>Number: 3886
>Category: mod_jserv
>Synopsis: JServSSI breaks due to a problem with stat().
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: jserv
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Thu Feb 11 14:20:02 PST 1999
>Last-Modified:
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.3.1, 1.3.3, 1.3.4
>Environment:
Redhat 5.1 with gcc version 2.7.2.3
Redhat 5.2 with gcc version egcs-2.91.57 19980901 (egcs-1.1 release)
>Description:
JServSSI only works for the first call of the function stat() in
the function get_path_info() in the file http_request.c in the
src/main directory of the apache distribution. The first time,
stat() claims the path /servlets is a link, but after that it
has a non-zero finfo.st_mode and fails for S_ISDIR, S_ISREG,
and S_ISLNK, so check_safe_file() returns HTTP_FORBIDDEN.
I was able to narrow down the problem to stat(), but I wasn't able
to understand it's behavior.
>How-To-Repeat:
Start with Apache 1.3.4, JServ 1.0b2, and JServSSI 1.0.
Add module rewrite and load the rewrite module before jserv.
>Fix:
I added this hack to line 242 of http_request.c, so we could use JServSSI:
else if (! strcmp("/servlets", path) )
{
errno = 0;
rv = stat(path, &r->finfo);
r->finfo.st_mode = 0;
}
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED. This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig- ]
[nored unless you are responding to an explicit request ]
[from a developer. ]
[Reply only with text; DO NOT SEND ATTACHMENTS! ]
