You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Dean Gaudet <dg...@arctic.org> on 1997/07/24 07:44:06 UTC

[PATCH] ugh, my cern_meta patch sucks

[Wed Jul 23 22:34:23 1997] access to /home/dgaudet/.web failed for
neon-best.transmeta.com, reason: Client denied by server configuration

If I access www.arctic.org/~dgaudet, without the trailing slash, I get
that error in the error_log, right before it does the redirect. 

That's because of the subrequest that I added to mod_cern_meta to work
around the security problem of serving meta files which are symlinks.

mod_cern_meta contains this little tidbit:

    /* does uri end in a trailing slash? */
    if ( r->uri[strlen(r->uri) - 1] == '/' ) {
        return DECLINED;
    };

It probably should additionally check S_ISDIR (r->finfo.st_mode). 

It tests out fine... but again I'm left wondering if the subrequest thing
was a bad idea. 

This is for 1.3 and 1.2.2. 

Dean

Index: mod_cern_meta.c
===================================================================
RCS file: /export/home/cvs/apache/src/mod_cern_meta.c,v
retrieving revision 1.14
diff -u -r1.14 mod_cern_meta.c
--- mod_cern_meta.c	1997/07/17 22:27:34	1.14
+++ mod_cern_meta.c	1997/07/24 05:43:50
@@ -254,7 +254,7 @@
     };
 
     /* does uri end in a trailing slash? */
-    if ( r->uri[strlen(r->uri) - 1] == '/' ) {
+    if (S_ISDIR(r->finfo.st_mode) || r->uri[strlen(r->uri) - 1] == '/') {
 	return DECLINED;
     };