Commit f1477236 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files 

  It is absolutely invalid practice to test 'prot' bits to determine if a
  file is readable.  The only acceptable means of testing readability is to
  open it for reading, due to discrepancies between permissions, DACLs and
  SACLS.  Even Linux hackers are gonna need to learn that lesson if they
  plan to do any DOD or Gov work once DACL-enhanced Linux is adopted.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@91516 13f79535-47bb-0310-9956-ffa450edef68
parent f73f0213

modules/ssl/ssl_engine_pphrase.c

+12 −4
Original line number Diff line number Diff line
@@ -69,13 +69,21 @@ 


static apr_status_t exists_and_readable(char *fname, apr_pool_t *pool)

{

    apr_status_t stat;

    apr_finfo_t sbuf;

    apr_file_t *fd;



    if ( apr_stat(&sbuf, fname, APR_FINFO_NORM, pool) != APR_SUCCESS )

        return APR_ENOSTAT;

    if ((stat = apr_stat(&sbuf, fname, APR_FINFO_MIN, pool)) != APR_SUCCESS)

        return stat;



    return ( ((sbuf.filetype == APR_REG) && (sbuf.protection & APR_UREAD)) ?

                   APR_SUCCESS : APR_EGENERAL);

    if (sbuf.filetype != APR_REG)

        return APR_EGENERAL;



    if ((stat = apr_file_open(&fd, fname, APR_READ, 0, pool)) != APR_SUCCESS)

        return stat;



    apr_file_close(fd);

    return APR_SUCCESS;

}



/*  _________________________________________________________________