You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2004/08/27 21:11:21 UTC
cvs commit: httpd-2.0/server config.c
nd 2004/08/27 12:11:21
Modified: . Tag: APACHE_2_0_BRANCH CHANGES STATUS
server Tag: APACHE_2_0_BRANCH config.c
Log:
Include directives no longer refuse to process symlinks on
directories. Instead there's now a maximum nesting level
of included directories (128 as distributed). This is configurable
at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
PR: 28492
Reviewed by: Justin Erenkrantz, Joe Orton
Revision Changes Path
No revision
No revision
1.988.2.341 +6 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.988.2.340
retrieving revision 1.988.2.341
diff -u -u -r1.988.2.340 -r1.988.2.341
--- CHANGES 27 Aug 2004 18:46:50 -0000 1.988.2.340
+++ CHANGES 27 Aug 2004 19:11:18 -0000 1.988.2.341
@@ -1,5 +1,11 @@
Changes with Apache 2.0.51
+ *) Include directives no longer refuse to process symlinks on
+ directories. Instead there's now a maximum nesting level
+ of included directories (128 as distributed). This is configurable
+ at compile time using the -DAP_MAX_INCLUDE_DIR_DEPTH switch.
+ PR 28492. [Andr� Malo]
+
*) Win32: apache -k start|restart|install|config can leave stranded
piped logger processes (eg, rotatelogs.exe) due to improper
server shutdown on these code paths.
1.751.2.1030 +1 -6 httpd-2.0/STATUS
Index: STATUS
===================================================================
RCS file: /home/cvs/httpd-2.0/STATUS,v
retrieving revision 1.751.2.1029
retrieving revision 1.751.2.1030
diff -u -u -r1.751.2.1029 -r1.751.2.1030
--- STATUS 27 Aug 2004 18:58:43 -0000 1.751.2.1029
+++ STATUS 27 Aug 2004 19:11:20 -0000 1.751.2.1030
@@ -145,11 +145,6 @@
jerenkrantz: Icky side-effect of the *t == '0' check.
+1: nd, jerenkrantz
- *) allow symlinks on directories to be processed by Include directives
- and stop possible recursion by a counter. PR 28492
- server/config.c: r1.175
- +1: nd, jerenkrantz, jorton
-
*) mod_log_config: Cleanup log_header_out function to allow multiple headers
like Set-Cookie to be logged properly. PR 27787 (2.0 + 1.3)
modules/loggers/mod_log_config.c: r1.116
No revision
No revision
1.156.2.17 +20 -6 httpd-2.0/server/config.c
Index: config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/config.c,v
retrieving revision 1.156.2.16
retrieving revision 1.156.2.17
diff -u -u -r1.156.2.16 -r1.156.2.17
--- config.c 15 Aug 2004 22:42:14 -0000 1.156.2.16
+++ config.c 27 Aug 2004 19:11:21 -0000 1.156.2.17
@@ -180,6 +180,11 @@
typedef void *(*dir_maker_func)(apr_pool_t *, char *);
typedef void *(*merger_func)(apr_pool_t *, void *, void *);
+/* maximum nesting level for config directories */
+#ifndef AP_MAX_INCLUDE_DIR_DEPTH
+#define AP_MAX_INCLUDE_DIR_DEPTH (128)
+#endif
+
/* Dealing with config vectors. These are associated with per-directory,
* per-server, and per-request configuration, and have a void* pointer for
* each modules. The nature of the structure pointed to is private to the
@@ -1421,13 +1426,14 @@
static void process_resource_config_nofnmatch(server_rec *s, const char *fname,
ap_directive_t **conftree,
apr_pool_t *p,
- apr_pool_t *ptemp)
+ apr_pool_t *ptemp,
+ unsigned depth)
{
cmd_parms parms;
ap_configfile_t *cfp;
const char *errmsg;
- if (ap_is_rdirectory(p, fname)) {
+ if (ap_is_directory(p, fname)) {
apr_dir_t *dirp;
apr_finfo_t dirent;
int current;
@@ -1436,6 +1442,14 @@
apr_status_t rv;
char errmsg[120], *path = apr_pstrdup(p, fname);
+ if (++depth > AP_MAX_INCLUDE_DIR_DEPTH) {
+ fprintf(stderr, "%s: Directory %s exceeds the maximum include "
+ "directory nesting level of %u. You have probably a "
+ "recursion somewhere.\n", ap_server_argv0, path,
+ AP_MAX_INCLUDE_DIR_DEPTH);
+ exit(1);
+ }
+
/*
* first course of business is to grok all the directory
* entries here and store 'em away. Recall we need full pathnames
@@ -1471,7 +1485,7 @@
for (current = 0; current < candidates->nelts; ++current) {
fnew = &((fnames *) candidates->elts)[current];
process_resource_config_nofnmatch(s, fnew->fname, conftree, p,
- ptemp);
+ ptemp, depth);
}
}
@@ -1530,7 +1544,7 @@
}
if (!apr_fnmatch_test(fname)) {
- process_resource_config_nofnmatch(s, fname, conftree, p, ptemp);
+ process_resource_config_nofnmatch(s, fname, conftree, p, ptemp, 0);
}
else {
apr_dir_t *dirp;
@@ -1553,7 +1567,7 @@
exit(1);
}
- if (!ap_is_rdirectory(p, path)){
+ if (!ap_is_directory(p, path)){
fprintf(stderr, "%s: Include directory '%s' not found",
ap_server_argv0, path);
exit(1);
@@ -1602,7 +1616,7 @@
for (current = 0; current < candidates->nelts; ++current) {
fnew = &((fnames *) candidates->elts)[current];
process_resource_config_nofnmatch(s, fnew->fname, conftree, p,
- ptemp);
+ ptemp, 0);
}
}
}