r2098@chromobil: stefan | 2008-02-26 17:12:51 +0100

Fix #1574: Check for symlinks after successful pathinfo matching.


git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2093 152afb58-edef-0310-8abb-c4023f1b3aa9

src/response.c

@@ -553,17 +553,14 @@ handler_t http_response_prepare(server *srv, connection *con) {
 			buffer_copy_string_buffer(srv->tmp_buf, con->physical.path);
 
 			do {
-				struct stat st;
-
 				if (slash) {
 					buffer_copy_string_len(con->physical.path, srv->tmp_buf->ptr, slash - srv->tmp_buf->ptr);
 				} else {
 					buffer_copy_string_buffer(con->physical.path, srv->tmp_buf);
 				}
 
-				if (0 == stat(con->physical.path->ptr, &(st)) &&
-				    S_ISREG(st.st_mode)) {
-					found = 1;
+				if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
+					found = S_ISREG(sce->st.st_mode);
 					break;
 				}
 
@@ -595,6 +592,20 @@ handler_t http_response_prepare(server *srv, connection *con) {
 				return HANDLER_FINISHED;
 			}
 
+#ifdef HAVE_LSTAT
+			if ((sce->is_symlink != 0) && !con->conf.follow_symlink) {
+				con->http_status = 403;
+
+				if (con->conf.log_request_handling) {
+					log_error_write(srv, __FILE__, __LINE__,  "s",  "-- access denied due symlink restriction");
+					log_error_write(srv, __FILE__, __LINE__,  "sb", "Path         :", con->physical.path);
+				}
+
+				buffer_reset(con->physical.path);
+				return HANDLER_FINISHED;
+			};
+#endif
+
 			/* we have a PATHINFO */
 			if (pathinfo) {
 				buffer_copy_string(con->request.pathinfo, pathinfo);