diff -urN apache_1.3.29/src/os/cygwin/Makefile.tmpl apache_1.3.29-cygwin/src/os/cygwin/Makefile.tmpl
--- apache_1.3.29/src/os/cygwin/Makefile.tmpl 2001-04-02 11:22:10.000000000 +0200
+++ apache_1.3.29-cygwin/src/os/cygwin/Makefile.tmpl 2004-02-04 17:14:27.600481600 +0100
@@ -3,7 +3,7 @@
INCLUDES=$(INCLUDES1) $(INCLUDES0) $(EXTRA_INCLUDES)
LDFLAGS=$(LDFLAGS1) $(EXTRA_LDFLAGS)
-OBJS= os.o os-inline.o
+OBJS= os.o os-inline.o util_cygwin.o
LIB= libos.a
@@ -37,6 +37,12 @@
$(OBJS): Makefile
+$(INCDIR)/os.h: os.h
+ cp $< $@
+
+$(INCDIR)/os-inline.c: os-inline.c
+ cp $< $@
+
# DO NOT REMOVE
os-inline.o: os-inline.c $(INCDIR)/ap_config.h \
$(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
@@ -44,3 +50,8 @@
os.o: os.c $(INCDIR)/ap_config.h $(INCDIR)/ap_mmn.h \
$(INCDIR)/ap_config_auto.h $(OSDIR)/os.h \
$(INCDIR)/ap_ctype.h $(INCDIR)/hsregex.h os.h
+util_cygwin.o: util_cygwin.c $(INCDIR)/httpd.h $(INCDIR)/ap_config.h \
+ $(INCDIR)/ap_mmn.h $(INCDIR)/ap_config_auto.h \
+ $(INCDIR)/os.h $(INCDIR)/os-inline.c $(INCDIR)/ap_ctype.h \
+ $(INCDIR)/hsregex.h $(INCDIR)/ap_alloc.h $(INCDIR)/buff.h \
+ $(INCDIR)/ap.h $(INCDIR)/util_uri.h $(INCDIR)/http_log.h
diff -urN apache_1.3.29/src/os/cygwin/os.h apache_1.3.29-cygwin/src/os/cygwin/os.h
--- apache_1.3.29/src/os/cygwin/os.h 2003-02-03 18:13:32.000000000 +0100
+++ apache_1.3.29-cygwin/src/os/cygwin/os.h 2004-02-04 17:14:27.630524800 +0100
@@ -88,6 +88,10 @@
#define PLATFORM "Cygwin"
#endif
+/* define that we implement our own ap_os_canonical_filename() to
+ * circumvent backslash security holes in cygwin path processing. */
+#define HAVE_CANONICAL_FILENAME
+
/*
* Define winsock.h and winsock2.h stuff taken from Win32 API in case we
* want to do socket communication in Win32 native way rather then using
diff -urN apache_1.3.29/src/os/cygwin/util_cygwin.c apache_1.3.29-cygwin/src/os/cygwin/util_cygwin.c
--- apache_1.3.29/src/os/cygwin/util_cygwin.c 1970-01-01 01:00:00.000000000 +0100
+++ apache_1.3.29-cygwin/src/os/cygwin/util_cygwin.c 2004-02-04 17:14:27.640539200 +0100
@@ -0,0 +1,81 @@
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2003 The Apache Software Foundation. All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ * if any, must include the following acknowledgment:
+ * "This product includes software developed by the
+ * Apache Software Foundation (http://www.apache.org/)."
+ * Alternately, this acknowledgment may appear in the software itself,
+ * if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ * not be used to endorse or promote products derived from this
+ * software without prior written permission. For written
+ * permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ * nor may "Apache" appear in their name, without prior written
+ * permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * .
+ *
+ * Portions of this software are based upon public domain software
+ * originally written at the National Center for Supercomputing Applications,
+ * University of Illinois, Urbana-Champaign.
+ */
+
+#include
+#include "httpd.h"
+#include "http_log.h"
+
+
+API_EXPORT(char *) ap_os_canonical_filename(pool *pPool, const char *szFile)
+{
+ char *buf;
+ char buf2[MAX_STRING_LEN];
+ int rc, len;
+ char *pos;
+
+ len = strlen(szFile);
+ buf = ap_pstrndup(pPool, szFile, len);
+
+ /* Switch backslashes to forward */
+ for (pos=buf; *pos; pos++)
+ if (*pos == '\\')
+ *pos = '/';
+
+ return ap_pstrdup(pPool, buf);
+}
+