While looking at request.c, I noticed some code that doesn't make sense
to me, although it's quite possible that I am just being an idiot. From
2.0.54 request.c:
/* OPT_SYM_OWNER only works if we can get the owner of
* both the file and symlink. First fill in a missing
* owner of the symlink, then get the info of the target.
*/
if (!(lfi->valid & APR_FINFO_OWNER)) {
if ((res = apr_lstat(&fi, d, lfi->valid | APR_FINFO_OWNER, p))
!= APR_SUCCESS) {
return HTTP_FORBIDDEN;
}
}
if ((res = apr_stat(&fi, d, lfi->valid & ~(APR_FINFO_NAME), p))
!= APR_SUCCESS) {
return HTTP_FORBIDDEN;
}
if (apr_compare_users(fi.user, lfi->user) != APR_SUCCESS) {
return HTTP_FORBIDDEN;
}
It appears to me that the apr_lstat and apr_stat calls are supposed to
set lfi->user and fi.user, respectively, so they can be compared.
However, it looks like they're both operating on &fi, meaning that
lfi->user doesn't get set.
Shouldn't the first one operate on lfi, like so:
if ((res = apr_lstat(lfi, d, lfi->valid | APR_FINFO_OWNER, p))
Otherwise, it seems that lfi->user could be random junk, leading to a
very likely false HTTP_FORBIDDEN result (and the small possibility of an
erroneous OK result).
Or am I just confused?
--
Robert L Mathews, Tiger Technologies http://www.tigertech.net/
