Summary: | request.c not correctly checking link owner uid for SymlinksIfOwnerMatch | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Robert L Mathews <rob-apache.org.bugs> |
Component: | Core | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | flynnj |
Priority: | P2 | Keywords: | FixedInTrunk |
Version: | 2.1-HEAD | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
Attachments: |
Patch for trunk
Patch for 2.0.x |
Description
Robert L Mathews
2005-09-23 15:58:54 UTC
Created attachment 16500 [details]
Patch for trunk
This patch is for the version of request.c in the 2.2 trunk.
Created attachment 16501 [details]
Patch for 2.0.x
This patch is for the 2.0.x series.
Out of interest, what platform triggered this? My testing never hits the code path you fixed, 'cos the test "if (!(lfi->valid & APR_FINFO_OWNER)) {" fails. Anyway, fixed in trunk in r632947 - thanks. (In reply to comment #3) > Out of interest, what platform triggered this? My testing never hits the code > path you fixed, 'cos the test "if (!(lfi->valid & APR_FINFO_OWNER)) {" fails. The bug doesn't happen on my platform (Linux); I caught it just by looking at the code while making an unrelated change to how FollowSymLinks works on our copy of Apache. But according to this post, it might happen on Win32: http://mail-archives.apache.org/mod_mbox/httpd-dev/200509.mbox/<43339114.3060705%40rowe-clan.net> > Anyway, fixed in trunk in r632947 Thanks! *** Bug 29647 has been marked as a duplicate of this bug. *** |