You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ji...@apache.org on 2010/08/25 16:15:54 UTC
svn commit: r989124 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
server/request.c
Author: jim
Date: Wed Aug 25 14:15:54 2010
New Revision: 989124
URL: http://svn.apache.org/viewvc?rev=989124&view=rev
Log:
Merge r632947, r633174 from trunk:
core: fix SymlinksIfOwnerMatch checking:
(1) Fix Origin checking (PR 36783 - Robert L Mathews)
(2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set
* lfi is already a pointer in contrast fi which was used before.
Reviewed/backported by: jim
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/server/request.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=989124&r1=989123&r2=989124&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Wed Aug 25 14:15:54 2010
@@ -1,6 +1,12 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.17
+ *) core: check symlink ownership if both FollowSymlinks and
+ SymlinksIfOwnerMatch are set [Nick Kew]
+
+ *) core: fix origin checking in SymlinksIfOwnerMatch
+ PR 36783 [Robert L Mathews <rob-apache.org.bugs tigertech.net>]
+
*) mod_headers: Enable multi-match-and-replace edit option
PR 46594 [Nick Kew]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=989124&r1=989123&r2=989124&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Wed Aug 25 14:15:54 2010
@@ -87,13 +87,6 @@ RELEASE SHOWSTOPPERS:
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
[ start all new proposals below, under PATCHES PROPOSED. ]
- * Core: fix symlinks ownership tests
- PR 36783
- Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=632947
- http://svn.apache.org/viewvc?view=revision&revision=633174
- 2.2 patch: trunk patch Works with offset.
- +1: niq, rpluem, jim
-
* mod_proxy_ajp: Don't log error when client disconnects.
Trunk version of patch:
http://svn.apache.org/viewvc?view=rev&revision=986591
Modified: httpd/httpd/branches/2.2.x/server/request.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/server/request.c?rev=989124&r1=989123&r2=989124&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/server/request.c (original)
+++ httpd/httpd/branches/2.2.x/server/request.c Wed Aug 25 14:15:54 2010
@@ -351,7 +351,8 @@ static int resolve_symlink(char *d, apr_
/* Save the name from the valid bits. */
savename = (lfi->valid & APR_FINFO_NAME) ? lfi->name : NULL;
- if (opts & OPT_SYM_LINKS) {
+ /* if OPT_SYM_OWNER is unset, we only need to check target accessible */
+ if (!(opts & OPT_SYM_OWNER)) {
if ((res = apr_stat(&fi, d, lfi->valid & ~(APR_FINFO_NAME
| APR_FINFO_LINK), p))
!= APR_SUCCESS) {
@@ -373,7 +374,7 @@ static int resolve_symlink(char *d, apr_
* owner of the symlink, then get the info of the target.
*/
if (!(lfi->valid & APR_FINFO_OWNER)) {
- if ((res = apr_stat(&fi, d,
+ if ((res = apr_stat(lfi, d,
lfi->valid | APR_FINFO_LINK | APR_FINFO_OWNER, p))
!= APR_SUCCESS) {
return HTTP_FORBIDDEN;