diff options
| -rw-r--r-- | InstallBin.dsp | 5 | ||||
| -rw-r--r-- | modules/arch/win32/mod_isapi.c | 15 | ||||
| -rw-r--r-- | modules/cache/mod_file_cache.c | 7 | ||||
| -rw-r--r-- | modules/dav/fs/mod_dav_fs.c | 7 | ||||
| -rw-r--r-- | modules/generators/mod_cgi.c | 6 | ||||
| -rw-r--r-- | modules/generators/mod_cgid.c | 11 | ||||
| -rw-r--r-- | modules/http/mod_mime.c | 13 | ||||
| -rw-r--r-- | modules/loggers/mod_log_config.c | 9 | ||||
| -rw-r--r-- | modules/mappers/mod_alias.c | 9 | ||||
| -rw-r--r-- | modules/mappers/mod_rewrite.c | 24 | ||||
| -rw-r--r-- | modules/mappers/mod_so.c | 12 | ||||
| -rw-r--r-- | modules/metadata/mod_mime_magic.c | 13 | ||||
| -rw-r--r-- | modules/proxy/proxy_ftp.c | 10 | ||||
| -rw-r--r-- | server/config.c | 19 | ||||
| -rw-r--r-- | server/core.c | 21 | ||||
| -rw-r--r-- | server/log.c | 31 | ||||
| -rw-r--r-- | server/mpm_common.c | 15 | ||||
| -rw-r--r-- | server/scoreboard.c | 7 |
18 files changed, 163 insertions, 71 deletions
diff --git a/InstallBin.dsp b/InstallBin.dsp index e772efab13..6bb204a670 100644 --- a/InstallBin.dsp +++ b/InstallBin.dsp @@ -1,5 +1,5 @@ # Microsoft Developer Studio Project File - Name="InstallBin" - Package Owner=<4> -# Microsoft Developer Studio Generated Build File, Format Version 6.00 +# Microsoft Developer Studio Generated Build File, Format Version 5.00 # ** DO NOT EDIT ** # TARGTYPE "Win32 (x86) External Target" 0x0106 @@ -22,7 +22,6 @@ CFG=InstallBin - Win32 Debug !MESSAGE # Begin Project -# PROP AllowPerConfigDependencies 0 # PROP Scc_ProjName "" # PROP Scc_LocalPath "" @@ -58,7 +57,7 @@ CFG=InstallBin - Win32 Debug # PROP Use_Debug_Libraries 1 # PROP Output_Dir "Debug" # PROP Intermediate_Dir "Debug" -# PROP Cmd_Line "NMAKE /f makefile.win INSTDIR="\Apache2" SHORT=D LONG=Debug _install" +# PROP Cmd_Line "NMAKE /f makefile.win INSTDIR="\test\Apache2.0.33" SHORT=D LONG=Debug _install" # PROP Rebuild_Opt "" # PROP Target_File "\Apache2\bin\Apache.exe" # PROP Bsc_Name "" diff --git a/modules/arch/win32/mod_isapi.c b/modules/arch/win32/mod_isapi.c index ede4d34bbd..522082a7de 100644 --- a/modules/arch/win32/mod_isapi.c +++ b/modules/arch/win32/mod_isapi.c @@ -1232,15 +1232,20 @@ static const char *isapi_cmd_cachefile(cmd_parms *cmd, void *dummy, char *fspec; fspec = ap_server_root_relative(cmd->pool, filename); - if (!fspec || (rv = apr_stat(&tmp, fspec, APR_FINFO_TYPE, - cmd->temp_pool)) != APR_SUCCESS) { + if (!fspec) { + ap_log_error(APLOG_MARK, APLOG_WARNING, APR_EBADPATH, cmd->server, + "ISAPI: Invalid module path %s, skipping", filename); + return NULL; + } + if ((rv = apr_stat(&tmp, fspec, APR_FINFO_TYPE, + cmd->temp_pool)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_WARNING, rv, cmd->server, - "ISAPI: unable to stat(%s), skipping", filename); + "ISAPI: unable to stat(%s), skipping", fspec); return NULL; } if (tmp.filetype != APR_REG) { ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, cmd->server, - "ISAPI: %s isn't a regular file, skipping", filename); + "ISAPI: %s isn't a regular file, skipping", fspec); return NULL; } @@ -1248,7 +1253,7 @@ static const char *isapi_cmd_cachefile(cmd_parms *cmd, void *dummy, rv = isapi_load(cmd->pool, sconf, NULL, fspec, &isa); if (rv != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_WARNING, rv, cmd->server, - "ISAPI: unable to cache %s, skipping", filename); + "ISAPI: unable to cache %s, skipping", fspec); return NULL; } diff --git a/modules/cache/mod_file_cache.c b/modules/cache/mod_file_cache.c index 43140bb667..c1682b5c5e 100644 --- a/modules/cache/mod_file_cache.c +++ b/modules/cache/mod_file_cache.c @@ -197,14 +197,15 @@ static void cache_the_file(cmd_parms *cmd, const char *filename, int mmap) fspec = ap_server_root_relative(cmd->pool, filename); if (!fspec) { - ap_log_error(APLOG_MARK, APLOG_WARNING|APLOG_NOERRNO, 0, cmd->server, - "mod_file_cache: unable to find relative path for " + ap_log_error(APLOG_MARK, APLOG_WARNING, APR_EBADPATH, cmd->server, + "mod_file_cache: invalid file path " "%s, skipping", filename); + return; } if ((rc = apr_stat(&tmp.finfo, fspec, APR_FINFO_MIN, cmd->temp_pool)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_WARNING, rc, cmd->server, - "mod_file_cache: unable to stat(%s), skipping", filename); + "mod_file_cache: unable to stat(%s), skipping", fspec); return; } if (tmp.finfo.filetype != APR_REG) { diff --git a/modules/dav/fs/mod_dav_fs.c b/modules/dav/fs/mod_dav_fs.c index 4754f78774..3f5c885124 100644 --- a/modules/dav/fs/mod_dav_fs.c +++ b/modules/dav/fs/mod_dav_fs.c @@ -54,6 +54,7 @@ #include "httpd.h" #include "http_config.h" +#include "apr_strings.h" #include "mod_dav.h" #include "repos.h" @@ -101,11 +102,15 @@ static const char *dav_fs_cmd_davlockdb(cmd_parms *cmd, void *config, const char *arg1) { dav_fs_server_conf *conf; - conf = ap_get_module_config(cmd->server->module_config, &dav_fs_module); conf->lockdb_path = ap_server_root_relative(cmd->pool, arg1); + if (!conf->lockdb_path) { + return apr_pstrcat(cmd->pool, "Invalid DAVLockDB path ", + arg1, NULL); + } + return NULL; } diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c index abc5107b80..69226a8da4 100644 --- a/modules/generators/mod_cgi.c +++ b/modules/generators/mod_cgi.c @@ -165,6 +165,12 @@ static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg) &cgi_module); conf->logname = ap_server_root_relative(cmd->pool, arg); + + if (!conf->logname) { + return apr_pstrcat(cmd->pool, "Invalid ScriptLog path ", + arg, NULL); + } + return NULL; } diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index de1d55afd7..ea285701e2 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -722,6 +722,11 @@ static const char *set_scriptlog(cmd_parms *cmd, void *dummy, const char *arg) &cgid_module); conf->logname = ap_server_root_relative(cmd->pool, arg); + + if (!conf->logname) { + return apr_pstrcat(cmd->pool, "Invalid ScriptLog path ", + arg1, NULL); + } return NULL; } @@ -752,6 +757,12 @@ static const char *set_script_socket(cmd_parms *cmd, void *dummy, const char *ar &cgid_module); conf->sockname = ap_server_root_relative(cmd->pool, arg); + + if (!conf->sockname) { + return apr_pstrcat(cmd->pool, "Invalid Scriptsock path ", + arg, NULL); + } + return NULL; } diff --git a/modules/http/mod_mime.c b/modules/http/mod_mime.c index 9f98b29101..cec660b3bd 100644 --- a/modules/http/mod_mime.c +++ b/modules/http/mod_mime.c @@ -439,10 +439,17 @@ static int mime_post_config(apr_pool_t *p, apr_pool_t *plog, apr_pool_t *ptemp, types_confname = AP_TYPES_CONFIG_FILE; types_confname = ap_server_root_relative(p, types_confname); - - if ((status = ap_pcfg_openfile(&f, ptemp, types_confname)) != APR_SUCCESS) { + if (!types_confname) { + ap_log_error(APLOG_MARK, APLOG_ERR, APR_EBADPATH, s, + "Invalid mime types config path %s", + ap_get_module_config(s->module_config, &mime_module)); + return HTTP_INTERNAL_SERVER_ERROR; + } + if ((status = ap_pcfg_openfile(&f, ptemp, types_confname)) + != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, status, s, - "could not open mime types config file %s.", types_confname); + "could not open mime types config file %s.", + types_confname); return HTTP_INTERNAL_SERVER_ERROR; } diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c index 5e8c89a9cf..37f7b0e653 100644 --- a/modules/loggers/mod_log_config.c +++ b/modules/loggers/mod_log_config.c @@ -1062,8 +1062,13 @@ static config_log_state *open_config_log(server_rec *s, apr_pool_t *p, } else { const char *fname = ap_server_root_relative(p, cls->fname); - if ((status = apr_file_open(&cls->log_fd, fname, xfer_flags, xfer_perms, p)) - != APR_SUCCESS) { + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_ERR, APR_EBADPATH, s, + "invalid transfer log path %s.", cls->fname); + exit(1); + } + if ((status = apr_file_open(&cls->log_fd, fname, xfer_flags, + xfer_perms, p)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, status, s, "could not open transfer log file %s.", fname); exit(1); diff --git a/modules/mappers/mod_alias.c b/modules/mappers/mod_alias.c index 88b74fc2bb..11e974ec07 100644 --- a/modules/mappers/mod_alias.c +++ b/modules/mappers/mod_alias.c @@ -382,11 +382,14 @@ static char *try_alias_list(request_rec *r, apr_array_header_t *aliases, int doe /* XXX This is as SLOW as can be, next step, we optimize * and merge to whatever part of the found path was already * canonicalized. After I finish eliminating os canonical. + * Better fail test for ap_server_root_relative needed here. */ - if (!doesc) + if (!doesc) { found = ap_server_root_relative(r->pool, found); - *status = p->redir_status; - + } + if (found) { + *status = p->redir_status; + } return found; } diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c index d4196b0d4a..b97ddf4f08 100644 --- a/modules/mappers/mod_rewrite.c +++ b/modules/mappers/mod_rewrite.c @@ -501,7 +501,12 @@ static const char *cmd_rewritelock(cmd_parms *cmd, void *dconf, const char *a1) if ((error = ap_check_cmd_context(cmd, GLOBAL_ONLY)) != NULL) return error; - lockname = a1; + /* fixup the path, especially for rewritelock_remove() */ + lockname = ap_server_root_relative(cmd->pool, a1); + + if (!lockname) { + return apr_pstrcat(cmd->pool, "Invalid RewriteLock path ", a1); + } return NULL; } @@ -3115,8 +3120,6 @@ static void open_rewritelog(server_rec *s, apr_pool_t *p) return; /* virtual log shared w/ main server */ } - fname = ap_server_root_relative(p, conf->rewritelogfile); - if (*conf->rewritelogfile == '|') { if ((pl = ap_open_piped_log(p, conf->rewritelogfile+1)) == NULL) { ap_log_error(APLOG_MARK, APLOG_ERR|APLOG_NOERRNO, 0, s, @@ -3127,8 +3130,16 @@ static void open_rewritelog(server_rec *s, apr_pool_t *p) conf->rewritelogfp = ap_piped_log_write_fd(pl); } else if (*conf->rewritelogfile != '\0') { - rc = apr_file_open(&conf->rewritelogfp, fname, rewritelog_flags, rewritelog_mode, p); - if (rc != APR_SUCCESS) { + fname = ap_server_root_relative(p, conf->rewritelogfile); + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_ERR, APR_EBADPATH, s, + "mod_rewrite: Invalid RewriteLog " + "path %s", conf->rewritelogfile); + exit(1); + } + if ((rc = apr_file_open(&conf->rewritelogfp, fname, + rewritelog_flags, rewritelog_mode, p)) + != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_ERR, rc, s, "mod_rewrite: could not open RewriteLog " "file %s", fname); @@ -3264,9 +3275,6 @@ static void rewritelock_create(server_rec *s, apr_pool_t *p) return; } - /* fixup the path, especially for rewritelock_remove() */ - lockname = ap_server_root_relative(p, lockname); - /* create the lockfile */ rc = apr_global_mutex_create(&rewrite_mapr_lock_acquire, lockname, APR_LOCK_DEFAULT, p); diff --git a/modules/mappers/mod_so.c b/modules/mappers/mod_so.c index ca9faac242..be2caf0cd0 100644 --- a/modules/mappers/mod_so.c +++ b/modules/mappers/mod_so.c @@ -200,7 +200,7 @@ static const char *load_module(cmd_parms *cmd, void *dummy, apr_dso_handle_t *modhandle; apr_dso_handle_sym_t modsym; module *modp; - const char *szModuleFile=ap_server_root_relative(cmd->pool, filename); + const char *szModuleFile = ap_server_root_relative(cmd->pool, filename); so_server_conf *sconf; moduleinfo *modi; moduleinfo *modie; @@ -212,11 +212,8 @@ static const char *load_module(cmd_parms *cmd, void *dummy, */ *(ap_directive_t **)dummy = NULL; - /* ap_server_root_relative returns NULL if the paths couldn't be - * merged (one is corrupt - dollars to donuts it's the named module - */ if (!szModuleFile) { - return apr_pstrcat(cmd->pool, "Cannot parse module name ", + return apr_pstrcat(cmd->pool, "Invalid LoadModule path ", filename, NULL); } @@ -312,11 +309,8 @@ static const char *load_file(cmd_parms *cmd, void *dummy, const char *filename) file = ap_server_root_relative(cmd->pool, filename); - /* ap_server_root_relative returns NULL if the paths couldn't be - * merged (one is corrupt - dollars to donuts it's the named module - */ if (!file) { - return apr_pstrcat(cmd->pool, "Cannot parse file name ", + return apr_pstrcat(cmd->pool, "Invalid LoadFile path ", filename, NULL); } diff --git a/modules/metadata/mod_mime_magic.c b/modules/metadata/mod_mime_magic.c index 35bf14041b..5c9d925260 100644 --- a/modules/metadata/mod_mime_magic.c +++ b/modules/metadata/mod_mime_magic.c @@ -964,12 +964,17 @@ static int apprentice(server_rec *s, apr_pool_t *p) #endif magic_server_config_rec *conf = (magic_server_config_rec *) ap_get_module_config(s->module_config, &mime_magic_module); - const char *fname = ap_server_root_relative(p, conf->magicfile); - result = apr_file_open(&f, fname, APR_READ | APR_BUFFERED, APR_OS_DEFAULT, p); - if (result != APR_SUCCESS) { + + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_ERR, APR_EBADPATH, s, + MODNAME ": Invalid magic file path %s", conf->magicfile); + return -1; + } + if ((result = apr_file_open(&f, fname, APR_READ | APR_BUFFERED, + APR_OS_DEFAULT, p) != APR_SUCCESS)) { ap_log_error(APLOG_MARK, APLOG_ERR, result, s, - MODNAME ": can't read magic file %s", fname); + MODNAME ": can't read magic file %s", fname); return -1; } diff --git a/modules/proxy/proxy_ftp.c b/modules/proxy/proxy_ftp.c index d3c2f1fe3b..41cdf2c7ca 100644 --- a/modules/proxy/proxy_ftp.c +++ b/modules/proxy/proxy_ftp.c @@ -370,7 +370,7 @@ apr_status_t ap_proxy_send_dir_filter(ap_filter_t *f, apr_bucket_brigade *in) /* Copy path, strip (all except the last) trailing slashes */ /* (the trailing slash is needed for the dir component loop below) */ - path = dir = ap_pstrcat(p, path, "/", NULL); + path = dir = apr_pstrcat(p, path, "/", NULL); for (n = strlen(path); n > 1 && path[n - 1] == '/' && path[n - 2] == '/'; --n) path[n - 1] = '\0'; @@ -569,9 +569,9 @@ apr_status_t ap_proxy_send_dir_filter(ap_filter_t *f, apr_bucket_brigade *in) filename = apr_pstrndup(p, &ctx->buffer[re_result[2].rm_so], re_result[2].rm_eo - re_result[2].rm_so); - str = ap_pstrcat(p, ap_escape_html(p, apr_pstrndup(p, ctx->buffer, re_result[2].rm_so)), - "<a href=\"", ap_escape_uri(p, filename), "\">", - ap_escape_html(p, filename), "</a>\n", NULL); + str = apr_pstrcat(p, ap_escape_html(p, apr_pstrndup(p, ctx->buffer, re_result[2].rm_so)), + "<a href=\"", ap_escape_uri(p, filename), "\">", + ap_escape_html(p, filename), "</a>\n", NULL); } else { strcat(ctx->buffer, "\n"); /* re-append the newline */ @@ -851,7 +851,7 @@ int ap_proxy_ftp_handler(request_rec *r, proxy_server_conf *conf, /* Check valid types, rather than ignoring invalid types silently: */ if (strchr("AEI", xfer_type) == NULL) - return ap_proxyerror(r, HTTP_BAD_REQUEST, ap_pstrcat(r->pool, + return ap_proxyerror(r, HTTP_BAD_REQUEST, apr_pstrcat(r->pool, "ftp proxy supports only types 'a', 'i', or 'e': \"", type_suffix, "\" is invalid.", NULL)); } diff --git a/server/config.c b/server/config.c index e2f3578529..037f88b3a9 100644 --- a/server/config.c +++ b/server/config.c @@ -1209,11 +1209,17 @@ AP_DECLARE_NONSTD(const char *) ap_set_file_slot(cmd_parms *cmd, void *struct_pt * This allows most args to be independent of server_root, * so the server can be moved or mirrored with less pain. */ - const char *p; + const char *path; int offset = (int)(long)cmd->info; - p = ap_server_root_relative(cmd->pool, arg); - *(const char **) ((char*)struct_ptr + offset) = p; + path = ap_server_root_relative(cmd->pool, arg); + + if (!path) { + return apr_pstrcat(cmd->pool, "Invalid file path ", + arg, NULL); + } + + *(const char **) ((char*)struct_ptr + offset) = path; return NULL; } @@ -1757,6 +1763,13 @@ AP_DECLARE(server_rec*) ap_read_config(process_rec *process, apr_pool_t *ptemp, */ confname = ap_server_root_relative(p, filename); + if (!confname) { + ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, + APR_EBADPATH, NULL, "Invalid config file path %s", + filename); + exit(1); + } + ap_process_resource_config(s, confname, conftree, p, ptemp); process_command_config(s, ap_server_post_read_config, conftree, diff --git a/server/core.c b/server/core.c index 279463caa5..7fb15c518f 100644 --- a/server/core.c +++ b/server/core.c @@ -1364,15 +1364,15 @@ static const char *set_etag_bits(cmd_parms *cmd, void *mconfig, bit = ETAG_INODE; } else { - return ap_pstrcat(cmd->pool, "Unknown keyword '", - token, "' for ", cmd->cmd->name, - " directive", NULL); + return apr_pstrcat(cmd->pool, "Unknown keyword '", + token, "' for ", cmd->cmd->name, + " directive", NULL); } if (! valid) { - return ap_pstrcat(cmd->pool, cmd->cmd->name, " keyword '", - token, "' cannot be used with '+' or '-'", - NULL); + return apr_pstrcat(cmd->pool, cmd->cmd->name, " keyword '", + token, "' cannot be used with '+' or '-'", + NULL); } if (action == '+') { @@ -2126,9 +2126,14 @@ static const char *include_config (cmd_parms *cmd, void *dummy, const char *name) { ap_directive_t *conftree = NULL; + const char* conffile = ap_server_root_relative(cmd->pool, name); + + if (!conffile) { + return apr_pstrcat(cmd->pool, "Invalid Include path ", + name, NULL); + } - ap_process_resource_config(cmd->server, - ap_server_root_relative(cmd->pool, name), + ap_process_resource_config(cmd->server, conffile, &conftree, cmd->pool, cmd->temp_pool); *(ap_directive_t **)dummy = conftree; return NULL; diff --git a/server/log.c b/server/log.c index c8edf972f3..5198f7003e 100644 --- a/server/log.c +++ b/server/log.c @@ -263,13 +263,18 @@ static void open_error_log(server_rec *s, apr_pool_t *p) #endif else { fname = ap_server_root_relative(p, s->error_fname); - rc = apr_file_open(&s->error_log, fname, - APR_APPEND | APR_READ | APR_WRITE | APR_CREATE, - APR_OS_DEFAULT, p); - if (rc != APR_SUCCESS) { + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_STARTUP, APR_EBADPATH, NULL, + "%s: Invalid error log path %s.", + ap_server_argv0, s->error_fname); + exit(1); + } + if ((rc = apr_file_open(&s->error_log, fname, + APR_APPEND | APR_READ | APR_WRITE | APR_CREATE, + APR_OS_DEFAULT, p)) != APR_SUCCESS) { ap_log_error(APLOG_MARK, APLOG_STARTUP, rc, NULL, "%s: could not open error log file %s.", - ap_server_argv0, fname); + ap_server_argv0, s->error_fname); exit(1); } @@ -535,18 +540,26 @@ AP_DECLARE(void) ap_log_rerror(const char *file, int line, int level, va_end(args); } -AP_DECLARE(void) ap_log_pid(apr_pool_t *p, const char *fname) +AP_DECLARE(void) ap_log_pid(apr_pool_t *p, const char *filename) { apr_file_t *pid_file = NULL; apr_finfo_t finfo; static pid_t saved_pid = -1; pid_t mypid; apr_status_t rv; + const char *fname; - if (!fname) - return; + if (!filename) { + return; + } + + fname = ap_server_root_relative(p, filename); + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_STARTUP|APLOG_CRIT, APR_EBADPATH, + NULL, "Invalid PID file path %s, ignoring.", filename); + return; + } - fname = ap_server_root_relative(p, fname); mypid = getpid(); if (mypid != saved_pid && apr_stat(&finfo, fname, APR_FINFO_MTIME, p) == APR_SUCCESS) { diff --git a/server/mpm_common.c b/server/mpm_common.c index 71019dc296..dfe0f1939c 100644 --- a/server/mpm_common.c +++ b/server/mpm_common.c @@ -629,6 +629,7 @@ char ap_coredump_dir[MAX_STRING_LEN]; const char *ap_mpm_set_coredumpdir(cmd_parms *cmd, void *dummy, const char *arg) { + apr_status_t rv; apr_finfo_t finfo; const char *fname; const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); @@ -637,12 +638,18 @@ const char *ap_mpm_set_coredumpdir(cmd_parms *cmd, void *dummy, } fname = ap_server_root_relative(cmd->pool, arg); - if ((apr_stat(&finfo, fname, APR_FINFO_TYPE, cmd->pool) != APR_SUCCESS) - || (finfo.filetype != APR_DIR)) { + if (!fname) { + return apr_pstrcat(cmd->pool, "Invalid CoreDumpDirectory path ", + arg, NULL); + } + if ((rv = apr_stat(&finfo, fname, APR_FINFO_TYPE, cmd->pool)) != APR_SUCCESS) { return apr_pstrcat(cmd->pool, "CoreDumpDirectory ", fname, - " does not exist or is not a directory", NULL); + " does not exist", NULL); + } + if (finfo.filetype != APR_DIR) { + return apr_pstrcat(cmd->pool, "CoreDumpDirectory ", fname, + " is not a directory", NULL); } - apr_cpystrn(ap_coredump_dir, fname, sizeof(ap_coredump_dir)); return NULL; } diff --git a/server/scoreboard.c b/server/scoreboard.c index bbfdcf8097..b1f5b69264 100644 --- a/server/scoreboard.c +++ b/server/scoreboard.c @@ -213,7 +213,12 @@ static apr_status_t open_scoreboard(apr_pool_t *pconf) if (ap_scoreboard_fname) { /* make sure it's an absolute pathname */ fname = ap_server_root_relative(pconf, ap_scoreboard_fname); - + if (!fname) { + ap_log_error(APLOG_MARK, APLOG_CRIT, APR_EBADPATH, NULL, + "Fatal error: Invalid Scoreboard path %s", + ap_scoreboard_fname); + return APR_EBADPATH; + } return create_namebased_scoreboard(global_pool, fname); } else { /* config didn't specify, we get to choose shmem type */ |