httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: Question about response validity.
Date Thu, 08 Jan 2009 23:20:46 GMT
Paul J. Reder wrote:
> In server/core.c: ap_core_translate, the function apr_filepath_merge is
> called two
> different times. Most of the errors from apr_filepath_merge relate to
> resulting
> local path values that fall outside the valid server path and make sense
> to return a
> 403.
> 
> There is one case here that is not so clear though. Inside
> apr_filepath_merge, you
> can also exceed the local system's PATH_MAX and the function returns
> APR_ENAMETOOLONG.
> 
> This results in a 403 being returned for a case where we refused to
> process the
> request because the resulting local path name exceeded the PATH_MAX value.
> 
> Should this return 414 when it gets APR_ENAMETOOLONG or is it valid to
> return 403?

We've treated this as an 'oh - I can't find that resource' because, well,
it's not possible.  You don't want things like 414's for GET in terms of
establishing too many fingerprints.  But in DAV, a 414 might make perfect
sense (as a PUT).

Mime
View raw message