lighttpd
/
lighttpd1.4
2
0
Fork 0
Code Issues Releases Wiki Activity

[mod_cgi] permit CGI exec of unreadable files (fixes #2374) 

CGI target might be executable (+x), but not readable (-r)

x-ref:
  "lighttpd-1.4.29 cannot execute unreadable CGIs"
  https://redmine.lighttpd.net/issues/2374
This commit is contained in:
Glenn Strauss 2016-09-11 11:44:02 -04:00
parent ae91578895
commit b9f245f263
1 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/mod_cgi.c
View File

@ -1467,6 +1467,8 @@ URIHANDLER_FUNC(cgi_is_handled) {
plugin_data *p = p_d;
buffer *fn = con->physical.path;
stat_cache_entry *sce = NULL;
struct stat stbuf;
struct stat *st;
if (con->mode != DIRECT) return HANDLER_GO_ON;
@ -1474,9 +1476,17 @@ URIHANDLER_FUNC(cgi_is_handled) {
mod_cgi_patch_connection(srv, con, p);
if (HANDLER_ERROR == stat_cache_get_entry(srv, con, con->physical.path, &sce)) return HANDLER_GO_ON;
if (!S_ISREG(sce->st.st_mode)) return HANDLER_GO_ON;
if (p->conf.execute_x_only == 1 && (sce->st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
if (HANDLER_ERROR != stat_cache_get_entry(srv, con, con->physical.path, &sce)) {
st = &sce->st;
} else {
/* CGI might be executable even if it is not readable
* (stat_cache_get_entry() currently checks file is readable)*/
if (0 != stat(con->physical.path->ptr, &stbuf)) return HANDLER_GO_ON;
st = &stbuf;
}
if (!S_ISREG(st->st_mode)) return HANDLER_GO_ON;
if (p->conf.execute_x_only == 1 && (st->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) return HANDLER_GO_ON;
if (NULL != cgi_get_handler(p->conf.cgi, fn)) {
handler_ctx *hctx = cgi_handler_ctx_init();