1 /* ====================================================================
2 * The Apache Software License, Version 1.1
4 * Copyright (c) 2000 The Apache Software Foundation. All rights
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * 3. The end-user documentation included with the redistribution,
20 * if any, must include the following acknowledgment:
21 * "This product includes software developed by the
22 * Apache Software Foundation (http://www.apache.org/)."
23 * Alternately, this acknowledgment may appear in the software itself,
24 * if and wherever such third-party acknowledgments normally appear.
26 * 4. The names "Apache" and "Apache Software Foundation" must
27 * not be used to endorse or promote products derived from this
28 * software without prior written permission. For written
29 * permission, please contact apache@apache.org.
31 * 5. Products derived from this software may not be called "Apache",
32 * nor may "Apache" appear in their name, without prior written
33 * permission of the Apache Software Foundation.
35 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
36 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
37 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
39 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
40 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
41 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
42 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
43 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
45 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
47 * ====================================================================
49 * This software consists of voluntary contributions made by many
50 * individuals on behalf of the Apache Software Foundation. For more
51 * information on the Apache Software Foundation, please see
52 * <http://www.apache.org/>.
54 * Portions of this software are based upon public domain software
55 * originally written at the National Center for Supercomputing Applications,
56 * University of Illinois, Urbana-Champaign.
61 #include "apr_strings.h"
67 /* Returns TRUE if the input string is a string
68 * of one or more '.' characters.
70 static BOOL OnlyDots(char *pString)
77 for (c = pString;*c;c++)
84 /* Accepts as input a pathname, and tries to match it to an
85 * existing path and return the pathname in the case that
86 * is present on the existing path. This routine also
87 * converts alias names to long names.
89 AP_DECLARE(char *) ap_os_systemcase_filename(apr_pool_t *pPool,
92 char buf[HUGE_STRING_LEN];
96 BOOL bFileExists = TRUE;
100 if (!szFile || strlen(szFile) == 0 || strlen(szFile) >= sizeof(buf))
101 return apr_pstrdup(pPool, "");
104 pInputName = apr_pstrdup(pPool, szFile);
106 /* First convert all slashes to \ so Win32 calls work OK */
107 for (p = pInputName; *p; p++) {
113 /* If there is drive information, copy it over. */
114 if (pInputName[1] == ':') {
115 /* This is correct - if systemcase is used for
116 * comparison, d: designations will match
118 *(t++) = tolower(*p++);
122 /* If all we have is a drive letter, then we are done */
131 if (*p == '\\') /* UNC name */
134 /* Get past the machine name. FindFirstFile
135 * will not find a machine name only
139 p = strchr(p + 1, '\\');
143 /* Get past the share name. FindFirstFile */
144 /* will not find a \\machine\share name only */
147 /* This was faulty - as of 1.3.13 \\machine\share
148 * name is now always lowercased
171 if (strchr(q, '*') || strchr(q, '?'))
174 /* If the path exists so far, call FindFirstFile
175 * again. However, if this portion of the path contains
176 * only '.' charaters, skip the call to FindFirstFile
177 * since it will convert '.' and '..' to actual names.
178 * Note: in the call to OnlyDots, we may have to skip
181 if (bFileExists && !OnlyDots((*q == '.' ? q : q+1))) {
182 hFind = FindFirstFile(pInputName, &wfd);
184 if (hFind == INVALID_HANDLE_VALUE) {
192 t = strchr(strcpy(t, wfd.cFileName), '\0');
196 if (!bFileExists || OnlyDots((*q == '.' ? q : q+1))) {
197 /* XXX: Comparison could be faulty ...\unknown
198 * names may not be tested (if they reside outside
199 * of the file system)!
216 /* Finally, convert all slashes to / so server code handles it ok */
218 for (p = buf; *p; p++) {
223 return apr_pstrdup(pPool, buf);
227 /* Perform canonicalization with the exception that the
228 * input case is preserved.
230 AP_DECLARE(char *) ap_os_case_canonical_filename(apr_pool_t *pPool,
238 if (szFile == NULL || strlen(szFile) == 0)
239 return apr_pstrdup(pPool, "");
241 pNewStr = apr_pstrdup(pPool, szFile);
243 /* Change all '\' characters to '/' characters.
244 * While doing this, remove any trailing '.'.
245 * Also, blow away any directories with 3 or
248 for (p = pNewStr,s = pNewStr; *s; s++,p++) {
249 if (*s == '\\' || *s == '/') {
252 while (p > pNewStr && *(p-1) == '.')
255 if (p == pNewStr && q-p <= 2 && *p == '.')
257 else if (p > pNewStr && p < q && *(p-1) == '/') {
272 /* Blow away any final trailing '.' since on Win32
273 * foo.bat == foo.bat. == foo.bat... etc.
274 * Also blow away any trailing spaces since
275 * "filename" == "filename "
278 while (p > pNewStr && (*(p-1) == '.' || *(p-1) == ' '))
281 (p == pNewStr && q-p > 2))
285 /* One more security issue to deal with. Win32 allows
286 * you to create long filenames. However, alias filenames
287 * are always created so that the filename will
288 * conform to 8.3 rules. According to the Microsoft
289 * Developer's network CD (1/98)
290 * "Automatically generated aliases are composed of the
291 * first six characters of the filename plus ~n
292 * (where n is a number) and the first three characters
293 * after the last period."
294 * Here, we attempt to detect and decode these names.
296 * XXX: Netware network clients may have alternate short names,
297 * simply truncated, with no embedded '~'. Further, this behavior
298 * can be modified on WinNT volumes. This was not a safe test,
299 * therefore exclude the '~' pretest.
301 #ifdef WIN32_SHORT_FILENAME_INSECURE_BEHAVIOR
302 p = strchr(pNewStr, '~');
306 char *pConvertedName, *pQstr, *pPstr;
307 char buf[HUGE_STRING_LEN];
308 /* We potentially have a short name. Call
309 * ap_os_systemcase_filename to examine the filesystem
310 * and possibly extract the long name.
312 pConvertedName = ap_os_systemcase_filename(pPool, pNewStr);
314 /* Since we want to preserve the incoming case as much
315 * as we can, compare for differences in the string and
316 * only substitute in the path names that changed.
318 if (stricmp(pNewStr, pConvertedName)) {
321 q = pQstr = pConvertedName;
332 if (stricmp(pQstr, pPstr))
333 strcat(buf, pQstr); /* Converted name */
335 strcat(buf, pPstr); /* Original name */
347 pNewStr = apr_pstrdup(pPool, buf);
354 /* Perform complete canonicalization.
356 AP_DECLARE(char *) ap_os_canonical_filename(apr_pool_t *pPool, const char *szFile)
359 pNewName = ap_os_case_canonical_filename(pPool, szFile);
365 * ap_os_is_filename_valid is given a filename, and returns 0 if the filename
366 * is not valid for use on this system. On Windows, this means it fails any
367 * of the tests below. Otherwise returns 1.
369 * Test for filename validity on Win32. This is of tests come in part from
370 * the MSDN article at "Technical Articles, Windows Platform, Base Services,
371 * Guidelines, Making Room for Long Filenames" although the information
372 * in MSDN about filename testing is incomplete or conflicting. There is a
373 * similar set of tests in "Technical Articles, Windows Platform, Base Services,
374 * Guidelines, Moving Unix Applications to Windows NT".
378 * 1) total path length greater than MAX_PATH
380 * 2) anything using the octets 0-31 or characters " < > | :
381 * (these are reserved for Windows use in filenames. In addition
382 * each file system has its own additional characters that are
383 * invalid. See KB article Q100108 for more details).
385 * 3) anything ending in "." (no matter how many)
386 * (filename doc, doc. and doc... all refer to the same file)
388 * 4) any segment in which the basename (before first period) matches
389 * one of the DOS device names
390 * (the list comes from KB article Q100108 although some people
391 * reports that additional names such as "COM5" are also special
394 * If the path fails ANY of these tests, the result must be to deny access.
397 AP_DECLARE(int) ap_os_is_filename_valid(const char *file)
399 const char *segstart;
400 unsigned int seglength;
402 static const char * const invalid_characters = "?\"<>*|:";
403 static const char * const invalid_filenames[] = {
404 "CON", "AUX", "COM1", "COM2", "COM3",
405 "COM4", "LPT1", "LPT2", "LPT3", "PRN", "NUL", NULL
409 if (strlen(file) >= MAX_PATH) {
410 /* Path too long for Windows. Note that this test is not valid
411 * if the path starts with //?/ or \\?\. */
417 /* Skip any leading non-path components. This can be either a
418 * drive letter such as C:, or a UNC path such as \\SERVER\SHARE\.
419 * We continue and check the rest of the path based on the rules above.
420 * This means we could eliminate valid filenames from servers which
421 * are not running NT (such as Samba).
424 if (pos[0] && pos[1] == ':') {
425 /* Skip leading drive letter */
429 if ((pos[0] == '\\' || pos[0] == '/') &&
430 (pos[1] == '\\' || pos[1] == '/')) {
431 /* Is a UNC, so skip the server name and share name */
433 while (*pos && *pos != '/' && *pos != '\\')
439 pos++; /* Move to start of share name */
440 while (*pos && *pos != '/' && *pos != '\\')
443 /* No path information */
451 unsigned int baselength;
453 while (*pos == '/' || *pos == '\\') {
459 segstart = pos; /* start of segment */
460 while (*pos && *pos != '/' && *pos != '\\') {
463 seglength = pos - segstart;
465 * Now we have a segment of the path, starting at position "segstart"
466 * and length "seglength"
470 for (idx = 0; idx < seglength; idx++) {
471 if ((segstart[idx] > 0 && segstart[idx] < 32) ||
472 strchr(invalid_characters, segstart[idx])) {
478 if (segstart[seglength-1] == '.') {
483 for (baselength = 0; baselength < seglength; baselength++) {
484 if (segstart[baselength] == '.') {
489 /* baselength is the number of characters in the base path of
490 * the segment (which could be the same as the whole segment length,
491 * if it does not include any dot characters). */
492 if (baselength == 3 || baselength == 4) {
493 for (idx = 0; invalid_filenames[idx]; idx++) {
494 if (strlen(invalid_filenames[idx]) == baselength &&
495 !strnicmp(invalid_filenames[idx], segstart, baselength)) {