From: William A. Rowe Jr <wrowe@apache.org>
Date: Mon, 26 Jun 2017 17:45:23 +0000 (+0000)
Subject: Revert misguided commit r1799731.
X-Git-Tag: 2.5.0-alpha~330
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f3fe438dbb4ace7e5a4182312bdf13ea767525dc;p=thirdparty%2Fapache%2Fhttpd.git

Revert misguided commit r1799731.

Discussion on-list, but any occurance of a platform-specific behavior in this
code path will alter the behavior of the core code and introduce the very
fingerprintable behavior this patch pretended to obscuficate.

Returning 404 for /CON for example may lead to a module such as mod_speling
revealing the existance of a real file named similar to /.conf, which makes
this an unwise behavior.

Further discussion of returning 404 for all CHR files encountered in the
filepath (not URI path), which currently return 403 on all platforms,
belongs on the dev list.





git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1799965 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index cb7fa0b367b..716fa113bf9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,10 +5,6 @@ Changes with Apache 2.5.0
      This is a regression in 2.4.24 (unreleased), 2.4.25 and 2.4.26.
      PR 61207. [Christophe Jaillet]
 
-  *) core: Send a 404 response like other OSs do instead of 403 on Windows
-     when a path segment or file requested uses a reserved word so Windows
-     cannot be fingerprinted. PR55887 [Gregg Smith]
-
   *) mod_rewrite: Add 'RewriteOptions LongURLOptimization' to free memory
      from each set of unmatched rewrite conditions.
      [Eric Covener]
diff --git a/server/request.c b/server/request.c
index d919c0bb157..55c32b276b0 100644
--- a/server/request.c
+++ b/server/request.c
@@ -1211,25 +1211,10 @@ AP_DECLARE(int) ap_directory_walk(request_rec *r)
                 break;
             }
             else if (thisinfo.filetype != APR_DIR) {
-#ifdef _WIN32
-                ap_regex_t *preg;
-#endif
                 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(00038)
                               "Forbidden: %s doesn't point to "
                               "a file or directory",
                               r->filename);
-#ifdef _WIN32
-                /* Windows has a number of reserved words that cannot be used
-                 * as a file or directory name so thisinfo.filetype will
-                 * always be != APR_DIR. Don't allow us be fingerprinted with
-                 * a 403 and instead send a 404 like other OSs would. PR55887
-                 */
-                preg = ap_pregcomp(r->pool,
-               "/(aux|con|com[1-9]|lpt[1-9]|nul|prn)"
-               "($|/|.)", AP_REG_EXTENDED | AP_REG_ICASE);
-                if (ap_regexec(preg, r->uri, 0, NULL, 0) == 0)
-                    return r->status = HTTP_NOT_FOUND;
-#endif
                 return r->status = HTTP_FORBIDDEN;
             }