You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by wr...@apache.org on 2019/03/20 23:06:02 UTC
svn commit: r1855950 - in /apr/apr/branches/1.7.x: ./ CHANGES
file_io/win32/dir.c file_io/win32/filestat.c
include/arch/win32/apr_arch_file_io.h
Author: wrowe
Date: Wed Mar 20 23:06:02 2019
New Revision: 1855950
URL: http://svn.apache.org/viewvc?rev=1855950&view=rev
Log:
Narrow symbolic link detection on NTFS
Read the WIN32_FIND_DATA::dwReserved0 field to determine whether reparse point
is a "name surrogate".
It's probably more safe to bind to specifig tags. If provided structure
(wininfo) was not resulted from FindFile* call, then additional FindFirstFile
call is performed. However this may be unnecessary, because the alternate
GetFileInformation call is used in the case of an open file handle, and
APR_FINFO_LINK has no meaning when it comes to open files.
Submitted by: Oleg Liatte <olegliatte gmail.com>
PR: 47630
Backports: r1855949
Modified:
apr/apr/branches/1.7.x/ (props changed)
apr/apr/branches/1.7.x/CHANGES
apr/apr/branches/1.7.x/file_io/win32/dir.c
apr/apr/branches/1.7.x/file_io/win32/filestat.c
apr/apr/branches/1.7.x/include/arch/win32/apr_arch_file_io.h
Propchange: apr/apr/branches/1.7.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Mar 20 23:06:02 2019
@@ -1,4 +1,4 @@
/apr/apr/branches/1.4.x:1003369,1101301
-/apr/apr/trunk:733052,739635,741862,741866-741867,741869,741871,745763-745764,746310,747990,748080,748361,748371,748565,748888,748902,748988,749810,760443,767895,775683,782838,783398,783958,784633,784773,788588,789050,793192-793193,794118,794485,795267,799497,800627,809745,809854,810472,811455,813063,821306,829490,831641,832904,835607,888669,892028,892159,892435,892909,896382,896653,899905,901088,902077,902090,908427,910419,910597,917819,917837-917838,923311,923320,925965,929796,930508,931973,932585,951771,960665,960671,979891,983618,989450,990435,1003338,1044440,1044447,1055657,1072165,1078845,1081462,1081495,1083038,1083242,1084662,1086695,1088023,1089031,1089129,1089438,1099348,1103310,1183683,1183685-1183686,1183688,1183693,1183698,1213382,1235047,1236970,1237078,1237507,1240472,1340286,1340288,1340470,1341193,1341196,1343233,1343243,1367050,1368819,1370494,1372018,1372022,1372093,1372849,1376957,1384764,1389077,1400200,1402868,1405985,1406690,1420106,1420109,1425356,1428809,143
8940,1438957-1438959,1442903,1449568,1456418,1459994,1460179-1460180,1460241,1460399,1460405,1462738,1462813,1470186,1470348,1475509,1478905,1480067,1481262,1481265,1484271,1487796,1489517,1496407,1502804,1510354,1516261,1523384,1523479,1523484,1523505,1523521,1523604,1523613,1523615,1523844-1523845,1523853,1524014,1524031,1528797,1528809,1529488,1529495,1529515,1529521,1529668,1530786,1530800,1530988,1531554,1531768,1531884,1532022,1533104,1533111,1533979,1534882,1535027,1535157,1536744,1538171,1539374,1539389,1539455,1539603,1541054,1541061,1541486,1541655,1541666,1541744,1542601,1542779,1543033,1543056,1548575,1550907,1551650,1551659,1558905,1559382,1559873,1559975,1561040,1561260,1561265,1561321,1561347,1561356,1561361,1561394,1561555,1571894,1575509,1578420,1587045,1587063,1587543,1587545,1588878,1588937,1589982,1593611,1593614-1593615,1593680,1594684,1594708,1595549,1597797,1597803,1604590,1604596,1604598,1605104,1610854,1611023,1611107,1611110,1611117,1611120,1611125,1611184,
1611193,1611466,1611515,1611517,1625173,1626564,1634615,1642159,1648830,1664406,1664447,1664451,1664471,1664769-1664770,1664775,1664904,1664911,1664958,1666341,1666411,1666458,1666611,1667420-1667421,1667423,1667900-1667901,1667903,1667914-1667916,1667962,1669077,1671292,1671329,1671356,1671386,1671389,1671513-1671514,1671957,1672354,1672366,1672495,1672575,1675644,1675656,1675668,1676013,1683521,1685929,1696140,1696767,1722547,1722557,1726928,1727020,1727160,1727175,1727199,1728957,1732582,1733451,1733594,1733694,1733706,1733708,1733775,1734816,1736552,1738791,1738925,1750374,1755709,1755740,1755746,1755758,1755954,1761279,1762326,1774712,1774973,1775069,1776994,1776998,1788334,1788337,1788929,1789947,1789998,1790045,1790200,1790296,1790302-1790304,1790330-1790331,1790436,1790439,1790444,1790446,1790488,1790521,1790523,1790569,1790632,1791598,1791718,1791728,1792621-1792622,1792625,1792961,1792963,1797415,1798105,1805380,1808039,1808836,1808910,1809649,1810452,1813286,1813330,18142
39-1814240,1814326,1814329,1814331,1816527,1816628,1817485,1819857-1819858,1819860-1819861,1819934-1819935,1820080,1820755,1822357,1827534,1832203,1832691,1832985,1834253,1834494,1834541,1836235,1839068,1839493,1839622,1839769,1840372,1841078,1846806,1850087,1850095,1851541-1851542,1854123,1855049,1855347,1855443-1855444,1855839-1855840,1855855,1855864,1855867
+/apr/apr/trunk:733052,739635,741862,741866-741867,741869,741871,745763-745764,746310,747990,748080,748361,748371,748565,748888,748902,748988,749810,760443,767895,775683,782838,783398,783958,784633,784773,788588,789050,793192-793193,794118,794485,795267,799497,800627,809745,809854,810472,811455,813063,821306,829490,831641,832904,835607,888669,892028,892159,892435,892909,896382,896653,899905,901088,902077,902090,908427,910419,910597,917819,917837-917838,923311,923320,925965,929796,930508,931973,932585,951771,960665,960671,979891,983618,989450,990435,1003338,1044440,1044447,1055657,1072165,1078845,1081462,1081495,1083038,1083242,1084662,1086695,1088023,1089031,1089129,1089438,1099348,1103310,1183683,1183685-1183686,1183688,1183693,1183698,1213382,1235047,1236970,1237078,1237507,1240472,1340286,1340288,1340470,1341193,1341196,1343233,1343243,1367050,1368819,1370494,1372018,1372022,1372093,1372849,1376957,1384764,1389077,1400200,1402868,1405985,1406690,1420106,1420109,1425356,1428809,143
8940,1438957-1438959,1442903,1449568,1456418,1459994,1460179-1460180,1460241,1460399,1460405,1462738,1462813,1470186,1470348,1475509,1478905,1480067,1481262,1481265,1484271,1487796,1489517,1496407,1502804,1510354,1516261,1523384,1523479,1523484,1523505,1523521,1523604,1523613,1523615,1523844-1523845,1523853,1524014,1524031,1528797,1528809,1529488,1529495,1529515,1529521,1529668,1530786,1530800,1530988,1531554,1531768,1531884,1532022,1533104,1533111,1533979,1534882,1535027,1535157,1536744,1538171,1539374,1539389,1539455,1539603,1541054,1541061,1541486,1541655,1541666,1541744,1542601,1542779,1543033,1543056,1548575,1550907,1551650,1551659,1558905,1559382,1559873,1559975,1561040,1561260,1561265,1561321,1561347,1561356,1561361,1561394,1561555,1571894,1575509,1578420,1587045,1587063,1587543,1587545,1588878,1588937,1589982,1593611,1593614-1593615,1593680,1594684,1594708,1595549,1597797,1597803,1604590,1604596,1604598,1605104,1610854,1611023,1611107,1611110,1611117,1611120,1611125,1611184,
1611193,1611466,1611515,1611517,1625173,1626564,1634615,1642159,1648830,1664406,1664447,1664451,1664471,1664769-1664770,1664775,1664904,1664911,1664958,1666341,1666411,1666458,1666611,1667420-1667421,1667423,1667900-1667901,1667903,1667914-1667916,1667962,1669077,1671292,1671329,1671356,1671386,1671389,1671513-1671514,1671957,1672354,1672366,1672495,1672575,1675644,1675656,1675668,1676013,1683521,1685929,1696140,1696767,1722547,1722557,1726928,1727020,1727160,1727175,1727199,1728957,1732582,1733451,1733594,1733694,1733706,1733708,1733775,1734816,1736552,1738791,1738925,1750374,1755709,1755740,1755746,1755758,1755954,1761279,1762326,1774712,1774973,1775069,1776994,1776998,1788334,1788337,1788929,1789947,1789998,1790045,1790200,1790296,1790302-1790304,1790330-1790331,1790436,1790439,1790444,1790446,1790488,1790521,1790523,1790569,1790632,1791598,1791718,1791728,1792621-1792622,1792625,1792961,1792963,1797415,1798105,1805380,1808039,1808836,1808910,1809649,1810452,1813286,1813330,18142
39-1814240,1814326,1814329,1814331,1816527,1816628,1817485,1819857-1819858,1819860-1819861,1819934-1819935,1820080,1820755,1822357,1827534,1832203,1832691,1832985,1834253,1834494,1834541,1836235,1839068,1839493,1839622,1839769,1840372,1841078,1846806,1850087,1850095,1851541-1851542,1854123,1855049,1855347,1855443-1855444,1855839-1855840,1855855,1855864,1855867,1855949
/apr/apr/trunk/test/testnames.c:1460405
/httpd/httpd/trunk:1604590
Modified: apr/apr/branches/1.7.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?rev=1855950&r1=1855949&r2=1855950&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.7.x/CHANGES [utf-8] Wed Mar 20 23:06:02 2019
@@ -1,6 +1,10 @@
-*- coding: utf-8 -*-
Changes for APR 1.7.0
+ *) apr_file_info: [Win32 only] Treat only "name surrogate" reparse points
+ as symlinks, and not other reparse tag types. PR47630
+ [Oleg Liatte <olegliatte gmail.com>]
+
*) Test %ld vs. %lld to avoid compiler emits using APR_OFF_T_FMT, in the
case of apparently equivilant long and long long types. [William Rowe]
Modified: apr/apr/branches/1.7.x/file_io/win32/dir.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/file_io/win32/dir.c?rev=1855950&r1=1855949&r2=1855950&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/file_io/win32/dir.c (original)
+++ apr/apr/branches/1.7.x/file_io/win32/dir.c Wed Mar 20 23:06:02 2019
@@ -210,7 +210,7 @@ APR_DECLARE(apr_status_t) apr_dir_read(a
#endif
fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) thedir->w.entry,
- 0, wanted);
+ 0, 1, fname, wanted);
finfo->pool = thedir->pool;
finfo->valid |= APR_FINFO_NAME;
Modified: apr/apr/branches/1.7.x/file_io/win32/filestat.c
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/file_io/win32/filestat.c?rev=1855950&r1=1855949&r2=1855950&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/file_io/win32/filestat.c (original)
+++ apr/apr/branches/1.7.x/file_io/win32/filestat.c Wed Mar 20 23:06:02 2019
@@ -210,6 +210,71 @@ static apr_status_t guess_protection_bit
return ((wanted & ~finfo->valid) ? APR_INCOMPLETE : APR_SUCCESS);
}
+static int reparse_point_is_link(WIN32_FILE_ATTRIBUTE_DATA *wininfo,
+ int finddata, const char *fname)
+{
+ int tag = 0;
+
+ if (!(wininfo->dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT))
+ {
+ return 0;
+ }
+
+ if (finddata)
+ {
+ // no matter A or W as we don't need file name
+ tag = ((WIN32_FIND_DATAA*)wininfo)->dwReserved0;
+ }
+ else
+ {
+ if (test_safe_name(fname) != APR_SUCCESS) {
+ return 0;
+ }
+
+#if APR_HAS_UNICODE_FS
+ IF_WIN_OS_IS_UNICODE
+ {
+ apr_wchar_t wfname[APR_PATH_MAX];
+ HANDLE hFind;
+ WIN32_FIND_DATAW fd;
+
+ if (utf8_to_unicode_path(wfname, APR_PATH_MAX, fname) != APR_SUCCESS) {
+ return 0;
+ }
+
+ hFind = FindFirstFileW(wfname, &fd);
+ if (hFind == INVALID_HANDLE_VALUE) {
+ return 0;
+ }
+
+ FindClose(hFind);
+
+ tag = fd.dwReserved0;
+ }
+#endif
+#if APR_HAS_ANSI_FS || 1
+ ELSE_WIN_OS_IS_ANSI
+ {
+ HANDLE hFind;
+ WIN32_FIND_DATAA fd;
+
+ hFind = FindFirstFileA(fname, &fd);
+ if (hFind == INVALID_HANDLE_VALUE) {
+ return 0;
+ }
+
+ FindClose(hFind);
+
+ tag = fd.dwReserved0;
+ }
+#endif
+ }
+
+ // Test "Name surrogate bit" to detect any kind of symbolic link
+ // See https://docs.microsoft.com/en-us/windows/desktop/fileio/reparse-point-tags
+ return tag & 0x20000000;
+}
+
apr_status_t more_finfo(apr_finfo_t *finfo, const void *ufile,
apr_int32_t wanted, int whatfile)
{
@@ -351,7 +416,10 @@ apr_status_t more_finfo(apr_finfo_t *fin
*/
int fillin_fileinfo(apr_finfo_t *finfo,
WIN32_FILE_ATTRIBUTE_DATA *wininfo,
- int byhandle, apr_int32_t wanted)
+ int byhandle,
+ int finddata,
+ const char *fname,
+ apr_int32_t wanted)
{
DWORD *sizes = &wininfo->nFileSizeHigh + byhandle;
int warn = 0;
@@ -372,7 +440,7 @@ int fillin_fileinfo(apr_finfo_t *finfo,
#endif
if (wanted & APR_FINFO_LINK &&
- wininfo->dwFileAttributes & FILE_ATTRIBUTE_REPARSE_POINT) {
+ reparse_point_is_link(wininfo, finddata, fname)) {
finfo->filetype = APR_LNK;
}
else if (wininfo->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
@@ -449,7 +517,7 @@ APR_DECLARE(apr_status_t) apr_file_info_
return apr_get_os_error();
}
- fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) &FileInfo, 1, wanted);
+ fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) &FileInfo, 1, 0, thefile->fname, wanted);
if (finfo->filetype == APR_REG)
{
@@ -520,6 +588,7 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
WIN32_FIND_DATAA n;
WIN32_FILE_ATTRIBUTE_DATA i;
} FileInfo;
+ int finddata = 0;
/* Catch fname length == MAX_PATH since GetFileAttributesEx fails
* with PATH_NOT_FOUND. We would rather indicate length error than
@@ -555,7 +624,7 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
if ((rv = utf8_to_unicode_path(wfname, sizeof(wfname)
/ sizeof(apr_wchar_t), fname)))
return rv;
- if (!(wanted & APR_FINFO_NAME)) {
+ if (!(wanted & (APR_FINFO_NAME | APR_FINFO_LINK))) {
if (!GetFileAttributesExW(wfname, GetFileExInfoStandard,
&FileInfo.i))
return apr_get_os_error();
@@ -565,7 +634,6 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
* since we want the true name, and set aside a long
* enough string to handle the longest file name.
*/
- char tmpname[APR_FILE_MAX * 3 + 1];
HANDLE hFind;
if ((rv = test_safe_name(fname)) != APR_SUCCESS) {
return rv;
@@ -574,11 +642,17 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
if (hFind == INVALID_HANDLE_VALUE)
return apr_get_os_error();
FindClose(hFind);
- if (unicode_to_utf8_path(tmpname, sizeof(tmpname),
- FileInfo.w.cFileName)) {
- return APR_ENAMETOOLONG;
+ finddata = 1;
+
+ if (wanted & APR_FINFO_NAME)
+ {
+ char tmpname[APR_FILE_MAX * 3 + 1];
+ if (unicode_to_utf8_path(tmpname, sizeof(tmpname),
+ FileInfo.w.cFileName)) {
+ return APR_ENAMETOOLONG;
+ }
+ filename = apr_pstrdup(pool, tmpname);
}
- filename = apr_pstrdup(pool, tmpname);
}
}
#endif
@@ -590,7 +664,7 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
rv = apr_filepath_root(&root, &test, APR_FILEPATH_NATIVE, pool);
isroot = (root && *root && !(*test));
- if ((apr_os_level >= APR_WIN_98) && (!(wanted & APR_FINFO_NAME) || isroot))
+ if ((apr_os_level >= APR_WIN_98) && (!(wanted & (APR_FINFO_NAME | APR_FINFO_LINK)) || isroot))
{
/* cannot use FindFile on a Win98 root, it returns \*
* GetFileAttributesExA is not available on Win95
@@ -632,16 +706,19 @@ APR_DECLARE(apr_status_t) apr_stat(apr_f
hFind = FindFirstFileA(fname, &FileInfo.n);
if (hFind == INVALID_HANDLE_VALUE) {
return apr_get_os_error();
- }
+ }
FindClose(hFind);
- filename = apr_pstrdup(pool, FileInfo.n.cFileName);
+ finddata = 1;
+ if (wanted & APR_FINFO_NAME) {
+ filename = apr_pstrdup(pool, FileInfo.n.cFileName);
+ }
}
}
#endif
if (ident_rv != APR_INCOMPLETE) {
if (fillin_fileinfo(finfo, (WIN32_FILE_ATTRIBUTE_DATA *) &FileInfo,
- 0, wanted))
+ 0, finddata, fname, wanted))
{
/* Go the extra mile to assure we have a file. WinNT/2000 seems
* to reliably translate char devices to the path '\\.\device'
Modified: apr/apr/branches/1.7.x/include/arch/win32/apr_arch_file_io.h
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/include/arch/win32/apr_arch_file_io.h?rev=1855950&r1=1855949&r2=1855950&view=diff
==============================================================================
--- apr/apr/branches/1.7.x/include/arch/win32/apr_arch_file_io.h (original)
+++ apr/apr/branches/1.7.x/include/arch/win32/apr_arch_file_io.h Wed Mar 20 23:06:02 2019
@@ -135,7 +135,8 @@ void *res_name_from_filename(const char
/* Private function for apr_stat/lstat/getfileinfo/dir_read */
int fillin_fileinfo(apr_finfo_t *finfo, WIN32_FILE_ATTRIBUTE_DATA *wininfo,
- int byhandle, apr_int32_t wanted);
+ int byhandle, int finddata, const char *fname,
+ apr_int32_t wanted);
/* Private function that extends apr_stat/lstat/getfileinfo/dir_read */
apr_status_t more_finfo(apr_finfo_t *finfo, const void *ufile,