# HG changeset patch # User Valentin Bartenev # Date 1329837013 0 # Node ID d33ce8cd0d7069383b2eab380a1028970a21670c # Parent a786c85e826867efa1486c64997b087a7be79dea Disable symlinks: use O_SEARCH|O_DIRECTORY to open path components. diff --git a/src/core/ngx_open_file_cache.c b/src/core/ngx_open_file_cache.c --- a/src/core/ngx_open_file_cache.c +++ b/src/core/ngx_open_file_cache.c @@ -565,7 +565,6 @@ ngx_open_file_wrapper(ngx_str_t *name, n u_char *p, *cp, *end; ngx_fd_t at_fd; ngx_str_t at_name; - ngx_file_info_t fi; if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_OFF) { fd = ngx_open_file(name->data, mode, create, access); @@ -586,7 +585,7 @@ ngx_open_file_wrapper(ngx_str_t *name, n if (*p == '/') { at_fd = ngx_open_file("/", - NGX_FILE_RDONLY|NGX_FILE_NONBLOCK, + NGX_FILE_SEARCH|NGX_FILE_NONBLOCK, NGX_FILE_OPEN, 0); if (at_fd == NGX_INVALID_FILE) { @@ -617,12 +616,12 @@ ngx_open_file_wrapper(ngx_str_t *name, n if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER) { fd = ngx_openat_file_owner(at_fd, p, - NGX_FILE_RDONLY|NGX_FILE_NONBLOCK, + NGX_FILE_SEARCH|NGX_FILE_NONBLOCK, NGX_FILE_OPEN, 0, log); } else { fd = ngx_openat_file(at_fd, p, - NGX_FILE_RDONLY|NGX_FILE_NONBLOCK|NGX_FILE_NOFOLLOW, + NGX_FILE_SEARCH|NGX_FILE_NONBLOCK|NGX_FILE_NOFOLLOW, NGX_FILE_OPEN, 0); } @@ -647,35 +646,18 @@ ngx_open_file_wrapper(ngx_str_t *name, n if (p == end) { /* - * If pathname ends with a trailing slash, check if last path - * component is a directory; if not, fail with ENOTDIR as per - * POSIX. + * If pathname ends with a trailing slash, assume the last path + * component is a directory and reopen it with requested flags; + * if not, fail with ENOTDIR as per POSIX. * - * We use separate check instead of O_DIRECTORY in the loop above, - * as O_DIRECTORY doesn't work on FreeBSD 8. - * - * Note this returns already opened file descriptor, with different - * mode/create/access. This is believed to be safe as we don't - * use this codepath to create directories. + * We cannot rely on O_DIRECTORY in the loop above to check + * that the last path component is a directory because + * O_DIRECTORY doesn't work on FreeBSD 8. Fortunately, by + * reopening a directory, we don't depend on it at all. */ - if (ngx_fd_info(at_fd, &fi) == NGX_FILE_ERROR) { - of->err = ngx_errno; - of->failed = ngx_fd_info_n; - fd = NGX_INVALID_FILE; - - goto failed; - } - - if (ngx_is_dir(&fi)) { - return at_fd; - } - - of->err = ENOTDIR; - of->failed = ngx_openat_file_n; - fd = NGX_INVALID_FILE; - - goto failed; + fd = ngx_openat_file(at_fd, ".", mode, create, access); + goto done; } if (of->disable_symlinks == NGX_DISABLE_SYMLINKS_NOTOWNER @@ -687,6 +669,8 @@ ngx_open_file_wrapper(ngx_str_t *name, n fd = ngx_openat_file(at_fd, p, mode|NGX_FILE_NOFOLLOW, create, access); } +done: + if (fd == NGX_INVALID_FILE) { of->err = ngx_errno; of->failed = ngx_openat_file_n; diff --git a/src/os/unix/ngx_files.h b/src/os/unix/ngx_files.h --- a/src/os/unix/ngx_files.h +++ b/src/os/unix/ngx_files.h @@ -78,8 +78,25 @@ typedef struct { #if (NGX_HAVE_OPENAT) #define NGX_FILE_NOFOLLOW O_NOFOLLOW + +#if defined(O_DIRECTORY) +#define NGX_FILE_DIRECTORY O_DIRECTORY +#else +#define NGX_FILE_DIRECTORY 0 #endif +#if defined(O_SEARCH) +#define NGX_FILE_SEARCH O_SEARCH|NGX_FILE_DIRECTORY + +#elif defined(O_EXEC) +#define NGX_FILE_SEARCH O_EXEC|NGX_FILE_DIRECTORY + +#else +#define NGX_FILE_SEARCH O_RDONLY|NGX_FILE_DIRECTORY +#endif + +#endif /* NGX_HAVE_OPENAT */ + #define NGX_FILE_DEFAULT_ACCESS 0644 #define NGX_FILE_OWNER_ACCESS 0600