mod_jserv/3886: JServSSI breaks due to a problem with stat().

[Paul Reilly <pa...@pajato.com>]

>Number:         3886
>Category:       mod_jserv
>Synopsis:       JServSSI breaks due to a problem with stat().
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    jserv
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Thu Feb 11 14:20:02 PST 1999
>Last-Modified:
>Originator:     paul@pajato.com
>Organization:
apache
>Release:        1.3.1, 1.3.3, 1.3.4
>Environment:
Redhat 5.1 with gcc version 2.7.2.3
Redhat 5.2 with gcc version egcs-2.91.57 19980901 (egcs-1.1 release)
>Description:
JServSSI only works for the first call of the function stat() in
the function get_path_info() in the file http_request.c in the 
src/main directory of the apache distribution.  The first time,
stat() claims the path /servlets is a link, but after that it
has a non-zero finfo.st_mode and fails for S_ISDIR, S_ISREG, 
and S_ISLNK, so check_safe_file() returns HTTP_FORBIDDEN.

I was able to narrow down the problem to stat(), but I wasn't able
to understand it's behavior.
>How-To-Repeat:
Start with Apache 1.3.4, JServ 1.0b2, and JServSSI 1.0.

Add module rewrite and load the rewrite module before jserv.
>Fix:
I added this hack to line 242 of http_request.c, so we could use JServSSI:

        else if (! strcmp("/servlets", path) )
        {
          errno = 0;
          rv = stat(path, &r->finfo);
          r->finfo.st_mode = 0;
        }
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <ap...@Apache.Org> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]