You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by tr...@apache.org on 2003/09/25 18:00:57 UTC
cvs commit: httpd-2.0/server core.c
trawick 2003/09/25 09:00:57
Modified: . CHANGES
server core.c
Log:
Log an error when requests for URIs which fail to map to a valid
filesystem name are rejected with 403.
Revision Changes Path
1.1279 +3 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1278
retrieving revision 1.1279
diff -u -r1.1278 -r1.1279
--- CHANGES 23 Sep 2003 22:40:23 -0000 1.1278
+++ CHANGES 25 Sep 2003 16:00:56 -0000 1.1279
@@ -2,6 +2,9 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Log an error when requests for URIs which fail to map to a valid
+ filesystem name are rejected with 403. [Jeff Trawick]
+
*) Fixed mod_usertrack to not get false positive matches on the
user-tracking cookie's name. PR 16661.
[Manni Wood <ma...@planet-save.com>]
1.244 +11 -6 httpd-2.0/server/core.c
Index: core.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/core.c,v
retrieving revision 1.243
retrieving revision 1.244
diff -u -r1.243 -r1.244
--- core.c 3 Sep 2003 19:27:09 -0000 1.243
+++ core.c 25 Sep 2003 16:00:56 -0000 1.244
@@ -3274,6 +3274,7 @@
{
void *sconf = r->server->module_config;
core_server_config *conf = ap_get_module_config(sconf, &core_module);
+ apr_status_t rv;
/* XXX this seems too specific, this should probably become
* some general-case test
@@ -3300,10 +3301,12 @@
while (*path == '/') {
++path;
}
- if (apr_filepath_merge(&r->filename, conf->ap_document_root, path,
- APR_FILEPATH_TRUENAME
- | APR_FILEPATH_SECUREROOT, r->pool)
+ if ((rv = apr_filepath_merge(&r->filename, conf->ap_document_root, path,
+ APR_FILEPATH_TRUENAME
+ | APR_FILEPATH_SECUREROOT, r->pool))
!= APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "URI in request %s maps to invalid filename", r->the_request);
return HTTP_FORBIDDEN;
}
r->canonical_filename = r->filename;
@@ -3321,10 +3324,12 @@
while (*path == '/') {
++path;
}
- if (apr_filepath_merge(&r->filename, conf->ap_document_root, path,
- APR_FILEPATH_TRUENAME
- | APR_FILEPATH_SECUREROOT, r->pool)
+ if ((rv = apr_filepath_merge(&r->filename, conf->ap_document_root, path,
+ APR_FILEPATH_TRUENAME
+ | APR_FILEPATH_SECUREROOT, r->pool))
!= APR_SUCCESS) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
+ "URI in request %s maps to invalid filename", r->the_request);
return HTTP_FORBIDDEN;
}
r->canonical_filename = r->filename;
Re: cvs commit: httpd-2.0/server core.c
Posted by Jeff Trawick <tr...@attglobal.net>.
William A. Rowe, Jr. wrote:
> At 11:00 AM 9/25/2003, trawick@apache.org wrote:
>
>>trawick 2003/09/25 09:00:57
>>
>> Modified: . CHANGES
>> server core.c
>> Log:
>> Log an error when requests for URIs which fail to map to a valid
>> filesystem name are rejected with 403.
>>
>> + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
>> + "URI in request %s maps to invalid filename", r-
>
>
> Short version; "Cannot map %s to file"
thanks, will fix soon
Re: cvs commit: httpd-2.0/server core.c
Posted by "William A. Rowe, Jr." <wr...@apache.org>.
At 11:00 AM 9/25/2003, trawick@apache.org wrote:
>trawick 2003/09/25 09:00:57
>
> Modified: . CHANGES
> server core.c
> Log:
> Log an error when requests for URIs which fail to map to a valid
> filesystem name are rejected with 403.
>
> + ap_log_rerror(APLOG_MARK, APLOG_ERR, rv, r,
> + "URI in request %s maps to invalid filename", r-
Short version; "Cannot map %s to file"
'Invalid file name/path' commentary comes out of the errstring of rv anyways.
Bill