NCSA httpd 1.0a3.1 released

Rob McCool (robm@ncsa.uiuc.edu)
Mon, 11 Oct 1993 03:06:33 -0500


In my rush to get NCSA httpd 1.0a3 out the door, I neglected to notice a bug
in which symlinks that were files and not directories were followed
regardless of the FollowSymLinks option. A fix has been released as NCSA
httpd 1.0a3.1. A source patch is attached for those who are using the source
and do not want to get the entire package again.

Thanks for your patience.
--Rob

The patch follows:

*** http_access.c.orig Sun Oct 10 20:30:13 1993
--- http_access.c Mon Oct 11 01:58:08 1993
***************
*** 154,159 ****
--- 154,172 ----
}
}
}
+ if((!(opts[num_dirs-1] & OPT_SYM_LINKS))&&(!(S_ISDIR(finfo->st_mode)))) {
+ struct stat fi;
+ strcpy(d,path);
+ lstat(d,&fi);
+ if(!S_ISDIR(fi.st_mode)) {
+ char errstr[MAX_STRING_LEN];
+ sprintf(errstr,"httpd: will not follow link %s",d);
+ log_error(errstr);
+ *allow = 0;
+ *allow_options = OPT_NONE;
+ return;
+ }
+ }
if(need_auth)
check_auth(sec);
*allow = will_allow;