cvs commit: apachen/src/modules/standard mod_alias.c
dgaudet 97/09/25 19:56:43
Modified:src CHANGES
src/modules/standard mod_alias.c
Log:
PR#1153: RedirectMatch does not escape its result.
and unrelated to that PR: RedirectMatch does not allow constructs
such as RedirectMatch /advertiser/(.*) $1.
Reviewed by: Jim Jagielski, Roy Fielding
Revision ChangesPath
1.445 +4 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.444
retrieving revision 1.445
diff -u -r1.444 -r1.445
--- CHANGES 1997/09/19 17:32:02 1.444
+++ CHANGES 1997/09/26 02:56:39 1.445
@@ -1,5 +1,9 @@
Changes with Apache 1.3b1
+ *) RedirectMatch was not properly escaping the result (PR#1155). Also
+ RedirectMatch /advertiser/(.*) $1 is now permitted.
+ [Dean Gaudet]
+
*) mod_include now uses symbolic names to check for request success
and return HTTP errors, and correctly handles all types of
redirections (previously it only did temporary redirect correctly).
1.25 +6 -2 apachen/src/modules/standard/mod_alias.c
Index: mod_alias.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_alias.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -r1.24 -r1.25
--- mod_alias.c 1997/09/16 05:31:56 1.24
+++ mod_alias.c 1997/09/26 02:56:42 1.25
@@ -188,7 +188,7 @@
if (is_HTTP_REDIRECT(status)) {
if (!url)
return URL to redirect to is missing;
- if (!is_url(url))
+ if (!use_regex !is_url(url))
return Redirect to non-URL;
}
else {
@@ -295,9 +295,13 @@
int l;
if (p-regexp) {
- if (!regexec(p-regexp, r-uri, p-regexp-re_nsub + 1, regm, 0))
+ if (!regexec(p-regexp, r-uri, p-regexp-re_nsub + 1, regm, 0)) {
found = pregsub(r-pool, p-real, r-uri,
p-regexp-re_nsub + 1, regm);
+ if (found doesc) {
+ found = escape_uri(r-pool, found);
+ }
+ }
}
else {
l = alias_matches(r-uri, p-fake);
cvs commit: apachen/src/modules/standard mod_autoindex.c
dgaudet 97/09/25 19:59:11
Modified:src CHANGES
src/modules/standard mod_autoindex.c
Log:
1) Entity Names (like uuml;) are parsed and counted as having a width
of one character. Until now, their length was taken in column
counting, resulting in too early truncated description columns.
2) The last character of a description text which had the maximum
allowed length (27?) was overwritten with the truncated character
(''). This didn't make the string any shorter, but made it
unreadable :-( Now the string is truncated only if it really
exceeds the maximum length.
Submitted by: Martin Kraemer
Reviewed by: Dean Gaudet, Jim Jagielski, Roy Fielding
Revision ChangesPath
1.446 +5 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.445
retrieving revision 1.446
diff -u -r1.445 -r1.446
--- CHANGES 1997/09/26 02:56:39 1.445
+++ CHANGES 1997/09/26 02:59:07 1.446
@@ -1,5 +1,10 @@
Changes with Apache 1.3b1
+ *) mod_autoindex improperly counted escapes; as more than one
+ character in the description. It also improperly truncated
+ descriptions that were exactly the maximum length.
+ [Martin Kraemer]
+
*) RedirectMatch was not properly escaping the result (PR#1155). Also
RedirectMatch /advertiser/(.*) $1 is now permitted.
[Dean Gaudet]
1.49 +11 -1 apachen/src/modules/standard/mod_autoindex.c
Index: mod_autoindex.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_autoindex.c,v
retrieving revision 1.48
retrieving revision 1.49
diff -u -r1.48 -r1.49
--- mod_autoindex.c 1997/09/18 08:12:22 1.48
+++ mod_autoindex.c 1997/09/26 02:59:10 1.49
@@ -716,10 +716,20 @@
++x;
}
}
+ else if (desc[x] == '') {
+ /* entities like auml; count as one character */
+ --maxsize;
+ for ( ; desc[x] != ';'; ++x) {
+ if (desc[x] == '\0') {
+ maxsize = 0;
+ break;
+ }
+ }
+}
else
--maxsize;
}
-if (!maxsize) {
+if (!maxsize desc[x] != '\0') {
desc[x - 1] = ''; /* Grump. */
desc[x] = '\0'; /* Double Grump! */
}
cvs commit: apachen/src/modules/standard mod_include.c
dgaudet 97/09/25 20:23:04 Modified:src CHANGES src/modules/standard mod_include.c Log: mod_include would use uninitialized data when parsing certain expressions involving and || PR: 1139 Submitted by: Brian Slesinsky [EMAIL PROTECTED] Reviewed by: Dean Gaudet, Jim Jagielski, Roy Fielding Revision ChangesPath 1.449 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.448 retrieving revision 1.449 diff -u -r1.448 -r1.449 --- CHANGES 1997/09/26 03:19:28 1.448 +++ CHANGES 1997/09/26 03:22:59 1.449 @@ -1,4 +1,7 @@ Changes with Apache 1.3b1 + + *) mod_include would use uninitialized data when parsing certain + expressions involving and ||. [Brian Slesinsky] PR#1139 *) mod_imap should only handle GET methods. [Jay Bloodworth] 1.55 +2 -0 apachen/src/modules/standard/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_include.c,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- mod_include.c 1997/09/19 17:25:10 1.54 +++ mod_include.c 1997/09/26 03:23:02 1.55 @@ -1569,6 +1569,7 @@ strncpy(current-left-token.value, buffer, MAX_STRING_LEN - 1); current-left-token.value[MAX_STRING_LEN - 1] = '\0'; + current-left-value = (current-left-token.value[0] != '\0'); current-left-done = 1; break; default: @@ -1584,6 +1585,7 @@ strncpy(current-right-token.value, buffer, MAX_STRING_LEN - 1); current-right-token.value[MAX_STRING_LEN - 1] = '\0'; + current-right-value = (current-right-token.value[0] != '\0'); current-right-done = 1; break; default:
cvs commit: apachen/src/main http_protocol.c
dgaudet 97/09/25 20:26:26
Modified:src CHANGES
src/main http_protocol.c
Log:
send_fb would not detect aborted connections in some situations
Reviewed by: Jim Jagielski, Roy Fielding
Revision ChangesPath
1.450 +4 -1 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.449
retrieving revision 1.450
diff -u -r1.449 -r1.450
--- CHANGES 1997/09/26 03:22:59 1.449
+++ CHANGES 1997/09/26 03:26:21 1.450
@@ -1,5 +1,8 @@
Changes with Apache 1.3b1
-
+
+ *) send_fb would not detect aborted connections in some situations.
+ [Dean Gaudet]
+
*) mod_include would use uninitialized data when parsing certain
expressions involving and ||. [Brian Slesinsky] PR#1139
1.163 +4 -2 apachen/src/main/http_protocol.c
Index: http_protocol.c
===
RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v
retrieving revision 1.162
retrieving revision 1.163
diff -u -r1.162 -r1.163
--- http_protocol.c 1997/09/14 10:04:58 1.162
+++ http_protocol.c 1997/09/26 03:26:24 1.163
@@ -1805,6 +1805,7 @@
soft_timeout(send body, r);
+FD_ZERO(fds);
while (!r-connection-aborted) {
if ((length 0) (total_bytes_sent + IOBUFSIZE) length)
len = length - total_bytes_sent;
@@ -1813,13 +1814,14 @@
do {
n = bread(fb, buf, len);
-if (n = 0)
+if (n = 0 || r-connection-aborted)
break;
if (n 0 errno != EAGAIN)
break;
/* we need to block, so flush the output first */
bflush(r-connection-client);
-FD_ZERO(fds);
+if (r-connection-aborted)
+break;
FD_SET(fd, fds);
/*
* we don't care what select says, we might as well loop back
cvs commit: apachen/src/modules/standard mod_cgi.c
dgaudet 97/09/25 20:52:15
Modified:src CHANGES
src/main httpd.h util.c util_script.c
src/modules/standard mod_cgi.c
Log:
Change to CGI permission test to allow User/Group tests to do the
right thing for suexec. [Randy Terbush] PR#918
(I had to rework this because the original was from pre-indent -djg)
PR: 918
Submitted by: Randy Terbush
Reviewed by: Dean Gaudet, Jim Jagielski
Revision ChangesPath
1.451 +3 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.450
retrieving revision 1.451
diff -u -r1.450 -r1.451
--- CHANGES 1997/09/26 03:26:21 1.450
+++ CHANGES 1997/09/26 03:52:08 1.451
@@ -1,4 +1,7 @@
Changes with Apache 1.3b1
+
+ *) Change to CGI permission test to allow User/Group tests to do the
+ right thing for suexec. [Randy Terbush] PR#918
*) send_fb would not detect aborted connections in some situations.
[Dean Gaudet]
1.150 +1 -1 apachen/src/main/httpd.h
Index: httpd.h
===
RCS file: /export/home/cvs/apachen/src/main/httpd.h,v
retrieving revision 1.149
retrieving revision 1.150
diff -u -r1.149 -r1.150
--- httpd.h 1997/09/16 00:25:46 1.149
+++ httpd.h 1997/09/26 03:52:10 1.150
@@ -834,7 +834,7 @@
API_EXPORT(uid_t) uname2id(const char *name);
API_EXPORT(gid_t) gname2id(const char *name);
API_EXPORT(int) is_directory(const char *name);
-API_EXPORT(int) can_exec(const struct stat *);
+API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t);
API_EXPORT(void) chdir_file(const char *file);
#ifndef HAVE_CANONICAL_FILENAME
1.70 +3 -3 apachen/src/main/util.c
Index: util.c
===
RCS file: /export/home/cvs/apachen/src/main/util.c,v
retrieving revision 1.69
retrieving revision 1.70
diff -u -r1.69 -r1.70
--- util.c1997/09/14 22:18:57 1.69
+++ util.c1997/09/26 03:52:11 1.70
@@ -1070,7 +1070,7 @@
return (x ? 1 : 0); /* If the first character is ':', it's
broken, too */
}
-API_EXPORT(int) can_exec(const struct stat *finfo)
+API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid)
{
#ifdef MULTIPLE_GROUPS
int cnt;
@@ -1079,10 +1079,10 @@
/* OS/2 dosen't have Users and Groups */
return 1;
#else
-if (user_id == finfo-st_uid)
+if (uid == finfo-st_uid)
if (finfo-st_mode S_IXUSR)
return 1;
-if (group_id == finfo-st_gid)
+if (gid == finfo-st_gid)
if (finfo-st_mode S_IXGRP)
return 1;
#ifdef MULTIPLE_GROUPS
1.75 +14 -0 apachen/src/main/util_script.c
Index: util_script.c
===
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -r1.74 -r1.75
--- util_script.c 1997/09/16 03:49:57 1.74
+++ util_script.c 1997/09/26 03:52:12 1.75
@@ -827,6 +827,13 @@
grpname = gr-gr_name;
}
+ if (!can_exec(r-finfo, pw-pw_uid, gr-gr_gid)) {
+ aplog_error(APLOG_MARK, APLOG_ERR, r-server,
+ file permissions deny server execution: %s,
+ r-filename);
+ return -1;
+ }
+
if (shellcmd)
execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
@@ -841,6 +848,13 @@
}
}
else {
+ if (!can_exec(r-finfo, user_id, group_id)) {
+ aplog_error(APLOG_MARK, APLOG_ERR, r-server,
+ file permissions deny server execution: %s,
+ r-filename);
+ return -1;
+ }
+
if (shellcmd)
execle(SHELL_PATH, SHELL_PATH, -c, argv0, NULL, env);
1.57 +0 -5 apachen/src/modules/standard/mod_cgi.c
Index: mod_cgi.c
===
RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- mod_cgi.c 1997/09/18 08:12:23 1.56
+++ mod_cgi.c 1997/09/26 03:52:14 1.57
@@ -400,11 +400,6 @@
return log_scripterror(r, conf, NOT_FOUND,
script not found or unable to stat);
#endif
-if (!suexec_enabled) {
- if (!can_exec(r-finfo))
- return log_scripterror(r, conf, FORBIDDEN,
-file permissions deny server execution);
-}
if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))
