[nginx] svn commit: r4489 - in trunk/src: core os/unix
vbart at nginx.com
vbart at nginx.com
Tue Feb 21 15:10:14 UTC 2012
Author: vbart
Date: 2012-02-21 15:10:13 +0000 (Tue, 21 Feb 2012)
New Revision: 4489
Modified:
trunk/src/core/ngx_open_file_cache.c
trunk/src/os/unix/ngx_files.h
Log:
Disable symlinks: use O_SEARCH|O_DIRECTORY to open path components.
Modified: trunk/src/core/ngx_open_file_cache.c
===================================================================
--- trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:04:41 UTC (rev 4488)
+++ trunk/src/core/ngx_open_file_cache.c 2012-02-21 15:10:13 UTC (rev 4489)
@@ -565,7 +565,6 @@
u_char *p, *cp, *end;
ngx_fd_t at_fd;
ngx_str_t at_name;
- ngx_file_info_t fi;
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) {
fd = ngx_open_file(name->data, mode, create, access);
@@ -586,7 +585,7 @@
if (*p == '/') {
at_fd = ngx_open_file("/",
- NGX_FILE_RDONLY|NGX_FILE_NONBLOCK,
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK,
NGX_FILE_OPEN, 0);
if (at_fd == NGX_INVALID_FILE) {
@@ -617,12 +616,12 @@
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) {
fd = ngx_openat_file_owner(at_fd, p,
- NGX_FILE_RDONLY|NGX_FILE_NONBLOCK,
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK,
NGX_FILE_OPEN, 0, log);
} else {
fd = ngx_openat_file(at_fd, p,
- NGX_FILE_RDONLY|NGX_FILE_NONBLOCK|NGX_FILE_NOFOLLOW,
+ NGX_FILE_SEARCH|NGX_FILE_NONBLOCK|NGX_FILE_NOFOLLOW,
NGX_FILE_OPEN, 0);
}
@@ -647,35 +646,18 @@
if (p == end) {
/*
- * If pathname ends with a trailing slash, check if last path
- * component is a directory; if not, fail with ENOTDIR as per
- * POSIX.
+ * If pathname ends with a trailing slash, assume the last path
+ * component is a directory and reopen it with requested flags;
+ * if not, fail with ENOTDIR as per POSIX.
*
- * We use separate check instead of O_DIRECTORY in the loop above,
- * as O_DIRECTORY doesn't work on FreeBSD 8.
- *
- * Note this returns already opened file descriptor, with different
- * mode/create/access. This is believed to be safe as we don't
- * use this codepath to create directories.
+ * We cannot rely on O_DIRECTORY in the loop above to check
+ * that the last path component is a directory because
+ * O_DIRECTORY doesn't work on FreeBSD 8. Fortunately, by
+ * reopening a directory, we don't depend on it at all.
*/
- if (ngx_fd_info(at_fd, &fi) == NGX_FILE_ERROR) {
- of->err = ngx_errno;
- of->failed = ngx_fd_info_n;
- fd = NGX_INVALID_FILE;
-
- goto failed;
- }
-
- if (ngx_is_dir(&fi)) {
- return at_fd;
- }
-
- of->err = ENOTDIR;
- of->failed = ngx_openat_file_n;
- fd = NGX_INVALID_FILE;
-
- goto failed;
+ fd = ngx_openat_file(at_fd, ".", mode, create, access);
+ goto done;
}
if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER
@@ -687,6 +669,8 @@
fd = ngx_openat_file(at_fd, p, mode|NGX_FILE_NOFOLLOW, create, access);
}
+done:
+
if (fd == NGX_INVALID_FILE) {
of->err = ngx_errno;
of->failed = ngx_openat_file_n;
Modified: trunk/src/os/unix/ngx_files.h
===================================================================
--- trunk/src/os/unix/ngx_files.h 2012-02-21 15:04:41 UTC (rev 4488)
+++ trunk/src/os/unix/ngx_files.h 2012-02-21 15:10:13 UTC (rev 4489)
@@ -78,8 +78,25 @@
#if (NGX_HAVE_OPENAT)
#define NGX_FILE_NOFOLLOW O_NOFOLLOW
+
+#if defined(O_DIRECTORY)
+#define NGX_FILE_DIRECTORY O_DIRECTORY
+#else
+#define NGX_FILE_DIRECTORY 0
#endif
+#if defined(O_SEARCH)
+#define NGX_FILE_SEARCH O_SEARCH|NGX_FILE_DIRECTORY
+
+#elif defined(O_EXEC)
+#define NGX_FILE_SEARCH O_EXEC|NGX_FILE_DIRECTORY
+
+#else
+#define NGX_FILE_SEARCH O_RDONLY|NGX_FILE_DIRECTORY
+#endif
+
+#endif /* NGX_HAVE_OPENAT */
+
#define NGX_FILE_DEFAULT_ACCESS 0644
#define NGX_FILE_OWNER_ACCESS 0600
More information about the nginx-devel
mailing list