From ca080291b4bfed3abb3b6063bd9b842e78d65dd0 Mon Sep 17 00:00:00 2001 From: Randy Terbush Date: Sun, 12 Jan 1997 00:40:17 +0000 Subject: [PATCH] Fix a problem in get_path_info() which would allow a very long URL with many '/' characters to convince the server to return an index for the DocumentRoot. Properly check errno for stat(). Reviewed by: Randy Terbush, Ben Laurie Submitted by: Marc Slemko git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3@77418 13f79535-47bb-0310-9956-ffa450edef68 --- RELEASE_1_1_X/src/main/http_request.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/RELEASE_1_1_X/src/main/http_request.c b/RELEASE_1_1_X/src/main/http_request.c index db5b13c93f5..a66eb2b506f 100644 --- a/RELEASE_1_1_X/src/main/http_request.c +++ b/RELEASE_1_1_X/src/main/http_request.c @@ -139,7 +139,7 @@ int check_symlinks (char *d, int opts) /* Dealing with the file system to get PATH_INFO */ -void get_path_info(request_rec *r) +int get_path_info(request_rec *r) { char *cp; char *path = r->filename; @@ -157,7 +157,10 @@ void get_path_info(request_rec *r) /* See if the pathname ending here exists... */ *cp = '\0'; + + errno = 0; rv = stat(path, &r->finfo); + if (cp != end) *cp = '/'; if (!rv) { @@ -174,9 +177,9 @@ void get_path_info(request_rec *r) r->path_info = pstrdup (r->pool, cp); *cp = '\0'; - return; + return OK; } - else { + else if (errno == ENOENT) { last_cp = cp; while (--cp > path && *cp != '/') @@ -184,8 +187,14 @@ void get_path_info(request_rec *r) while (cp > path && cp[-1] == '/') --cp; + } + else { + log_reason("unable to determine if index file exists (stat() returned unexpected error)", r->filename, r); + return HTTP_FORBIDDEN; } } + + return OK; } int directory_walk (request_rec *r) @@ -261,7 +270,10 @@ int directory_walk (request_rec *r) no2slash (test_filename); num_dirs = count_dirs(test_filename); - get_path_info (r); + res = get_path_info (r); + if (res != OK) { + return res; + } if (S_ISDIR (r->finfo.st_mode)) ++num_dirs; -- 2.47.2