From: Bradley Nicholes <bnicholes@apache.org>
Date: Thu, 26 Aug 2004 22:21:33 +0000 (+0000)
Subject: Validate the file path of the trusted certificate file at the time the LDAPTrushedCA... 
X-Git-Tag: STRIKER_2_0_51_RC1^2~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff290c2c17a16ddd93fcb7ddb686c7ca568240f7;p=thirdparty%2Fapache%2Fhttpd.git

Validate the file path of the trusted certificate file at the time the LDAPTrushedCA directive is handled. PR#30782

Reviewed by: bnicholes, trawick, clar


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@104842 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index 7e9fb931bac..c0552f7e35a 100644
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/08/26 22:16:52 $]
+Last modified at [$Date: 2004/08/26 22:21:33 $]
 
 Release:
 
@@ -83,11 +83,6 @@ PATCHES TO BACKPORT FROM 2.1
        +1: stoddard, trawick
        nd: I'd like to add 1.169
 
-    *) util_ldap: Validate the file path of the trusted certificate file 
-       at the time the LDAPTrushedCA directive is handled. PR#30782
-         modules/ldap/util_ldap.c: 1.9, 1.11
-       +1: bnicholes, trawick, clar
-       
     *) [SECURITY] mod_ssl: Fix potential input filter segfaults in SPECULATIVE mode.
        http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.125&r2=1.126
        PR: 30134
diff --git a/modules/experimental/util_ldap.c b/modules/experimental/util_ldap.c
index 82ec4d89965..753f8d7d90b 100644
--- a/modules/experimental/util_ldap.c
+++ b/modules/experimental/util_ldap.c
@@ -1084,6 +1084,9 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
         (util_ldap_state_t *)ap_get_module_config(cmd->server->module_config, 
 						  &ldap_module);
     const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY);
+    apr_finfo_t finfo;
+    apr_status_t rv;
+
     if (err != NULL) {
         return err;
     }
@@ -1094,6 +1097,15 @@ static const char *util_ldap_set_cert_auth(cmd_parms *cmd, void *dummy, const ch
 
     st->cert_auth_file = ap_server_root_relative(cmd->pool, file);
 
+    if (st->cert_auth_file && 
+        ((rv = apr_stat (&finfo, st->cert_auth_file, APR_FINFO_MIN, cmd->pool)) != APR_SUCCESS))
+    {
+        ap_log_error(APLOG_MARK, APLOG_ERR, rv, cmd->server, 
+                     "LDAP: Could not open SSL trusted certificate authority file - %s", 
+                     st->cert_auth_file == NULL ? file : st->cert_auth_file);
+        return "Invalid file path";
+    }
+
     return(NULL);
 }