dgaudet 97/07/07 23:32:37
Modified: src CHANGES alloc.c alloc.h mod_dir.c
mod_negotiation.c
Log:
PR#525: there are unprotected opendir/closedir calls in mod_dir.c and
mod_negotiation.c. Add popendir/pclosedir to deal with them.
Revision Changes Path
1.328 +3 -0 apache/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /export/home/cvs/apache/src/CHANGES,v
retrieving revision 1.327
retrieving revision 1.328
diff -C3 -r1.327 -r1.328
*** CHANGES 1997/07/08 04:45:26 1.327
--- CHANGES 1997/07/08 06:32:32 1.328
***************
*** 1,5 ****
--- 1,8 ----
Changes with Apache 1.3
+ *) popendir/pclosedir created to properly protect directory scanning.
+ [Dean Gaudet] PR#525
+
*) AliasMatch, ScriptAliasMatch and RedirectMatch directives added,
giving regex support to mod_alias. <DirectoryMatch>, <LocationMatch>
and <FilesMatch> sections added to succeed <DirectoryMatch ~>, etc...
1.37 +35 -0 apache/src/alloc.c
Index: alloc.c
===================================================================
RCS file: /export/home/cvs/apache/src/alloc.c,v
retrieving revision 1.36
retrieving revision 1.37
diff -C3 -r1.36 -r1.37
*** alloc.c 1997/07/06 05:37:18 1.36
--- alloc.c 1997/07/08 06:32:33 1.37
***************
*** 921,926 ****
--- 921,961 ----
return res;
}
+ /*
+ * DIR * with cleanup
+ */
+
+ static void dir_cleanup (void *dv)
+ {
+ closedir ((DIR *)dv);
+ }
+
+ DIR *popendir (pool *p, const char *name)
+ {
+ DIR *d;
+ int save_errno;
+
+ block_alarms ();
+ d = opendir (name);
+ if (d == NULL) {
+ save_errno = errno;
+ unblock_alarms ();
+ errno = save_errno;
+ return NULL;
+ }
+ register_cleanup (p, (void *)d, dir_cleanup, dir_cleanup);
+ unblock_alarms ();
+ return d;
+ }
+
+ void pclosedir (pool *p, DIR *d)
+ {
+ block_alarms ();
+ kill_cleanup (p, (void *)d, dir_cleanup);
+ closedir (d);
+ unblock_alarms ();
+ }
+
/*****************************************************************
*
* Files and file descriptors; these are just an application of the
1.25 +4 -0 apache/src/alloc.h
Index: alloc.h
===================================================================
RCS file: /export/home/cvs/apache/src/alloc.h,v
retrieving revision 1.24
retrieving revision 1.25
diff -C3 -r1.24 -r1.25
*** alloc.h 1997/07/06 05:37:19 1.24
--- alloc.h 1997/07/08 06:32:33 1.25
***************
*** 227,232 ****
--- 227,236 ----
int pfclose(struct pool *, FILE *);
int pclosef(struct pool *, int fd);
+ /* routines to deal with directories */
+ DIR *popendir (pool *p, const char *name);
+ void pclosedir (pool *p, DIR *d);
+
/* ... even child processes (which we may want to wait for,
* or to kill outright, on unexpected termination).
*
1.32 +3 -3 apache/src/mod_dir.c
Index: mod_dir.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_dir.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -C3 -r1.31 -r1.32
*** mod_dir.c 1997/07/05 21:30:22 1.31
--- mod_dir.c 1997/07/08 06:32:34 1.32
***************
*** 776,782 ****
char *tmp;
int dir_opts = find_opts(dir_conf, r);
! if(!(d=opendir(name))) {
log_reason ("Can't open directory for index", r->filename, r);
return HTTP_FORBIDDEN;
}
--- 776,782 ----
char *tmp;
int dir_opts = find_opts(dir_conf, r);
! if(!(d=popendir(r->pool, name))) {
log_reason ("Can't open directory for index", r->filename, r);
return HTTP_FORBIDDEN;
}
***************
*** 786,792 ****
send_http_header(r);
if (r->header_only) {
! closedir (d);
return 0;
}
hard_timeout("send directory", r);
--- 786,792 ----
send_http_header(r);
if (r->header_only) {
! pclosedir (r->pool, d);
return 0;
}
hard_timeout("send directory", r);
***************
*** 839,845 ****
#endif
}
output_directories(ar, num_ent, dir_conf, r, dir_opts);
! closedir(d);
if (dir_opts & FANCY_INDEXING)
if((tmp = find_readme(dir_conf, r)))
--- 839,845 ----
#endif
}
output_directories(ar, num_ent, dir_conf, r, dir_opts);
! pclosedir(r->pool, d);
if (dir_opts & FANCY_INDEXING)
if((tmp = find_readme(dir_conf, r)))
1.46 +3 -3 apache/src/mod_negotiation.c
Index: mod_negotiation.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_negotiation.c,v
retrieving revision 1.45
retrieving revision 1.46
diff -C3 -r1.45 -r1.46
*** mod_negotiation.c 1997/07/05 21:30:23 1.45
--- mod_negotiation.c 1997/07/08 06:32:34 1.46
***************
*** 740,746 ****
++filp;
prefix_len = strlen (filp);
! dirp = opendir (neg->dir_name); /* Not pool protected; sigh... */
if (dirp == NULL) {
log_reason("cannot read directory for multi", neg->dir_name, r);
--- 740,746 ----
++filp;
prefix_len = strlen (filp);
! dirp = popendir (neg->pool, neg->dir_name);
if (dirp == NULL) {
log_reason("cannot read directory for multi", neg->dir_name, r);
***************
*** 783,789 ****
!strcmp (sub_req->content_type, MAP_FILE_MAGIC_TYPE)) ||
((sub_req->handler) &&
!strcmp (sub_req->handler, "type-map"))) {
! closedir(dirp);
neg->avail_vars->nelts = 0;
return read_type_map (neg, sub_req);
--- 783,789 ----
!strcmp (sub_req->content_type, MAP_FILE_MAGIC_TYPE)) ||
((sub_req->handler) &&
!strcmp (sub_req->handler, "type-map"))) {
! pclosedir(neg->pool, dirp);
neg->avail_vars->nelts = 0;
return read_type_map (neg, sub_req);
***************
*** 816,822 ****
clean_var_rec(&mime_info);
}
! closedir(dirp);
return OK;
}
--- 816,822 ----
clean_var_rec(&mime_info);
}
! pclosedir(neg->pool, dirp);
return OK;
}
