rse 97/08/11 07:20:08
Modified: src CHANGES http_request.c
Log:
Last patch for 1.2.2: This is Dean's patch which fixes a long-standing bug in
sub_req_lookup_file(). A too optimistic optimization is now avoided.
Submitted by: Dean Gaudet
Reviewed by: Dean Gaudet, Ralf S. Engelschall
Revision Changes Path
1.286.2.44 +5 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.286.2.43
retrieving revision 1.286.2.44
diff -u -r1.286.2.43 -r1.286.2.44
--- CHANGES 1997/08/10 16:36:09 1.286.2.43
+++ CHANGES 1997/08/11 14:20:00 1.286.2.44
@@ -1,5 +1,10 @@
Changes with Apache 1.2.2
+ *) Fixed another long-standing bug in sub_req_lookup_file where it would
+ happily skip past access checks on subdirectories looked up with
relative
+ paths. (It's used by mod_dir, mod_negotiation, and mod_include.)
+ [Dean Gaudet]
+
*) Add lockfile name to error message printed out when
USE_FLOCK_SERIALIZED_ACCEPT is defined.
[Marc Slemko]
1.50.2.7 +23 -14 apache/src/http_request.c
Index: http_request.c
===================================================================
RCS file: /export/home/cvs/apache/src/http_request.c,v
retrieving revision 1.50.2.6
retrieving revision 1.50.2.7
diff -u -r1.50.2.6 -r1.50.2.7
--- http_request.c 1997/08/02 15:52:12 1.50.2.6
+++ http_request.c 1997/08/11 14:20:03 1.50.2.7
@@ -709,22 +709,31 @@
rnew->per_dir_config = r->per_dir_config;
- if ((res = check_symlinks (rnew->filename, allow_options (rnew)))) {
- log_reason ("Symbolic link not allowed", rnew->filename, rnew);
- rnew->status = res;
- return rnew;
- }
- /* do a file_walk, if it doesn't change the per_dir_config then
- * we know that we don't have to redo all the access checks */
- if ((res = file_walk (rnew))) {
- rnew->status = res;
- return rnew;
- }
- if (rnew->per_dir_config == r->per_dir_config) {
- if ((res = find_types (rnew)) || (res = run_fixups (rnew))) {
+ /* no matter what, if it's a subdirectory, we need to re-run
+ * directory_walk */
+ if (S_ISDIR (rnew->finfo.st_mode)) {
+ res = directory_walk (rnew);
+ if (!res) {
+ res = file_walk (rnew);
+ }
+ } else {
+ if ((res = check_symlinks (rnew->filename, allow_options (rnew)))) {
+ log_reason ("Symbolic link not allowed", rnew->filename, rnew);
+ rnew->status = res;
+ return rnew;
+ }
+ /* do a file_walk, if it doesn't change the per_dir_config then
+ * we know that we don't have to redo all the access checks */
+ if ((res = file_walk (rnew))) {
rnew->status = res;
+ return rnew;
+ }
+ if (rnew->per_dir_config == r->per_dir_config) {
+ if ((res = find_types (rnew)) || (res = run_fixups (rnew))) {
+ rnew->status = res;
+ }
+ return rnew;
}
- return rnew;
}
} else {
/* XXX: this should be set properly like it is in the same-dir case
