From: Nick Kew Date: Mon, 3 Mar 2008 06:13:59 +0000 (+0000) Subject: core: fix SymlinksIfOwnerMatch checking: X-Git-Tag: 2.3.0~912 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4a70c39c49822619aea48e33360075a506644d60;p=apache core: fix SymlinksIfOwnerMatch checking: (1) Fix Origin checking (PR 36783 - Robert L Mathews) (2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632947 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 02f1b41ddd..0d6180f3af 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,12 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) core: check symlink ownership if both FollowSymlinks and + SymlinksIfOwnerMatch are set [Nick Kew] + + *) core: fix origin checking in SymlinksIfOwnerMatch + PR 36783 [Robert L Mathews ] + *) mod_cache: Revalidate cache entities which have Cache-Control: no-cache set in their response headers. PR 44511 [Ruediger Pluem] diff --git a/server/request.c b/server/request.c index 402f3bda05..e62a1e6015 100644 --- a/server/request.c +++ b/server/request.c @@ -331,7 +331,8 @@ static int resolve_symlink(char *d, apr_finfo_t *lfi, int opts, apr_pool_t *p) /* Save the name from the valid bits. */ savename = (lfi->valid & APR_FINFO_NAME) ? lfi->name : NULL; - if (opts & OPT_SYM_LINKS) { + /* if OPT_SYM_OWNER is unset, we only need to check target accessible */ + if (!(opts & OPT_SYM_OWNER)) { if ((res = apr_stat(&fi, d, lfi->valid & ~(APR_FINFO_NAME | APR_FINFO_LINK), p)) != APR_SUCCESS) { @@ -353,7 +354,7 @@ static int resolve_symlink(char *d, apr_finfo_t *lfi, int opts, apr_pool_t *p) * owner of the symlink, then get the info of the target. */ if (!(lfi->valid & APR_FINFO_OWNER)) { - if ((res = apr_stat(&fi, d, + if ((res = apr_stat(&lfi, d, lfi->valid | APR_FINFO_LINK | APR_FINFO_OWNER, p)) != APR_SUCCESS) { return HTTP_FORBIDDEN;