bill
Mime
View raw message