You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Alexei Kosut <ak...@organic.com> on 1997/09/05 23:39:00 UTC

[PATCH] Canonicalizing entries (again)

I posted this patch a few days ago, but didn't see any response
indicating whether it should be applied. So I'm sending it again, and if
I don't get any feedback in a few days, I'll commit it, I guess.

It subjects <Directory> and <Files> entries to the same treatment we give
translated filenames on Windows. Because we now internally assume that
all filenames are lowercase, with a (lowercase) drive letter, and use
long names, we've increased the possibility that someone will use
<Directory> to try and protect something and fail to, because they didn't
read the fine print in the (nonexistant) documentation. It also causes
<DirectoryMatch> and <FilesMatch> to be case-insensitive, with the same
reasoning.

Index: main/http_core.c
===================================================================
RCS file: /export/home/cvs/apachen/src/main/http_core.c,v
retrieving revision 1.118
diff -u -r1.118 http_core.c
--- http_core.c	1997/09/02 16:12:08	1.118
+++ http_core.c	1997/09/03 23:46:25
@@ -753,6 +753,16 @@
     return NULL;
 }
 
+/* We use this in <DirectoryMatch> and <FilesMatch>, to ensure that 
+ * people don't get bitten by wrong-cased regex matches
+ */
+
+#ifdef WIN32
+#define USE_ICASE REG_ICASE
+#else
+#define USE_ICASE 0
+#endif
+
 static const char end_dir_magic[] = "</Directory> outside of any <Directory> section";
 
 const char *end_dirsection (cmd_parms *cmd, void *dummy) {
@@ -782,11 +792,15 @@
     cmd->override = OR_ALL|ACCESS_CONF;
 
     if (cmd->info) { /* <DirectoryMatch> */
-	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
+	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
     }
     else if (!strcmp(cmd->path, "~")) {
 	cmd->path = getword_conf (cmd->pool, &arg);
-	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
+	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
+    }
+    else {
+	/* Ensure that the pathname is canonical */
+	cmd->path = os_canonical_filename(cmd->pool, cmd->path);
     }
 
     errmsg = srm_command_loop (cmd, new_dir_conf);
@@ -881,16 +895,21 @@
     if (cmd->info) { /* <FilesMatch> */
 	if (old_path && cmd->path[0] != '/' && cmd->path[0] != '^')
             cmd->path = pstrcat(cmd->pool, "^", old_path, cmd->path, NULL);
-        r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
+        r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
     }
     else if (!strcmp(cmd->path, "~")) {
 	cmd->path = getword_conf (cmd->pool, &arg);
 	if (old_path && cmd->path[0] != '/' && cmd->path[0] != '^')
 	    cmd->path = pstrcat(cmd->pool, "^", old_path, cmd->path, NULL);
-	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED);
+	r = pregcomp(cmd->pool, cmd->path, REG_EXTENDED|USE_ICASE);
+    }
+    else {
+	if (old_path && cmd->path[0] != '/')
+	    cmd->path = pstrcat(cmd->pool, old_path, cmd->path, NULL);
+
+	/* Ensure that the pathname is canonical */
+	cmd->path = os_canonical_filename(cmd->pool, cmd->path);
     }
-    else if (old_path && cmd->path[0] != '/')
-	cmd->path = pstrcat(cmd->pool, old_path, cmd->path, NULL);
 
     errmsg = srm_command_loop (cmd, new_file_conf);
     if (errmsg != end_file_magic) return errmsg;


-- Alexei Kosut <ak...@organic.com>

Re: [PATCH] Canonicalizing entries (again)

Posted by Ben Laurie <be...@algroup.co.uk>.

Alexei Kosut wrote:
> 
> I posted this patch a few days ago, but didn't see any response
> indicating whether it should be applied. So I'm sending it again, and if
> I don't get any feedback in a few days, I'll commit it, I guess.
> 
> It subjects <Directory> and <Files> entries to the same treatment we give
> translated filenames on Windows. Because we now internally assume that
> all filenames are lowercase, with a (lowercase) drive letter, and use
> long names, we've increased the possibility that someone will use
> <Directory> to try and protect something and fail to, because they didn't
> read the fine print in the (nonexistant) documentation. It also causes
> <DirectoryMatch> and <FilesMatch> to be case-insensitive, with the same
> reasoning.

+1 (at least until we come up with a better answer).

Randy also asked about UNC - a valid concern, unfortunately. Sigh.

Cheers,

Ben.

-- 
Ben Laurie            |Phone: +44 (181) 994 6435|Apache Group member
Freelance Consultant  |Fax:   +44 (181) 994 6472|http://www.apache.org
and Technical Director|Email: ben@algroup.co.uk |Apache-SSL author
A.L. Digital Ltd,     |http://www.algroup.co.uk/Apache-SSL
London, England.      |"Apache: TDG" http://www.ora.com/catalog/apache