Attachment #192689 for bug #271470

View | Details | Raw Unified | Return to bug 271470
Collapse All | Expand All




    parms.temp_pool = ptemp;
    parms.server = s;
    parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;

    parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
                                            &arr_parms, NULL,

    parms.temp_pool = ptemp;
    parms.server = s;
    parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;

    rv = ap_pcfg_openfile(&cfp, p, fname);
    if (rv != APR_SUCCESS) {

    parms.temp_pool = ptemp;
    parms.server = s;
    parms.override = (RSRC_CONF | OR_ALL) & ~(OR_AUTHCFG | OR_LIMIT);
    parms.override_opts = OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
    parms.limited = -1;

    errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);




    conf->opts = dir ? OPT_UNSET : OPT_UNSET|OPT_ALL;
    conf->opts_add = conf->opts_remove = OPT_NONE;
    conf->override = dir ? OR_UNSET : OR_UNSET|OR_ALL;
    conf->override_opts = OPT_UNSET | OPT_ALL | OPT_SYM_OWNER | OPT_MULTI;
                          | OPT_MULTI;

    conf->content_md5 = 2;
    conf->accept_path_info = 3;

        conf->opts_remove = (conf->opts_remove & ~new->opts_add)
                            | new->opts_remove;
        conf->opts = (conf->opts & ~conf->opts_remove) | conf->opts_add;

        /* If Includes was enabled with exec in the base config, but
         * was enabled without exec in the new config, then disable
         * exec in the merged set. */
        if (((base->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC))
             == (OPT_INCLUDES|OPT_INC_WITH_EXEC))
            && ((new->opts & (OPT_INCLUDES|OPT_INC_WITH_EXEC))
                == OPT_INCLUDES)) {
            conf->opts &= ~OPT_INC_WITH_EXEC;
        }
    }
    else {

            opt = OPT_INDEXES;
        }
        else if (!strcasecmp(w, "Includes")) {
            /* If Includes is permitted, both Includes and
             * IncludesNOEXEC may be changed. */
            opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
        }
        else if (!strcasecmp(w, "IncludesNOEXEC")) {
            opt = OPT_INCLUDES;
        }
        else if (!strcasecmp(w, "FollowSymLinks")) {
            opt = OPT_SYM_LINKS;

            opt = OPT_INDEXES;
        }
        else if (!strcasecmp(w, "Includes")) {
            opt = (OPT_INCLUDES | OPT_INC_WITH_EXEC);
        }
        else if (!strcasecmp(w, "IncludesNOEXEC")) {
            opt = OPT_INCLUDES;
        }
        else if (!strcasecmp(w, "FollowSymLinks")) {
            opt = OPT_SYM_LINKS;

Lines 5-10 Link Here

(-)CHANGES (+6 lines)
5	mod_proxy_ajp: Avoid delivering content from a previous request which	5	mod_proxy_ajp: Avoid delivering content from a previous request which
6	failed to send a request body. PR 46949 [Ruediger Pluem]	6	failed to send a request body. PR 46949 [Ruediger Pluem]
7		7
		8	*) SECURITY: CVE-2009-1195 (cve.mitre.org)
		9	Prevent the "Includes" Option from being enabled in an .htaccess
		10	file if the AllowOverride restrictions do not permit it.
		11	[Jonathan Peatfield <j.s.peatfield damtp.cam.ac.uk>, Joe Orton,
		12	Ruediger Pluem]
		13
8	*) mod_proxy_ajp: Check more strictly that the backend follows the AJP	14	*) mod_proxy_ajp: Check more strictly that the backend follows the AJP
9	protocol. [Mladen Turk]	15	protocol. [Mladen Turk]
10		16

Lines 3574-3580 Link Here

(-)modules/filters/mod_include.c (-1 / +1 lines)
3574	intern->seen_eos = 0;	3574	intern->seen_eos = 0;
3575	intern->state = PARSE_PRE_HEAD;	3575	intern->state = PARSE_PRE_HEAD;
3576	ctx->flags = (SSI_FLAG_PRINTING \| SSI_FLAG_COND_TRUE);	3576	ctx->flags = (SSI_FLAG_PRINTING \| SSI_FLAG_COND_TRUE);
3577	if (ap_allow_options(r) & OPT_INCNOEXEC) {	3577	if ((ap_allow_options(r) & OPT_INC_WITH_EXEC) == 0) {
3578	ctx->flags \|= SSI_FLAG_NO_EXEC;	3578	ctx->flags \|= SSI_FLAG_NO_EXEC;
3579	}	3579	}
3580	intern->accessenable = conf->accessenable;	3580	intern->accessenable = conf->accessenable;




#define OPT_NONE 0
/** Indexes directive */
#define OPT_INDEXES 1
/** SSI is enabled without exec= permission  */
#define OPT_INCLUDES 2
/**  FollowSymLinks directive */
#define OPT_SYM_LINKS 4

#define OPT_EXECCGI 8
/**  directive unset */
#define OPT_UNSET 16
/**  SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
#define OPT_INC_WITH_EXEC 32
/** SymLinksIfOwnerMatch directive */
#define OPT_SYM_OWNER 64
/** MultiViews directive */
#define OPT_MULTI 128
/**  All directives */
#define OPT_ALL (OPT_INDEXES|OPT_INCLUDES|OPT_INC_WITH_EXEC|OPT_SYM_LINKS|OPT_EXECCGI)
/** @} */

/**

Return to bug 271470

Lines 1510-1516 Link Here

(-)server/config.c (-3 / +3 lines)
1510	parms.temp_pool = ptemp;	1510	parms.temp_pool = ptemp;
1511	parms.server = s;	1511	parms.server = s;
1512	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);	1512	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);
1513	parms.override_opts = OPT_ALL \| OPT_INCNOEXEC \| OPT_SYM_OWNER \| OPT_MULTI;	1513	parms.override_opts = OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI;
1514		1514
1515	parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",	1515	parms.config_file = ap_pcfg_open_custom(p, "-c/-C directives",
1516	&arr_parms, NULL,	1516	&arr_parms, NULL,
Lines 1617-1623 Link Here
1617	parms.temp_pool = ptemp;	1617	parms.temp_pool = ptemp;
1618	parms.server = s;	1618	parms.server = s;
1619	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);	1619	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);
1620	parms.override_opts = OPT_ALL \| OPT_INCNOEXEC \| OPT_SYM_OWNER \| OPT_MULTI;	1620	parms.override_opts = OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI;
1621		1621
1622	rv = ap_pcfg_openfile(&cfp, p, fname);	1622	rv = ap_pcfg_openfile(&cfp, p, fname);
1623	if (rv != APR_SUCCESS) {	1623	if (rv != APR_SUCCESS) {
Lines 1755-1761 Link Here
1755	parms.temp_pool = ptemp;	1755	parms.temp_pool = ptemp;
1756	parms.server = s;	1756	parms.server = s;
1757	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);	1757	parms.override = (RSRC_CONF \| OR_ALL) & ~(OR_AUTHCFG \| OR_LIMIT);
1758	parms.override_opts = OPT_ALL \| OPT_INCNOEXEC \| OPT_SYM_OWNER \| OPT_MULTI;	1758	parms.override_opts = OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI;
1759	parms.limited = -1;	1759	parms.limited = -1;
1760		1760
1761	errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);	1761	errmsg = ap_walk_config(conftree, &parms, s->lookup_defaults);

Lines 108-115 Link Here

(-)server/core.c (-8 / +16 lines)
108	conf->opts = dir ? OPT_UNSET : OPT_UNSET\|OPT_ALL;	108	conf->opts = dir ? OPT_UNSET : OPT_UNSET\|OPT_ALL;
109	conf->opts_add = conf->opts_remove = OPT_NONE;	109	conf->opts_add = conf->opts_remove = OPT_NONE;
110	conf->override = dir ? OR_UNSET : OR_UNSET\|OR_ALL;	110	conf->override = dir ? OR_UNSET : OR_UNSET\|OR_ALL;
111	conf->override_opts = OPT_UNSET \| OPT_ALL \| OPT_INCNOEXEC \| OPT_SYM_OWNER	111	conf->override_opts = OPT_UNSET \| OPT_ALL \| OPT_SYM_OWNER \| OPT_MULTI;
112	\| OPT_MULTI;
113		112
114	conf->content_md5 = 2;	113	conf->content_md5 = 2;
115	conf->accept_path_info = 3;	114	conf->accept_path_info = 3;
Lines 242-249 Link Here
242	conf->opts_remove = (conf->opts_remove & ~new->opts_add)	241	conf->opts_remove = (conf->opts_remove & ~new->opts_add)
243	\| new->opts_remove;	242	\| new->opts_remove;
244	conf->opts = (conf->opts & ~conf->opts_remove) \| conf->opts_add;	243	conf->opts = (conf->opts & ~conf->opts_remove) \| conf->opts_add;
245	if ((base->opts & OPT_INCNOEXEC) && (new->opts & OPT_INCLUDES)) {	244
246	conf->opts = (conf->opts & ~OPT_INCNOEXEC) \| OPT_INCLUDES;	245	/* If Includes was enabled with exec in the base config, but
		246	* was enabled without exec in the new config, then disable
		247	* exec in the merged set. */
		248	if (((base->opts & (OPT_INCLUDES\|OPT_INC_WITH_EXEC))
		249	== (OPT_INCLUDES\|OPT_INC_WITH_EXEC))
		250	&& ((new->opts & (OPT_INCLUDES\|OPT_INC_WITH_EXEC))
		251	== OPT_INCLUDES)) {
		252	conf->opts &= ~OPT_INC_WITH_EXEC;
247	}	253	}
248	}	254	}
249	else {	255	else {
Lines 1304-1313 Link Here
1304	opt = OPT_INDEXES;	1310	opt = OPT_INDEXES;
1305	}	1311	}
1306	else if (!strcasecmp(w, "Includes")) {	1312	else if (!strcasecmp(w, "Includes")) {
1307	opt = OPT_INCLUDES;	1313	/* If Includes is permitted, both Includes and
		1314	* IncludesNOEXEC may be changed. */
		1315	opt = (OPT_INCLUDES \| OPT_INC_WITH_EXEC);
1308	}	1316	}
1309	else if (!strcasecmp(w, "IncludesNOEXEC")) {	1317	else if (!strcasecmp(w, "IncludesNOEXEC")) {
1310	opt = (OPT_INCLUDES \| OPT_INCNOEXEC);	1318	opt = OPT_INCLUDES;
1311	}	1319	}
1312	else if (!strcasecmp(w, "FollowSymLinks")) {	1320	else if (!strcasecmp(w, "FollowSymLinks")) {
1313	opt = OPT_SYM_LINKS;	1321	opt = OPT_SYM_LINKS;
Lines 1428-1437 Link Here
1428	opt = OPT_INDEXES;	1436	opt = OPT_INDEXES;
1429	}	1437	}
1430	else if (!strcasecmp(w, "Includes")) {	1438	else if (!strcasecmp(w, "Includes")) {
1431	opt = OPT_INCLUDES;	1439	opt = (OPT_INCLUDES \| OPT_INC_WITH_EXEC);
1432	}	1440	}
1433	else if (!strcasecmp(w, "IncludesNOEXEC")) {	1441	else if (!strcasecmp(w, "IncludesNOEXEC")) {
1434	opt = (OPT_INCLUDES \| OPT_INCNOEXEC);	1442	opt = OPT_INCLUDES;
1435	}	1443	}
1436	else if (!strcasecmp(w, "FollowSymLinks")) {	1444	else if (!strcasecmp(w, "FollowSymLinks")) {
1437	opt = OPT_SYM_LINKS;	1445	opt = OPT_SYM_LINKS;

Lines 65-71 Link Here

(-)include/http_core.h (-4 / +4 lines)
65	#define OPT_NONE 0	65	#define OPT_NONE 0
66	/** Indexes directive */	66	/** Indexes directive */
67	#define OPT_INDEXES 1	67	#define OPT_INDEXES 1
68	/** Includes directive */	68	/** SSI is enabled without exec= permission */
69	#define OPT_INCLUDES 2	69	#define OPT_INCLUDES 2
70	/** FollowSymLinks directive */	70	/** FollowSymLinks directive */
71	#define OPT_SYM_LINKS 4	71	#define OPT_SYM_LINKS 4
Lines 73-86 Link Here
73	#define OPT_EXECCGI 8	73	#define OPT_EXECCGI 8
74	/** directive unset */	74	/** directive unset */
75	#define OPT_UNSET 16	75	#define OPT_UNSET 16
76	/** IncludesNOEXEC directive */	76	/** SSI exec= permission is permitted, iff OPT_INCLUDES is also set */
77	#define OPT_INCNOEXEC 32	77	#define OPT_INC_WITH_EXEC 32
78	/** SymLinksIfOwnerMatch directive */	78	/** SymLinksIfOwnerMatch directive */
79	#define OPT_SYM_OWNER 64	79	#define OPT_SYM_OWNER 64
80	/** MultiViews directive */	80	/** MultiViews directive */
81	#define OPT_MULTI 128	81	#define OPT_MULTI 128
82	/** All directives */	82	/** All directives */
83	#define OPT_ALL (OPT_INDEXES\|OPT_INCLUDES\|OPT_SYM_LINKS\|OPT_EXECCGI)	83	#define OPT_ALL (OPT_INDEXES\|OPT_INCLUDES\|OPT_INC_WITH_EXEC\|OPT_SYM_LINKS\|OPT_EXECCGI)
84	/** @} */	84	/** @} */
85		85
86	/**	86	/**