marc 97/08/24 19:26:58
Modified: src CHANGES src/main http_config.c Log: If a htaccess file is unreadable, deny access with a HTTP_FORBIDDEN error. The previous behavior of ignoring it if it could not be read is not good from a security viewpoint. The ENOTDIR check is necessary for path_info to work correctly in the current implementation. PR: 817 Reviewed by: Randy Terbush, Paul Sutton Revision Changes Path 1.419 +6 -0 apachen/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.418 retrieving revision 1.419 diff -u -r1.418 -r1.419 --- CHANGES 1997/08/25 02:00:27 1.418 +++ CHANGES 1997/08/25 02:26:52 1.419 @@ -1,5 +1,11 @@ Changes with Apache 1.3a2 + *) If a htaccess file can not be read due to bad permissions, deny + access to the directory with a HTTP_FORBIDDEN. The previous + behavior was to ignore the htaccess file if it could not + be read. This change may make some setups with unreadable + htaccess files stop working. PR#817 [Marc Slemko] + *) Add aplog_error() providing a mechanism to define levels of verbosity to the server error logging. This addition also provides the ablity to log errors using syslogd. Error logging is configurable 1.75 +10 -2 apachen/src/main/http_config.c Index: http_config.c =================================================================== RCS file: /export/home/cvs/apachen/src/main/http_config.c,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- http_config.c 1997/08/23 04:00:27 1.74 +++ http_config.c 1997/08/25 02:26:57 1.75 @@ -952,8 +952,16 @@ } *result = dc; - } else - dc = NULL; + } else { + if (errno == ENOENT || errno == ENOTDIR) + dc = NULL; + else { + log_unixerr("pfopen", filename, + "unable to check htaccess file, ensure it is readable", + r->server); + return HTTP_FORBIDDEN; + } + } /* cache it */ new = palloc(r->pool, sizeof(struct htaccess_result));