Author: defan
Date: 2012-02-13 16:32:21 +0000 (Mon, 13 Feb 2012)
New Revision: 4479
Log:
Support for disable_symlinks in various modules.
Modified:
trunk/src/http/modules/ngx_http_flv_module.c
trunk/src/http/modules/ngx_http_gzip_static_module.c
trunk/src/http/modules/ngx_http_index_module.c
trunk/src/http/modules/ngx_http_log_module.c
trunk/src/http/modules/ngx_http_mp4_module.c
trunk/src/http/modules/ngx_http_static_module.c
trunk/src/http/modules/perl/nginx.xs
trunk/src/http/ngx_http_script.c
Modified: trunk/src/http/modules/ngx_http_flv_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_flv_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_flv_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -109,6 +109,9 @@
of.min_uses = clcf->open_file_cache_min_uses;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -127,6 +130,10 @@
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
Modified: trunk/src/http/modules/ngx_http_gzip_static_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_gzip_static_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_gzip_static_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -129,6 +129,9 @@
of.min_uses = clcf->open_file_cache_min_uses;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -145,6 +148,10 @@
return NGX_DECLINED;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
break;
Modified: trunk/src/http/modules/ngx_http_index_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_index_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_index_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -209,6 +209,9 @@
of.test_only = 1;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -220,6 +223,14 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
+#if (NGX_HAVE_OPENAT)
+ if (of.err == NGX_EMLINK
+ || of.err == NGX_ELOOP)
+ {
+ return NGX_HTTP_FORBIDDEN;
+ }
+#endif
+
if (of.err == NGX_ENOTDIR
|| of.err == NGX_ENAMETOOLONG
|| of.err == NGX_EACCES)
@@ -296,12 +307,23 @@
of.test_only = 1;
of.valid = clcf->open_file_cache_valid;
of.errors = clcf->open_file_cache_errors;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &dir, &of, r->pool)
!= NGX_OK)
{
if (of.err) {
+#if (NGX_HAVE_OPENAT)
+ if (of.err == NGX_EMLINK
+ || of.err == NGX_ELOOP)
+ {
+ return NGX_HTTP_FORBIDDEN;
+ }
+#endif
+
if (of.err == NGX_ENOENT) {
*last = c;
return ngx_http_index_error(r, clcf, dir.data, NGX_ENOENT);
Modified: trunk/src/http/modules/ngx_http_log_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_log_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_log_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -373,6 +373,8 @@
ngx_http_log_loc_conf_t *llcf;
ngx_http_core_loc_conf_t *clcf;
+ clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
if (!r->root_tested) {
/* test root directory existance */
@@ -384,8 +386,6 @@
path.data[root] = '\0';
- clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
ngx_memzero(&of, sizeof(ngx_open_file_info_t));
of.valid = clcf->open_file_cache_valid;
@@ -394,6 +394,9 @@
of.test_only = 1;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -441,6 +444,9 @@
of.valid = llcf->open_file_cache_valid;
of.min_uses = llcf->open_file_cache_min_uses;
of.directio = NGX_OPEN_FILE_DIRECTIO_OFF;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(llcf->open_file_cache, &log, &of, r->pool)
!= NGX_OK)
Modified: trunk/src/http/modules/ngx_http_mp4_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_mp4_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_mp4_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -440,6 +440,9 @@
of.min_uses = clcf->open_file_cache_min_uses;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -458,6 +461,10 @@
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
Modified: trunk/src/http/modules/ngx_http_static_module.c
===================================================================
--- trunk/src/http/modules/ngx_http_static_module.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/ngx_http_static_module.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -94,6 +94,9 @@
of.min_uses = clcf->open_file_cache_min_uses;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
@@ -112,6 +115,10 @@
break;
case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+ case NGX_EMLINK:
+ case NGX_ELOOP:
+#endif
level = NGX_LOG_ERR;
rc = NGX_HTTP_FORBIDDEN;
Modified: trunk/src/http/modules/perl/nginx.xs
===================================================================
--- trunk/src/http/modules/perl/nginx.xs 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/modules/perl/nginx.xs 2012-02-13 16:32:21 UTC (rev 4479)
@@ -662,6 +662,9 @@
of.min_uses = clcf->open_file_cache_min_uses;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
Modified: trunk/src/http/ngx_http_script.c
===================================================================
--- trunk/src/http/ngx_http_script.c 2012-02-13 16:29:04 UTC (rev 4478)
+++ trunk/src/http/ngx_http_script.c 2012-02-13 16:32:21 UTC (rev 4479)
@@ -1505,6 +1505,9 @@
of.test_only = 1;
of.errors = clcf->open_file_cache_errors;
of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+ of.disable_symlinks = clcf->disable_symlinks;
+#endif
if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
!= NGX_OK)
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel