httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul J. Reder" <>
Subject Question about response validity.
Date Thu, 08 Jan 2009 22:43:13 GMT
In server/core.c: ap_core_translate, the function apr_filepath_merge is called two
different times. Most of the errors from apr_filepath_merge relate to resulting
local path values that fall outside the valid server path and make sense to return a

There is one case here that is not so clear though. Inside apr_filepath_merge, you
can also exceed the local system's PATH_MAX and the function returns

This results in a 403 being returned for a case where we refused to process the
request because the resulting local path name exceeded the PATH_MAX value.

Should this return 414 when it gets APR_ENAMETOOLONG or is it valid to return 403?

Paul J. Reder
"The strength of the Constitution lies entirely in the determination of each
citizen to defend it.  Only if every single citizen feels duty bound to do
his share in this defense are the constitutional rights secure."
-- Albert Einstein

View raw message