Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: symlinks
На Wed, 28 Nov 2007 14:57:07 +0300
См. аттач.
NomadRain <NomadRain@xxxxxxxxxx> пишет:
> Доброе время суток!
>
> Сделал небольшой патчик, для резолва симлинков.
Index: src/http/modules/ngx_http_static_module.c
===================================================================
--- src/http/modules/ngx_http_static_module.c (.../nginx-0.5.32)
(revision 16)
+++ src/http/modules/ngx_http_static_module.c (.../nginx-realpath)
(revision 28)
@@ -11,6 +11,7 @@
typedef struct {
ngx_http_cache_hash_t *redirect_cache;
+ ngx_flag_t resolv_symlinks; /* resolv_symlinks */
} ngx_http_static_loc_conf_t;
@@ -34,6 +35,13 @@
#endif
+ { ngx_string("resolv_symlinks"),
+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+ ngx_conf_set_flag_slot,
+ NGX_HTTP_LOC_CONF_OFFSET,
+ offsetof(ngx_http_static_loc_conf_t, resolv_symlinks),
+ NULL },
+
ngx_null_command
};
@@ -86,6 +94,7 @@
ngx_pool_cleanup_t *cln;
ngx_pool_cleanup_file_t *clnf;
ngx_http_core_loc_conf_t *clcf;
+ ngx_http_static_loc_conf_t *slcf;
if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) {
return NGX_HTTP_NOT_ALLOWED;
@@ -118,6 +127,61 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
+ slcf = ngx_http_get_module_loc_conf(r, ngx_http_static_module);
+
+ if(slcf->resolv_symlinks != 0) {
+ /*Allocate memory for resolved pathname*/
+
+ u_char *resolved_path = ngx_palloc(r->pool, PATH_MAX + 1);
+
+ if (!resolved_path) {
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ "Cannot allocate %d bytes of memory", PATH_MAX + 1);
+ return NGX_HTTP_INTERNAL_SERVER_ERROR;
+ }
+
+ /*Resolve the path*/
+
+ if (!realpath(path.data, resolved_path)) {
+
+ ngx_log_error(NGX_LOG_ALERT, log, ngx_errno,
+ "An error ocurred in resolving pathname: %s",
resolved_path);
+
+ ngx_pfree(r->pool, resolved_path);
+
+ switch(errno) {
+ case EPERM:
+ case EACCES:
+ rc = NGX_HTTP_FORBIDDEN;
+ break;
+ case ENOENT:
+ case ENOTDIR:
+ rc = NGX_HTTP_NOT_FOUND;
+ break;
+ default:
+ rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+ } /*switch(errno)*/
+
+ return rc;
+
+ }
+
+ /*Compare root bytes of path.data[] with resolved_path[]*/
+
+ if(ngx_strncmp(path.data, resolved_path, root) != 0) {
+ /*If not equal - _free memory_ and return FORBIDDEN*/
+ ngx_pfree(r->pool, resolved_path);
+ return NGX_HTTP_FORBIDDEN;
+ } else {
+ /*If equal - _free path.data memory_ and assign resolved_path value
+ to a path.data, and length of resolved_path to a path.len*/
+
+ ngx_pfree(r->pool, path.data);
+ path.data = resolved_path;
+
+ }
+ } /*if(clcf->resolv_symlinks != 0)*/
+
ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
"http filename: \"%s\"", path.data);
@@ -298,6 +362,7 @@
}
conf->redirect_cache = NULL;
+ conf->resolv_symlinks = NGX_CONF_UNSET;
return conf;
}
@@ -312,6 +377,7 @@
if (conf->redirect_cache == NULL) {
conf->redirect_cache = prev->redirect_cache;
}
+ ngx_conf_merge_value(conf->resolv_symlinks, prev->resolv_symlinks, 0);
return NGX_CONF_OK;
}
|
