httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject RE: cvs commit: apache-2.0/src/modules/standard mod_include.c
Date Tue, 17 Oct 2000 03:26:13 GMT

Would another pair of eyes go over this with a comb and give me
a thumbs up/down... my eyes are shot :-/  This addresses a Win32
issue, but the existing code made little sense for platforms that
look for 2+ .'s - so it was all wrapped into the loop.

> wrowe       00/10/15 20:43:44
> 
>   Modified:    src/modules/standard mod_include.c
>   Log:
>     Cleaning up a _Security_ concern - Please Review Carefully
>   
>   Revision  Changes    Path
>   1.68      +23 -11    apache-2.0/src/modules/standard/mod_include.c
>   
>   Index: mod_include.c
>   ===================================================================
>   RCS file: /home/cvs/apache-2.0/src/modules/standard/mod_include.c,v
>   retrieving revision 1.67
>   retrieving revision 1.68
>   diff -u -r1.67 -r1.68
>   --- mod_include.c	2000/10/15 18:15:13	1.67
>   +++ mod_include.c	2000/10/16 03:43:44	1.68
>   @@ -672,27 +672,39 @@
>    /* ensure that path is relative, and does not contain ".." elements
>     * ensentially ensure that it does not match the regex:
>     * (^/|(^|/)\.\.(/|$))
>   - * XXX: this needs os abstraction... consider c:..\foo in win32
>   + * XXX: Needs to become apr_is_path_relative() test
>     */
>    static int is_only_below(const char *path)
>    {
>    #ifdef HAVE_DRIVE_LETTERS
>   -    if (path[1] == ':')
>   +    if (path[1] == ':') 
>    	return 0;
>    #endif
>   -    if (path[0] == '/') {
>   +#ifdef NETWARE
>   +    if (strchr(path, ':')
>    	return 0;
>   -    }
>   -    if (path[0] == '.' && path[1] == '.'
>   -	&& (path[2] == '\0' || path[2] == '/')) {
>   +#endif
>   +    if (path[0] == '/') {
>    	return 0;
>        }
>        while (*path) {
>   -	if (*path == '/' && path[1] == '.' && path[2] == '.'
>   -	    && (path[3] == '\0' || path[3] == '/')) {
>   -	    return 0;
>   -	}
>   -	++path;
>   +        int dots = 0;
>   +        while (path[dots] == '.')
>   +            ++dots;
>   +#if defined(WIN32) 
>   +        /* If the name is canonical this is redundant
>   +         * but in security, redundancy is worthwhile.
>   +         * Does OS2 belong here (accepts ... for ..)?
>   +         */
>   +        if (dots > 1 && (!path[dots] || path[dots] == '/'))
>   +            return 0;
>   +#else
>   +        if (dots == 2 && (!path[dots] || path[dots] == '/'))
>   +            return 0;
>   +#endif
>   +        path += dots;
>   +        while (*path && *(path++) != '/')
>   +            ++path;
>        }
>        return 1;
>    }
>   
>   
>   
> 

Mime
View raw message