httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <Martin.Krae...@Fujitsu-Siemens.com>
Subject Re: [2.0] lstat's in spite of AllowOverride None
Date Wed, 07 Nov 2001 14:43:52 GMT
On Wed, Nov 07, 2001 at 02:14:03PM +0000, James A Sutherland wrote:
> So how about:
> 
> 1. stat() the full path (as was done before).
> 2. IF this fails, stat "forwards" component by component, as is done now.
> 
> This avoids the DoS of sending /a/a/a/a/a/a/a... - you do a single stat() on 
> the full path, which fails, then stat() "forwards" as now.

Or how is this:

  2. IF the full path l?stat() failed, AND errno == ENOTDIR, THEN:
     do a binary-search approach (locate the mid-'/'-component's path,
     try l?stat(), if it also returns errno == ENOTDIR, repeat cutting the
     path in half, until some hit is found. This hit is the valid resource,
     or the resource's directory, and the reminder is the PATH_INFO
     to be pased to it.
     Example:
       /a/b/c/d/e/f/g/h     -> ENOTDIR
       /a/b/c/d             -> ENOTDIR
       /a/b                 -> ENOENT
       => filename="/a/index.html" PATH_INFO="/b"

  3. IF the full path l?stat() failed, BUT errno != ENOTDIR, THEN
     stat "forwards" component by component, as is done now.

> The common case should be that there is a normal file at the end of that 
> path, so we should skip straight to the final stat() where possible IMO...

This is true for the majority of cases, and should therefore be
the most optimized code path.

> Caching the lstat() results should help, but reducing to a single stat() as I 
> suggest would seem better still?

Yep, of course. Also, the SHMHT (shared memory hash table) might help us
avoid redundant l?stat()s overall.

   Martin
-- 
<Martin.Kraemer@Fujitsu-Siemens.com>         |     Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730  Munich,  Germany

Mime
View raw message