marc 97/08/24 19:26:58
Modified: src CHANGES
src/main http_config.c
Log:
If a htaccess file is unreadable, deny access with a HTTP_FORBIDDEN
error. The previous behavior of ignoring it if it could not be read is
not good from a security viewpoint. The ENOTDIR check is necessary for
path_info to work correctly in the current implementation.
PR: 817
Reviewed by: Randy Terbush, Paul Sutton
Revision Changes Path
1.419 +6 -0 apachen/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.418
retrieving revision 1.419
diff -u -r1.418 -r1.419
--- CHANGES 1997/08/25 02:00:27 1.418
+++ CHANGES 1997/08/25 02:26:52 1.419
@@ -1,5 +1,11 @@
Changes with Apache 1.3a2
+ *) If a htaccess file can not be read due to bad permissions, deny
+ access to the directory with a HTTP_FORBIDDEN. The previous
+ behavior was to ignore the htaccess file if it could not
+ be read. This change may make some setups with unreadable
+ htaccess files stop working. PR#817 [Marc Slemko]
+
*) Add aplog_error() providing a mechanism to define levels of
verbosity to the server error logging. This addition also provides
the ablity to log errors using syslogd. Error logging is configurable
1.75 +10 -2 apachen/src/main/http_config.c
Index: http_config.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_config.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- http_config.c 1997/08/23 04:00:27 1.74
+++ http_config.c 1997/08/25 02:26:57 1.75
@@ -952,8 +952,16 @@
}
*result = dc;
- } else
- dc = NULL;
+ } else {
+ if (errno == ENOENT || errno == ENOTDIR)
+ dc = NULL;
+ else {
+ log_unixerr("pfopen", filename,
+ "unable to check htaccess file, ensure it is readable",
+ r->server);
+ return HTTP_FORBIDDEN;
+ }
+ }
/* cache it */
new = palloc(r->pool, sizeof(struct htaccess_result));
