From 4a70c39c49822619aea48e33360075a506644d60 Mon Sep 17 00:00:00 2001 From: Nick Kew Date: Mon, 3 Mar 2008 06:13:59 +0000 Subject: [PATCH] core: fix SymlinksIfOwnerMatch checking: (1) Fix Origin checking (PR 36783 - Robert L Mathews) (2) Check ownership if both FollowSymlinks and SymlinksIfOwnerMatch are set git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@632947 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 6 ++++++ server/request.c | 5 +++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index 02f1b41ddd..0d6180f3af 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,12 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) core: check symlink ownership if both FollowSymlinks and + SymlinksIfOwnerMatch are set [Nick Kew] + + *) core: fix origin checking in SymlinksIfOwnerMatch + PR 36783 [Robert L Mathews ] + *) mod_cache: Revalidate cache entities which have Cache-Control: no-cache set in their response headers. PR 44511 [Ruediger Pluem] diff --git a/server/request.c b/server/request.c index 402f3bda05..e62a1e6015 100644 --- a/server/request.c +++ b/server/request.c @@ -331,7 +331,8 @@ static int resolve_symlink(char *d, apr_finfo_t *lfi, int opts, apr_pool_t *p) /* Save the name from the valid bits. */ savename = (lfi->valid & APR_FINFO_NAME) ? lfi->name : NULL; - if (opts & OPT_SYM_LINKS) { + /* if OPT_SYM_OWNER is unset, we only need to check target accessible */ + if (!(opts & OPT_SYM_OWNER)) { if ((res = apr_stat(&fi, d, lfi->valid & ~(APR_FINFO_NAME | APR_FINFO_LINK), p)) != APR_SUCCESS) { @@ -353,7 +354,7 @@ static int resolve_symlink(char *d, apr_finfo_t *lfi, int opts, apr_pool_t *p) * owner of the symlink, then get the info of the target. */ if (!(lfi->valid & APR_FINFO_OWNER)) { - if ((res = apr_stat(&fi, d, + if ((res = apr_stat(&lfi, d, lfi->valid | APR_FINFO_LINK | APR_FINFO_OWNER, p)) != APR_SUCCESS) { return HTTP_FORBIDDEN; -- 2.50.1