source: trunk/server/common/patches/httpd-mod_status-security.patch @ 2658

Last change on this file since 2658 was 2591, checked in by achernya, 10 years ago
Reintegrate fc20-dev into trunk
File size: 2.7 KB
  • modules/generators/mod_status.c

    From c9e5769ec7163cadd44a1b1a75a12a75a5a1db58 Mon Sep 17 00:00:00 2001
    From: Alexander Chernyakhovsky <achernya@mit.edu>
    Date: Fri, 3 May 2013 21:39:17 -0400
    Subject: [PATCH] Prevent mod_status from taking effect in .htaccess files
    
    Introduce a directive to the Apache configuration that is only
    permitted in a directory context, called "PermitStatusHandler", to
    prevent users from enabling mod_status from their .htaccess files.
    
    Signed-off-by: Quentin Smith <quentin@mit.edu>
    Signed-off-by: Geoffrey Thomas <geofft@mit.edu>
    ---
     modules/generators/mod_status.c | 33 +++++++++++++++++++++++++++++----
     1 file changed, 29 insertions(+), 4 deletions(-)
    
    diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c
    index fe832b3..92a6f69 100644
    a b APR_IMPLEMENT_OPTIONAL_HOOK_RUN_ALL(ap, STATUS, int, status_hook, 
    103103static pid_t child_pid;
    104104#endif
    105105
     106typedef struct {
     107  int permit_status_handler;
     108} status_config_rec;
     109
     110static void *create_status_dir_config(apr_pool_t *p, char *d)
     111{
     112  status_config_rec *conf = apr_pcalloc(p, sizeof(*conf));
     113  conf->permit_status_handler = 0;
     114  return conf;
     115}
     116
     117static const command_rec status_module_cmds[] =
     118{
     119    AP_INIT_FLAG("PermitStatusHandler", ap_set_flag_slot,
     120                 (void *)APR_OFFSETOF(status_config_rec, permit_status_handler),
     121                 ACCESS_CONF,
     122      "As a security measure, only permit status handlers where this flag "
     123      "is set. Only legal in directory context, not .htaccess."),
     124    {NULL}
     125};
     126
    106127/* Format the number of bytes nicely */
    107128static void format_byte_out(request_rec *r, apr_off_t bytes)
    108129{
    static int status_handler(request_rec *r) 
    207228    int times_per_thread;
    208229#endif
    209230
    210     if (strcmp(r->handler, STATUS_MAGIC_TYPE) && strcmp(r->handler,
    211             "server-status")) {
     231    status_config_rec *conf = ap_get_module_config(r->per_dir_config,
     232                                                   &status_module);
     233
     234    if ((strcmp(r->handler, STATUS_MAGIC_TYPE) &&
     235         strcmp(r->handler, "server-status")) ||
     236        !conf->permit_status_handler) {
    212237        return DECLINED;
    213238    }
    214239
    static void register_hooks(apr_pool_t *p) 
    948973AP_DECLARE_MODULE(status) =
    949974{
    950975    STANDARD20_MODULE_STUFF,
    951     NULL,                       /* dir config creater */
     976    create_status_dir_config,   /* dir config creater */
    952977    NULL,                       /* dir merger --- default is to override */
    953978    NULL,                       /* server config */
    954979    NULL,                       /* merge server config */
    955     NULL,                       /* command table */
     980    status_module_cmds,         /* command table */
    956981    register_hooks              /* register_hooks */
    957982};
Note: See TracBrowser for help on using the repository browser.