]> git.kaiwu.me - nginx.git/commitdiff
projects / nginx.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bd1e719)
Support for disable_symlinks in various modules.
authorAndrey Belov <defan@nginx.com>
Mon, 13 Feb 2012 16:32:21 +0000 (16:32 +0000)
committerAndrey Belov <defan@nginx.com>
Mon, 13 Feb 2012 16:32:21 +0000 (16:32 +0000)
src/http/modules/ngx_http_flv_module.c patch | blob | history
src/http/modules/ngx_http_gzip_static_module.c patch | blob | history
src/http/modules/ngx_http_index_module.c patch | blob | history
src/http/modules/ngx_http_log_module.c patch | blob | history
src/http/modules/ngx_http_mp4_module.c patch | blob | history
src/http/modules/ngx_http_static_module.c patch | blob | history
src/http/modules/perl/nginx.xs patch | blob | history
src/http/ngx_http_script.c patch | blob | history

diff --git a/src/http/modules/ngx_http_flv_module.c b/src/http/modules/ngx_http_flv_module.c
index f6870235b34272a9e1fae2d9810323f2f5763040..292e370132490f534aeae1a1180b27e75fe1a3dc 100644 (file)
--- a/src/http/modules/ngx_http_flv_module.c
+++ b/src/http/modules/ngx_http_flv_module.c
@@ -109,6 +109,9 @@ ngx_http_flv_handler(ngx_http_request_t *r)
     of.min_uses = clcf->open_file_cache_min_uses;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
@@ -127,6 +130,10 @@ ngx_http_flv_handler(ngx_http_request_t *r)
             break;
 
         case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+        case NGX_EMLINK:
+        case NGX_ELOOP:
+#endif
 
             level = NGX_LOG_ERR;
             rc = NGX_HTTP_FORBIDDEN;
diff --git a/src/http/modules/ngx_http_gzip_static_module.c b/src/http/modules/ngx_http_gzip_static_module.c
index 18c28d8f581604640fb2154d67c1fbbc24d0fe4b..2fad280e992e6081436f890a29e43bcb86210080 100644 (file)
--- a/src/http/modules/ngx_http_gzip_static_module.c
+++ b/src/http/modules/ngx_http_gzip_static_module.c
@@ -129,6 +129,9 @@ ngx_http_gzip_static_handler(ngx_http_request_t *r)
     of.min_uses = clcf->open_file_cache_min_uses;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
@@ -145,6 +148,10 @@ ngx_http_gzip_static_handler(ngx_http_request_t *r)
             return NGX_DECLINED;
 
         case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+        case NGX_EMLINK:
+        case NGX_ELOOP:
+#endif
 
             level = NGX_LOG_ERR;
             break;
diff --git a/src/http/modules/ngx_http_index_module.c b/src/http/modules/ngx_http_index_module.c
index 0835a7cf8e90ed61c49d7bc724b6fc2fb57a9099..7d99c18e50ec54e0c527a835128f6d91c03c476e 100644 (file)
--- a/src/http/modules/ngx_http_index_module.c
+++ b/src/http/modules/ngx_http_index_module.c
@@ -209,6 +209,9 @@ ngx_http_index_handler(ngx_http_request_t *r)
         of.test_only = 1;
         of.errors = clcf->open_file_cache_errors;
         of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+        of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
         if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
             != NGX_OK)
@@ -220,6 +223,14 @@ ngx_http_index_handler(ngx_http_request_t *r)
                 return NGX_HTTP_INTERNAL_SERVER_ERROR;
             }
 
+#if (NGX_HAVE_OPENAT)
+            if (of.err == NGX_EMLINK
+                || of.err == NGX_ELOOP)
+            {
+                return NGX_HTTP_FORBIDDEN;
+            }
+#endif
+
             if (of.err == NGX_ENOTDIR
                 || of.err == NGX_ENAMETOOLONG
                 || of.err == NGX_EACCES)
@@ -296,12 +307,23 @@ ngx_http_index_test_dir(ngx_http_request_t *r, ngx_http_core_loc_conf_t *clcf,
     of.test_only = 1;
     of.valid = clcf->open_file_cache_valid;
     of.errors = clcf->open_file_cache_errors;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &dir, &of, r->pool)
         != NGX_OK)
     {
         if (of.err) {
 
+#if (NGX_HAVE_OPENAT)
+            if (of.err == NGX_EMLINK
+                || of.err == NGX_ELOOP)
+            {
+                return NGX_HTTP_FORBIDDEN;
+            }
+#endif
+
             if (of.err == NGX_ENOENT) {
                 *last = c;
                 return ngx_http_index_error(r, clcf, dir.data, NGX_ENOENT);
diff --git a/src/http/modules/ngx_http_log_module.c b/src/http/modules/ngx_http_log_module.c
index bfbbe93bda47d1b49a8a133a43e5532dce57ede6..da3b33c96c66b2749cfeaf3723aa89dfa9d40442 100644 (file)
--- a/src/http/modules/ngx_http_log_module.c
+++ b/src/http/modules/ngx_http_log_module.c
@@ -373,6 +373,8 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
     ngx_http_log_loc_conf_t   *llcf;
     ngx_http_core_loc_conf_t  *clcf;
 
+    clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
+
     if (!r->root_tested) {
 
         /* test root directory existance */
@@ -384,8 +386,6 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
 
         path.data[root] = '\0';
 
-        clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);
-
         ngx_memzero(&of, sizeof(ngx_open_file_info_t));
 
         of.valid = clcf->open_file_cache_valid;
@@ -394,6 +394,9 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
         of.test_only = 1;
         of.errors = clcf->open_file_cache_errors;
         of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+        of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
         if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
             != NGX_OK)
@@ -441,6 +444,9 @@ ngx_http_log_script_write(ngx_http_request_t *r, ngx_http_log_script_t *script,
     of.valid = llcf->open_file_cache_valid;
     of.min_uses = llcf->open_file_cache_min_uses;
     of.directio = NGX_OPEN_FILE_DIRECTIO_OFF;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(llcf->open_file_cache, &log, &of, r->pool)
         != NGX_OK)
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
index 816cc4c83ff32d4c604caadab2de57e0266f11ce..f63b2bc567e8d4faf43f2f3486aee79d15f5c052 100644 (file)
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -440,6 +440,9 @@ ngx_http_mp4_handler(ngx_http_request_t *r)
     of.min_uses = clcf->open_file_cache_min_uses;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
@@ -458,6 +461,10 @@ ngx_http_mp4_handler(ngx_http_request_t *r)
             break;
 
         case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+        case NGX_EMLINK:
+        case NGX_ELOOP:
+#endif
 
             level = NGX_LOG_ERR;
             rc = NGX_HTTP_FORBIDDEN;
diff --git a/src/http/modules/ngx_http_static_module.c b/src/http/modules/ngx_http_static_module.c
index a0e302ad1d554548d03cacad8a4abe50c2493b3d..f4904fc0008f8fd47c4c6357fa72f8a3daaff14e 100644 (file)
--- a/src/http/modules/ngx_http_static_module.c
+++ b/src/http/modules/ngx_http_static_module.c
@@ -94,6 +94,9 @@ ngx_http_static_handler(ngx_http_request_t *r)
     of.min_uses = clcf->open_file_cache_min_uses;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
@@ -112,6 +115,10 @@ ngx_http_static_handler(ngx_http_request_t *r)
             break;
 
         case NGX_EACCES:
+#if (NGX_HAVE_OPENAT)
+        case NGX_EMLINK:
+        case NGX_ELOOP:
+#endif
 
             level = NGX_LOG_ERR;
             rc = NGX_HTTP_FORBIDDEN;
diff --git a/src/http/modules/perl/nginx.xs b/src/http/modules/perl/nginx.xs
index dc69d509ae3f314004d822b9e248db73d1a1ab6f..8def03eb10c73ccbadbf5d1477f78292e3a129f4 100644 (file)
--- a/src/http/modules/perl/nginx.xs
+++ b/src/http/modules/perl/nginx.xs
@@ -662,6 +662,9 @@ sendfile(r, filename, offset = -1, bytes = 0)
     of.min_uses = clcf->open_file_cache_min_uses;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
diff --git a/src/http/ngx_http_script.c b/src/http/ngx_http_script.c
index 77ac9a629f5b593c4fda0c93dffbff3c603898c1..a8f193a32b871b79332c9539df62883f4fc4c4ef 100644 (file)
--- a/src/http/ngx_http_script.c
+++ b/src/http/ngx_http_script.c
@@ -1505,6 +1505,9 @@ ngx_http_script_file_code(ngx_http_script_engine_t *e)
     of.test_only = 1;
     of.errors = clcf->open_file_cache_errors;
     of.events = clcf->open_file_cache_events;
+#if (NGX_HAVE_OPENAT)
+    of.disable_symlinks = clcf->disable_symlinks;
+#endif
 
     if (ngx_open_cached_file(clcf->open_file_cache, &path, &of, r->pool)
         != NGX_OK)
nginx upstream