summaryrefslogtreecommitdiff
path: root/src/mod_access.c
diff options
context:
space:
mode:
authorGlenn Strauss <gstrauss@gluelogic.com>2017-03-05 15:39:45 -0500
committerGlenn Strauss <gstrauss@gluelogic.com>2017-03-08 11:42:59 -0500
commitbd77abe0f81f196006dbd46d7be61e7cc36911be (patch)
tree8f3b4ca98ee0a1a5d5a17aea96bdfe536bd8839c /src/mod_access.c
parent970f337c29e74b3e5f076cee105abc9739a9bd72 (diff)
downloadlighttpd1.4-bd77abe0f81f196006dbd46d7be61e7cc36911be.tar.gz
lighttpd1.4-bd77abe0f81f196006dbd46d7be61e7cc36911be.zip
[config] more specific checks for array lists
More specific checks on contents of array lists. Each module using lists now does better checking on the types of values in the list (strings, integers, arrays/lists) This helps prevent misconfiguration of things like cgi.assign, fastcgi.server, and scgi.server, where source code might be served as static files if parenthesis are misplaced. x-ref: https://redmine.lighttpd.net/boards/2/topics/6571
Diffstat (limited to 'src/mod_access.c')
-rw-r--r--src/mod_access.c12
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mod_access.c b/src/mod_access.c
index c450e76c..24b4bd8b 100644
--- a/src/mod_access.c
+++ b/src/mod_access.c
@@ -86,6 +86,18 @@ SETDEFAULTS_FUNC(mod_access_set_defaults) {
if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) {
return HANDLER_ERROR;
}
+
+ if (!array_is_vlist(s->access_deny)) {
+ log_error_write(srv, __FILE__, __LINE__, "s",
+ "unexpected value for url.access-deny; expected list of \"suffix\"");
+ return HANDLER_ERROR;
+ }
+
+ if (!array_is_vlist(s->access_allow)) {
+ log_error_write(srv, __FILE__, __LINE__, "s",
+ "unexpected value for url.access-allow; expected list of \"suffix\"");
+ return HANDLER_ERROR;
+ }
}
return HANDLER_GO_ON;