Browse Source

check that we can really read the file

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@681 152afb58-edef-0310-8abb-c4023f1b3aa9
svn/tags/lighttpd-1.4.6
Jan Kneschke 17 years ago
parent
commit
52125c82b8
  1. 3
      src/base.h
  2. 22
      src/response.c
  3. 3
      src/server.c

3
src/base.h

@ -551,6 +551,9 @@ typedef struct {
stat_cache *stat_cache;
fdevent_handler_t event_handler;
uid_t uid;
gid_t gid;
} server;

22
src/response.c

@ -409,7 +409,29 @@ handler_t http_response_prepare(server *srv, connection *con) {
return HANDLER_FINISHED;
}
} else if (!S_ISREG(sce->st.st_mode)) {
/* any special handling of non-reg files ?*/
}
/* can we read the file ? */
if (!(sce->st.st_mode & S_IROTH) &&
!(srv->gid == sce->st.st_gid &&
sce->st.st_mode & S_IRGRP) &&
!(srv->uid == sce->st.st_uid &&
sce->st.st_mode & S_IRUSR)) {
con->http_status = 403;
if (con->conf.log_request_handling) {
log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied");
log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", con->physical.path);
}
buffer_reset(con->physical.path);
return HANDLER_FINISHED;
}
} else {
switch (errno) {
case EACCES:

3
src/server.c

@ -659,6 +659,9 @@ int main (int argc, char **argv) {
/* network is up, let's deamonize ourself */
if (srv->srvconf.dont_daemonize == 0) daemonize();
#endif
srv->gid = getgid();
srv->uid = getuid();
/* write pid file */
if (pid_fd != -1) {

Loading…
Cancel
Save