cvs commit: apachen/src/modules/standard mod_alias.c
dgaudet 97/09/25 19:56:43 Modified:src CHANGES src/modules/standard mod_alias.c Log: PR#1153: RedirectMatch does not escape its result. and unrelated to that PR: RedirectMatch does not allow constructs such as RedirectMatch /advertiser/(.*) $1. Reviewed by: Jim Jagielski, Roy Fielding Revision ChangesPath 1.445 +4 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.444 retrieving revision 1.445 diff -u -r1.444 -r1.445 --- CHANGES 1997/09/19 17:32:02 1.444 +++ CHANGES 1997/09/26 02:56:39 1.445 @@ -1,5 +1,9 @@ Changes with Apache 1.3b1 + *) RedirectMatch was not properly escaping the result (PR#1155). Also + RedirectMatch /advertiser/(.*) $1 is now permitted. + [Dean Gaudet] + *) mod_include now uses symbolic names to check for request success and return HTTP errors, and correctly handles all types of redirections (previously it only did temporary redirect correctly). 1.25 +6 -2 apachen/src/modules/standard/mod_alias.c Index: mod_alias.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_alias.c,v retrieving revision 1.24 retrieving revision 1.25 diff -u -r1.24 -r1.25 --- mod_alias.c 1997/09/16 05:31:56 1.24 +++ mod_alias.c 1997/09/26 02:56:42 1.25 @@ -188,7 +188,7 @@ if (is_HTTP_REDIRECT(status)) { if (!url) return URL to redirect to is missing; - if (!is_url(url)) + if (!use_regex !is_url(url)) return Redirect to non-URL; } else { @@ -295,9 +295,13 @@ int l; if (p-regexp) { - if (!regexec(p-regexp, r-uri, p-regexp-re_nsub + 1, regm, 0)) + if (!regexec(p-regexp, r-uri, p-regexp-re_nsub + 1, regm, 0)) { found = pregsub(r-pool, p-real, r-uri, p-regexp-re_nsub + 1, regm); + if (found doesc) { + found = escape_uri(r-pool, found); + } + } } else { l = alias_matches(r-uri, p-fake);
cvs commit: apachen/src/modules/standard mod_autoindex.c
dgaudet 97/09/25 19:59:11 Modified:src CHANGES src/modules/standard mod_autoindex.c Log: 1) Entity Names (like uuml;) are parsed and counted as having a width of one character. Until now, their length was taken in column counting, resulting in too early truncated description columns. 2) The last character of a description text which had the maximum allowed length (27?) was overwritten with the truncated character (''). This didn't make the string any shorter, but made it unreadable :-( Now the string is truncated only if it really exceeds the maximum length. Submitted by: Martin Kraemer Reviewed by: Dean Gaudet, Jim Jagielski, Roy Fielding Revision ChangesPath 1.446 +5 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.445 retrieving revision 1.446 diff -u -r1.445 -r1.446 --- CHANGES 1997/09/26 02:56:39 1.445 +++ CHANGES 1997/09/26 02:59:07 1.446 @@ -1,5 +1,10 @@ Changes with Apache 1.3b1 + *) mod_autoindex improperly counted escapes; as more than one + character in the description. It also improperly truncated + descriptions that were exactly the maximum length. + [Martin Kraemer] + *) RedirectMatch was not properly escaping the result (PR#1155). Also RedirectMatch /advertiser/(.*) $1 is now permitted. [Dean Gaudet] 1.49 +11 -1 apachen/src/modules/standard/mod_autoindex.c Index: mod_autoindex.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_autoindex.c,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- mod_autoindex.c 1997/09/18 08:12:22 1.48 +++ mod_autoindex.c 1997/09/26 02:59:10 1.49 @@ -716,10 +716,20 @@ ++x; } } + else if (desc[x] == '') { + /* entities like auml; count as one character */ + --maxsize; + for ( ; desc[x] != ';'; ++x) { + if (desc[x] == '\0') { + maxsize = 0; + break; + } + } +} else --maxsize; } -if (!maxsize) { +if (!maxsize desc[x] != '\0') { desc[x - 1] = ''; /* Grump. */ desc[x] = '\0'; /* Double Grump! */ }
cvs commit: apachen/src/modules/standard mod_include.c
dgaudet 97/09/25 20:23:04 Modified:src CHANGES src/modules/standard mod_include.c Log: mod_include would use uninitialized data when parsing certain expressions involving and || PR: 1139 Submitted by: Brian Slesinsky [EMAIL PROTECTED] Reviewed by: Dean Gaudet, Jim Jagielski, Roy Fielding Revision ChangesPath 1.449 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.448 retrieving revision 1.449 diff -u -r1.448 -r1.449 --- CHANGES 1997/09/26 03:19:28 1.448 +++ CHANGES 1997/09/26 03:22:59 1.449 @@ -1,4 +1,7 @@ Changes with Apache 1.3b1 + + *) mod_include would use uninitialized data when parsing certain + expressions involving and ||. [Brian Slesinsky] PR#1139 *) mod_imap should only handle GET methods. [Jay Bloodworth] 1.55 +2 -0 apachen/src/modules/standard/mod_include.c Index: mod_include.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_include.c,v retrieving revision 1.54 retrieving revision 1.55 diff -u -r1.54 -r1.55 --- mod_include.c 1997/09/19 17:25:10 1.54 +++ mod_include.c 1997/09/26 03:23:02 1.55 @@ -1569,6 +1569,7 @@ strncpy(current-left-token.value, buffer, MAX_STRING_LEN - 1); current-left-token.value[MAX_STRING_LEN - 1] = '\0'; + current-left-value = (current-left-token.value[0] != '\0'); current-left-done = 1; break; default: @@ -1584,6 +1585,7 @@ strncpy(current-right-token.value, buffer, MAX_STRING_LEN - 1); current-right-token.value[MAX_STRING_LEN - 1] = '\0'; + current-right-value = (current-right-token.value[0] != '\0'); current-right-done = 1; break; default:
cvs commit: apachen/src/main http_protocol.c
dgaudet 97/09/25 20:26:26 Modified:src CHANGES src/main http_protocol.c Log: send_fb would not detect aborted connections in some situations Reviewed by: Jim Jagielski, Roy Fielding Revision ChangesPath 1.450 +4 -1 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.449 retrieving revision 1.450 diff -u -r1.449 -r1.450 --- CHANGES 1997/09/26 03:22:59 1.449 +++ CHANGES 1997/09/26 03:26:21 1.450 @@ -1,5 +1,8 @@ Changes with Apache 1.3b1 - + + *) send_fb would not detect aborted connections in some situations. + [Dean Gaudet] + *) mod_include would use uninitialized data when parsing certain expressions involving and ||. [Brian Slesinsky] PR#1139 1.163 +4 -2 apachen/src/main/http_protocol.c Index: http_protocol.c === RCS file: /export/home/cvs/apachen/src/main/http_protocol.c,v retrieving revision 1.162 retrieving revision 1.163 diff -u -r1.162 -r1.163 --- http_protocol.c 1997/09/14 10:04:58 1.162 +++ http_protocol.c 1997/09/26 03:26:24 1.163 @@ -1805,6 +1805,7 @@ soft_timeout(send body, r); +FD_ZERO(fds); while (!r-connection-aborted) { if ((length 0) (total_bytes_sent + IOBUFSIZE) length) len = length - total_bytes_sent; @@ -1813,13 +1814,14 @@ do { n = bread(fb, buf, len); -if (n = 0) +if (n = 0 || r-connection-aborted) break; if (n 0 errno != EAGAIN) break; /* we need to block, so flush the output first */ bflush(r-connection-client); -FD_ZERO(fds); +if (r-connection-aborted) +break; FD_SET(fd, fds); /* * we don't care what select says, we might as well loop back
cvs commit: apachen/src/modules/standard mod_cgi.c
dgaudet 97/09/25 20:52:15 Modified:src CHANGES src/main httpd.h util.c util_script.c src/modules/standard mod_cgi.c Log: Change to CGI permission test to allow User/Group tests to do the right thing for suexec. [Randy Terbush] PR#918 (I had to rework this because the original was from pre-indent -djg) PR: 918 Submitted by: Randy Terbush Reviewed by: Dean Gaudet, Jim Jagielski Revision ChangesPath 1.451 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.450 retrieving revision 1.451 diff -u -r1.450 -r1.451 --- CHANGES 1997/09/26 03:26:21 1.450 +++ CHANGES 1997/09/26 03:52:08 1.451 @@ -1,4 +1,7 @@ Changes with Apache 1.3b1 + + *) Change to CGI permission test to allow User/Group tests to do the + right thing for suexec. [Randy Terbush] PR#918 *) send_fb would not detect aborted connections in some situations. [Dean Gaudet] 1.150 +1 -1 apachen/src/main/httpd.h Index: httpd.h === RCS file: /export/home/cvs/apachen/src/main/httpd.h,v retrieving revision 1.149 retrieving revision 1.150 diff -u -r1.149 -r1.150 --- httpd.h 1997/09/16 00:25:46 1.149 +++ httpd.h 1997/09/26 03:52:10 1.150 @@ -834,7 +834,7 @@ API_EXPORT(uid_t) uname2id(const char *name); API_EXPORT(gid_t) gname2id(const char *name); API_EXPORT(int) is_directory(const char *name); -API_EXPORT(int) can_exec(const struct stat *); +API_EXPORT(int) can_exec(const struct stat *, uid_t, gid_t); API_EXPORT(void) chdir_file(const char *file); #ifndef HAVE_CANONICAL_FILENAME 1.70 +3 -3 apachen/src/main/util.c Index: util.c === RCS file: /export/home/cvs/apachen/src/main/util.c,v retrieving revision 1.69 retrieving revision 1.70 diff -u -r1.69 -r1.70 --- util.c1997/09/14 22:18:57 1.69 +++ util.c1997/09/26 03:52:11 1.70 @@ -1070,7 +1070,7 @@ return (x ? 1 : 0); /* If the first character is ':', it's broken, too */ } -API_EXPORT(int) can_exec(const struct stat *finfo) +API_EXPORT(int) can_exec(const struct stat *finfo, uid_t uid, gid_t gid) { #ifdef MULTIPLE_GROUPS int cnt; @@ -1079,10 +1079,10 @@ /* OS/2 dosen't have Users and Groups */ return 1; #else -if (user_id == finfo-st_uid) +if (uid == finfo-st_uid) if (finfo-st_mode S_IXUSR) return 1; -if (group_id == finfo-st_gid) +if (gid == finfo-st_gid) if (finfo-st_mode S_IXGRP) return 1; #ifdef MULTIPLE_GROUPS 1.75 +14 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.74 retrieving revision 1.75 diff -u -r1.74 -r1.75 --- util_script.c 1997/09/16 03:49:57 1.74 +++ util_script.c 1997/09/26 03:52:12 1.75 @@ -827,6 +827,13 @@ grpname = gr-gr_name; } + if (!can_exec(r-finfo, pw-pw_uid, gr-gr_gid)) { + aplog_error(APLOG_MARK, APLOG_ERR, r-server, + file permissions deny server execution: %s, + r-filename); + return -1; + } + if (shellcmd) execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env); @@ -841,6 +848,13 @@ } } else { + if (!can_exec(r-finfo, user_id, group_id)) { + aplog_error(APLOG_MARK, APLOG_ERR, r-server, + file permissions deny server execution: %s, + r-filename); + return -1; + } + if (shellcmd) execle(SHELL_PATH, SHELL_PATH, -c, argv0, NULL, env); 1.57 +0 -5 apachen/src/modules/standard/mod_cgi.c Index: mod_cgi.c === RCS file: /export/home/cvs/apachen/src/modules/standard/mod_cgi.c,v retrieving revision 1.56 retrieving revision 1.57 diff -u -r1.56 -r1.57 --- mod_cgi.c 1997/09/18 08:12:23 1.56 +++ mod_cgi.c 1997/09/26 03:52:14 1.57 @@ -400,11 +400,6 @@ return log_scripterror(r, conf, NOT_FOUND, script not found or unable to stat); #endif -if (!suexec_enabled) { - if (!can_exec(r-finfo)) - return log_scripterror(r, conf, FORBIDDEN, -file permissions deny server execution); -} if ((retval = setup_client_block(r, REQUEST_CHUNKED_ERROR)))