Mailing List Archive: Apache: Dev

Re: svn commit: r829362 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

Index | Next | Previous | View Threaded

rpluem at apache

Oct 24, 2009, 8:43 AM

Post #1 of 3 (401 views)
Permalink

Re: svn commit: r829362 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c

On 10/24/2009 03:29 PM, sf [at] apache wrote:
> Author: sf
> Date: Sat Oct 24 13:29:03 2009
> New Revision: 829362
>
> URL: http://svn.apache.org/viewvc?rev=829362&view=rev
> Log:
> Only allow parens in filename if cachesize is given. Return error otherwise
> to catch missing parens.
>
> Modified:
> httpd/httpd/trunk/CHANGES
> httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
>

> Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829362&r1=829361&r2=829362&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
> +++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Sat Oct 24 13:29:03 2009
> @@ -280,11 +280,20 @@
>
> cp = strrchr(path, '(');
> cp2 = path + strlen(path) - 1;
> - if (cp && (*cp2 == ')')) {
> + if (cp) {
> + char *endptr;
> + if (*cp2 != ')') {
> + return "Invalid argument: no closing parenthesis or cache size "
> + "missing after pathname with parenthesis";
> + }

Doesn't this bring us back to the start where filenames with ( ) are not allowed?

So somehere/some(parens)path is now forbidden. Why?
I would say that only the following patterns should be invalid:

somehere/some(NONUMBERS
somehere/some(NONUMBERS)
somehere/some(NUMBERS

everything else should be allowed and if we do end the string with (NUMBERS)
it should be assumed that no cache size was given

Regards

Rüdiger

sf at sfritsch

Oct 24, 2009, 11:58 AM

Post #2 of 3 (353 views)
Permalink

Re: svn commit: r829362 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c [In reply to]

On Sat, 24 Oct 2009, Ruediger Pluem wrote:
>> Author: sf
>> Date: Sat Oct 24 13:29:03 2009
>> New Revision: 829362
>>
>> URL: http://svn.apache.org/viewvc?rev=829362&view=rev
>> Log:
>> Only allow parens in filename if cachesize is given. Return error otherwise
>> to catch missing parens.
>>
>> Modified:
>> httpd/httpd/trunk/CHANGES
>> httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
>>
>
>> Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829362&r1=829361&r2=829362&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
>> +++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Sat Oct 24 13:29:03 2009
>> @@ -280,11 +280,20 @@
>>
>> cp = strrchr(path, '(');
>> cp2 = path + strlen(path) - 1;
>> - if (cp && (*cp2 == ')')) {
>> + if (cp) {
>> + char *endptr;
>> + if (*cp2 != ')') {
>> + return "Invalid argument: no closing parenthesis or cache size "
>> + "missing after pathname with parenthesis";
>> + }
>
> Doesn't this bring us back to the start where filenames with ( ) are not allowed?

Now we consistently allow ( ) in the file name if the cache size is given
at the end. Before my changes, we never allowed ( ) in the file name,
even if there was an additional (NUMBERS) at the end.

> So somehere/some(parens)path is now forbidden. Why?
> I would say that only the following patterns should be invalid:
>
> somehere/some(NONUMBERS
> somehere/some(NONUMBERS)
> somehere/some(NUMBERS
>
> everything else should be allowed and if we do end the string with (NUMBERS)
> it should be assumed that no cache size was given

You mean "unless we do end the string with (NUMBERS)"?

I think the two variants I proposed are more predictable. Either allow
everything (which has the disadvantage that typos are not caught) or don't
allow parens in the path at all unless we also have a cache size.

But I don't really mind that much. If you think your variant is better,
I am fine with that, too.

Stefan

rpluem at apache

Oct 24, 2009, 12:05 PM

Post #3 of 3 (354 views)
Permalink

Re: svn commit: r829362 - in /httpd/httpd/trunk: CHANGES modules/cache/mod_socache_shmcb.c [In reply to]

On 10/24/2009 08:58 PM, Stefan Fritsch wrote:
> On Sat, 24 Oct 2009, Ruediger Pluem wrote:
>>> Author: sf
>>> Date: Sat Oct 24 13:29:03 2009
>>> New Revision: 829362
>>>
>>> URL: http://svn.apache.org/viewvc?rev=829362&view=rev
>>> Log:
>>> Only allow parens in filename if cachesize is given. Return error
>>> otherwise
>>> to catch missing parens.
>>>
>>> Modified:
>>> httpd/httpd/trunk/CHANGES
>>> httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
>>>
>>
>>> Modified: httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c?rev=829362&r1=829361&r2=829362&view=diff
>>>
>>> ==============================================================================
>>>
>>> --- httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c (original)
>>> +++ httpd/httpd/trunk/modules/cache/mod_socache_shmcb.c Sat Oct 24
>>> 13:29:03 2009
>>> @@ -280,11 +280,20 @@
>>>
>>> cp = strrchr(path, '(');
>>> cp2 = path + strlen(path) - 1;
>>> - if (cp && (*cp2 == ')')) {
>>> + if (cp) {
>>> + char *endptr;
>>> + if (*cp2 != ')') {
>>> + return "Invalid argument: no closing parenthesis or
>>> cache size "
>>> + "missing after pathname with parenthesis";
>>> + }
>>
>> Doesn't this bring us back to the start where filenames with ( ) are
>> not allowed?
>
> Now we consistently allow ( ) in the file name if the cache size is
> given at the end. Before my changes, we never allowed ( ) in the file
> name, even if there was an additional (NUMBERS) at the end.

Ok, now I get it better. This is also fine with me.

Regards

Rüdiger

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads