From: Randy Terbush Date: Sun, 12 Jan 1997 05:17:25 +0000 (+0000) Subject: More changes to support fix for DirectoryIndex/stat() problem. X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4ada240578899868efaa0cb3c1383b3151ae73b;p=thirdparty%2Fapache%2Fhttpd.git More changes to support fix for DirectoryIndex/stat() problem. Reviewed by: Randy Terbush Submitted by: Marc Slemko git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@77424 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/RELEASE_1_1_X/src/main/http_request.c b/RELEASE_1_1_X/src/main/http_request.c index a5426de71bb..180c2651af0 100644 --- a/RELEASE_1_1_X/src/main/http_request.c +++ b/RELEASE_1_1_X/src/main/http_request.c @@ -197,7 +197,7 @@ int get_path_info(request_rec *r) } #if defined(ENOENT) else { - log_reason("unable to determine if index file exists (stat() returned unexpected error)", r->filename, r); + log_printf(r->server, "access to %s failed for client; unable to determine if index file exists (stat() returned unexpected error)", r->filename); return FORBIDDEN; } #endif diff --git a/RELEASE_1_1_X/src/modules/standard/mod_autoindex.c b/RELEASE_1_1_X/src/modules/standard/mod_autoindex.c index c30b57c58d3..4a15725279f 100644 --- a/RELEASE_1_1_X/src/modules/standard/mod_autoindex.c +++ b/RELEASE_1_1_X/src/modules/standard/mod_autoindex.c @@ -768,6 +768,7 @@ int handle_dir (request_rec *r) (dir_config_rec *)get_module_config (r->per_dir_config, &dir_module); char *names_ptr = d->index_names ? d->index_names : DEFAULT_INDEX; int allow_opts = allow_options (r); + int error_notfound = 0; if (r->uri[0] == '\0' || r->uri[strlen(r->uri)-1] != '/') { char* ifile; @@ -808,9 +809,24 @@ int handle_dir (request_rec *r) return OK; } - destroy_sub_req (rr); + /* If the request returned something other than 404 (or 200), + * it means the module encountered some sort of problem. To be + * secure, we should return the error, rather than create + * along a (possibly unsafe) directory index. + * + * So we store the error, and if none of the listed files + * exist, we return the last error response we got, instead + * of a directory listing. + */ + if (rr->status && rr->status != 404 && rr->status != 200) + error_notfound = rr->status; + + destroy_sub_req (rr); } + if (error_notfound) + return error_notfound; + if (r->method_number != M_GET) return NOT_IMPLEMENTED; /* OK, nothing easy. Trot out the heavy artillery... */ diff --git a/RELEASE_1_1_X/src/modules/standard/mod_dir.c b/RELEASE_1_1_X/src/modules/standard/mod_dir.c index c30b57c58d3..4a15725279f 100644 --- a/RELEASE_1_1_X/src/modules/standard/mod_dir.c +++ b/RELEASE_1_1_X/src/modules/standard/mod_dir.c @@ -768,6 +768,7 @@ int handle_dir (request_rec *r) (dir_config_rec *)get_module_config (r->per_dir_config, &dir_module); char *names_ptr = d->index_names ? d->index_names : DEFAULT_INDEX; int allow_opts = allow_options (r); + int error_notfound = 0; if (r->uri[0] == '\0' || r->uri[strlen(r->uri)-1] != '/') { char* ifile; @@ -808,9 +809,24 @@ int handle_dir (request_rec *r) return OK; } - destroy_sub_req (rr); + /* If the request returned something other than 404 (or 200), + * it means the module encountered some sort of problem. To be + * secure, we should return the error, rather than create + * along a (possibly unsafe) directory index. + * + * So we store the error, and if none of the listed files + * exist, we return the last error response we got, instead + * of a directory listing. + */ + if (rr->status && rr->status != 404 && rr->status != 200) + error_notfound = rr->status; + + destroy_sub_req (rr); } + if (error_notfound) + return error_notfound; + if (r->method_number != M_GET) return NOT_IMPLEMENTED; /* OK, nothing easy. Trot out the heavy artillery... */