Commit 3d76ab95 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

  Start with the presumption that canonical_filename is not likely to be set.
  Therefore we will canonicalize it when it doesn't match filename.

  The next optimization should take the path common to canonical_filename
  and filename, and start merging filename from there for canonicalization.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@90591 13f79535-47bb-0310-9956-ffa450edef68
parent 10c7b000

server/core.c

+1 −0
Original line number Diff line number Diff line
@@ -1230,6 +1230,7 @@ static const char *set_document_root(cmd_parms *cmd, void *dummy, 
	    ap_log_perror(APLOG_MARK, APLOG_STARTUP | APLOG_NOERRNO, 0, cmd->pool,

                         "Warning: DocumentRoot [%s] does not exist",

		         arg);

            conf->ap_document_root = arg;

	}

	else {

	    return "DocumentRoot must be a directory";

server/request.c

+29 −10
Original line number Diff line number Diff line
@@ -476,22 +476,41 @@ AP_DECLARE(int) directory_walk(request_rec *r) 
     * denied.  This is very cpu/fs intensive, we need to finish

     * auditing, and remove the paranoia trigger.

     */

    if (r->filename == r->canonical_filename)

#ifdef NO_LONGER_PARANOID

        test_filename = apr_pstrdup(r->pool, r->filename);

#else

    {

        if (apr_filepath_merge(&test_filename, "", r->filename,

                               APR_FILEPATH_NOTRELATIVE | APR_FILEPATH_TRUENAME,

                               r->pool) != APR_SUCCESS

               || strcmp(test_filename, r->filename) != 0) {

            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,

                      "FORBIDDEN; Filepath: %s is not the canonical %s", 

                          "Module bug?  Filepath: %s is not the canonical %s", 

                          r->filename, test_filename);

            return HTTP_FORBIDDEN;

        }

    }

#endif

    else {

        /* Apparently, somebody didn't know to update r->canonical_filename

         * which is lucky, since they didn't canonicalize r->filename either.

         */

        if (apr_filepath_merge(&test_filename, NULL, r->filename,

                               APR_FILEPATH_NOTRELATIVE | APR_FILEPATH_TRUENAME,

                               r->pool) != APR_SUCCESS) {

            ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, 0, r,

                          "Module bug?  Filepath: %s is not an absolute path", 

                          r->filename);

            return HTTP_FORBIDDEN;

        }

        if (strcmp(r->filename, test_filename) != 0)

            r->filename = apr_pstrdup(test_filename);

        r->canonical_filename = r->test_filename;

    }



    num_dirs = ap_count_dirs(test_filename);



    /* XXX This needs to be rolled into APR: */

    if ((res = check_safe_file(r))) {

        return res;

    }