From: William A. Rowe Jr <wrowe@apache.org>
Date: Wed, 17 Oct 2001 00:03:22 +0000 (+0000)
Subject:   It is absolutely invalid practice to test 'prot' bits to determine if a
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=292dc5d69344641c223737ab471f1cf4ca6e4289;p=thirdparty%2Fapache%2Fhttpd.git

  It is absolutely invalid practice to test 'prot' bits to determine if a
  file is readable.  The only acceptable means of testing readability is to
  open it for reading, due to discrepancies between permissions, DACLs and
  SACLS.  Even Linux hackers are gonna need to learn that lesson if they
  plan to do any DOD or Gov work once DACL-enhanced Linux is adopted.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk/modules/ssl@91516 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/ssl_engine_pphrase.c b/ssl_engine_pphrase.c
index 650edc2f88e..ddb693a7e5f 100644
--- a/ssl_engine_pphrase.c
+++ b/ssl_engine_pphrase.c
@@ -69,13 +69,21 @@
 
 static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool)
 {
+    apr_status_t stat;
     apr_finfo_t sbuf;
+    apr_file_t *fd;
 
-    if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS )
-        return APR_ENOSTAT;
+    if ((stat = apr_stat(&sbuf, fname, APR_FINFO_MIN, pool)) != APR_SUCCESS)
+        return stat;
 
-    return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD)) ?
-                   APR_SUCCESS : APR_EGENERAL);
+    if (sbuf.filetype != APR_REG)
+        return APR_EGENERAL;
+
+    if ((stat = apr_file_open(&fd, fname, APR_READ, 0, pool)) != APR_SUCCESS)
+        return stat;
+
+    apr_file_close(fd);
+    return APR_SUCCESS;
 }
 
 /*  _________________________________________________________________