Revert misguided commit r1799731.

Discussion on-list, but any occurance of a platform-specific behavior in this
code path will alter the behavior of the core code and introduce the very
fingerprintable behavior this patch pretended to obscuficate.

Returning 404 for /CON for example may lead to a module such as mod_speling
revealing the existance of a real file named similar to /.conf, which makes
this an unwise behavior.

Further discussion of returning 404 for all CHR files encountered in the
filepath (not URI path), which currently return 403 on all platforms,
belongs on the dev list.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799965 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index cb7fa0b367babe4b712c26b6c8bd721fdbc76642..716fa113bf986b91963cd5ee744c17dff9145111 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -5,10 +5,6 @@ Changes with Apache 2.5.0
      This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
      PR 61207. [Christophe Jaillet]
 
-  *) core: Send a 404 response like other OSs do instead of 403 on Windows
-     when a path segment or file requested uses a reserved word so Windows
-     cannot be fingerprinted. PR55887 [Gregg Smith]
-
   *) mod_rewrite: Add 'RewriteOptions LongURLOptimization' to free memory
      from each set of unmatched rewrite conditions.
      [Eric Covener]

diff --git a/server/request.c b/server/request.c
index d919c0bb15793cfbb4023ac517bffef81d9188b1..55c32b276b092d7a956fd2547f1b58ed1ab14e9b 100644 (file)
--- a/server/request.c
+++ b/server/request.c
@@ -1211,25 +1211,10 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r)
                 break;
             }
             else if (thisinfo.filetype != APR_DIR) {
-#ifdef _WIN32
-                ap_regex_t *preg;
-#endif
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00038)
                               "Forbidden: %s doesn't point to "
                               "a file or directory",
                               r->filename);
-#ifdef _WIN32
-                /* Windows has a number of reserved words that cannot be used
-                 * as a file or directory name so thisinfo.filetype will
-                 * always be != APR_DIR. Don't allow us be fingerprinted with
-                 * a 403 and instead send a 404 like other OSs would. PR55887
-                 */
-                preg = ap_pregcomp(r->pool,
-               "/(aux|con|com[1-9]|lpt[1-9]|nul|prn)"
-               "($|/|.)", AP_REG_EXTENDED | AP_REG_ICASE);
-                if (ap_regexec(preg, r->uri, 0, NULL, 0) == 0)
-                    return r->status = HTTP_NOT_FOUND;
-#endif
                 return r->status = HTTP_FORBIDDEN;
             }