You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1995/10/19 12:53:36 UTC
Re: Apache incompatibility
Does this deal with .. in the path? I'm not saying it doesn't, just wondering.
>
> I've uploaded a patch for this:
>
> 31_include.0.8.15.patch
> -----------------------
>
> Subject: SSI #include file="/foo/bar" shouldn't work
> Affects: mod_include.c
> ChangeLog: Disallow includes of files not in the same directory as the
> .shtml file.
>
> *** mod_include.c.orig Tue Oct 10 23:00:31 1995
> --- mod_include.c Thu Oct 19 12:24:16 1995
> ***************
> *** 360,372 ****
> if(!(tag_val = get_tag(r->pool, in, tag, MAX_STRING_LEN, 1)))
> return 1;
> if(!strcmp(tag,"file") || !strcmp (tag, "virtual")) {
> ! request_rec *rr =
> ! (tag[0] == 'f')?
> ! sub_req_lookup_file (tag_val, r) :
> ! sub_req_lookup_uri (tag_val, r);
> char *error_fmt = NULL;
>
> ! if (rr->status != 200)
> error_fmt = "unable to include %s in parsed file %s";
>
> if (!error_fmt && noexec && rr->content_type
> --- 360,378 ----
> if(!(tag_val = get_tag(r->pool, in, tag, MAX_STRING_LEN, 1)))
> return 1;
> if(!strcmp(tag,"file") || !strcmp (tag, "virtual")) {
> ! request_rec *rr=NULL;
> char *error_fmt = NULL;
> +
> + if (tag[0] == 'f')
> + { /* be safe; only files in this directory allowed */
> + if (strchr(tag_val, '/') != NULL)
> + error_fmt = "unable to include file %s in parsed file %s";
> + else
> + rr = sub_req_lookup_file (tag_val, r);
> + } else
> + rr = sub_req_lookup_uri (tag_val, r);
>
> ! if (!error_fmt && rr->status != 200)
> error_fmt = "unable to include %s in parsed file %s";
>
> if (!error_fmt && noexec && rr->content_type
> ***************
> *** 383,389 ****
> rprintf(r,"%s",error);
> }
>
> ! destroy_sub_req (rr);
> }
> else if(!strcmp(tag,"done"))
> return 0;
> --- 389,395 ----
> rprintf(r,"%s",error);
> }
>
> ! if (rr != NULL) destroy_sub_req (rr);
> }
> else if(!strcmp(tag,"done"))
> return 0;
--
Ben Laurie Phone: +44 (181) 994 6435
Freelance Consultant Fax: +44 (181) 994 6472
and Technical Director Email: ben@algroup.co.uk
A.L. Digital Ltd,
London, England.