From: Gregg Lewis Smith Date: Sat, 24 Jun 2017 05:49:45 +0000 (+0000) Subject: Send a 404 response like other OSs do instead of 403 on Windows when X-Git-Tag: 2.5.0-alpha~337 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=de0ff1a55f8ef81c6459baa0ec6a1f03d0375d91;p=thirdparty%2Fapache%2Fhttpd.git Send a 404 response like other OSs do instead of 403 on Windows when a path segment or file requested uses a reserved word so Windows cannot be fingerprinted. PR55887 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799731 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 20972870d3f..1c2a980c534 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,10 @@ -*- coding: utf-8 -*- Changes with Apache 2.5.0 + *) core: Send a 404 response like other OSs do instead of 403 on Windows + when a path segment or file requested uses a reserved word so Windows + cannot be fingerprinted. PR55887 [Gregg Smith] + *) mod_rewrite: Add 'RewriteOptions LongURLOptimization' to free memory from each set of unmatched rewrite conditions. [Eric Covener] diff --git a/server/request.c b/server/request.c index 55c32b276b0..df48efdb4b1 100644 --- a/server/request.c +++ b/server/request.c @@ -1211,10 +1211,25 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r) break; } else if (thisinfo.filetype != APR_DIR) { +#ifdef _WIN32 + ap_regex_t *preg; +#endif ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00038) "Forbidden: %s doesn't point to " "a file or directory", r->filename); +#ifdef _WIN32 + /* Windows has a number of reserved words that cannot be used + * as a file or directory name so thisinfo.filetype will + * always be != APR_DIR. Don't allow us be fingerprinted with + * a 403 and instead send a 404 like other OSs would. PR55887 + */ + preg = ap_pregcomp(r->pool, + "/(aux|con|com[1-9]|lpt[1-9]|nul|prn)" + "($|/|.)", AP_REG_EXTENDED | AP_REG_ICASE); + if (ap_regexec(preg, r->uri, 0, NULL, 0) == 0) + return r->status = HTTP_NOT_FOUND; +#endif return r->status = HTTP_FORBIDDEN; }