httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Pane <bp...@pacbell.net>
Subject cvs commit: httpd-2.0/server util.c
Date Mon, 03 Dec 2001 01:45:25 GMT
Note: given the role of this function in keeping requests inside the
document root, I've tested this new code against the standard boundary
cases like "/./../foo" and "/foo/../../bar".  If anyone has specific
additional test cases or points of concern, though, please let me know.
Thanks,
--Brian

brianp@apache.org wrote:

>brianp      01/12/02 16:49:28
>
>  Modified:    server   util.c
>  Log:
>  Optimization for ap_getparents: skip past all the leading
>  characters of the path that aren't '.' rather than copying
>  those bytes onto themselves
>  
>  Revision  Changes    Path
>  1.118     +7 -4      httpd-2.0/server/util.c
>  
>  Index: util.c
>  ===================================================================
>  RCS file: /home/cvs/httpd-2.0/server/util.c,v
>  retrieving revision 1.117
>  retrieving revision 1.118
>  diff -u -r1.117 -r1.118
>  --- util.c	2001/12/02 20:38:33	1.117
>  +++ util.c	2001/12/03 00:49:28	1.118
>  @@ -476,12 +476,15 @@
>    */
>   AP_DECLARE(void) ap_getparents(char *name)
>   {
>  -    int l, w;
>  +    char *next;
>  +    int l, w, first_dot;
>   
>       /* Four paseses, as per RFC 1808 */
>       /* a) remove ./ path segments */
>  -
>  -    for (l = 0, w = 0; name[l] != '\0';) {
>  +    for (next = name; *next && (*next != '.'); next++) {
>  +    }
>  +    l = w = first_dot = next - name;
>  +    while (name[l] != '\0') {
>   	if (name[l] == '.' && name[l + 1] == '/' && (l == 0 || name[l - 1]
== '/'))
>   	    l += 2;
>   	else
>  @@ -496,7 +499,7 @@
>       name[w] = '\0';
>   
>       /* c) remove all xx/../ segments. (including leading ../ and /../) */
>  -    l = 0;
>  +    l = first_dot;
>   
>       while (name[l] != '\0') {
>   	if (name[l] == '.' && name[l + 1] == '.' && name[l + 2] == '/' &&
>  
>  
>  
>




Mime
View raw message