Overview

File 1138-inets-httpd-HEAD-should-reject-directory-link.patch of Package erlang

From 769d2b0f390c4a1c25b8eae47ad9d03ba07cb8d6 Mon Sep 17 00:00:00 2001
From: Ingela Anderton Andin <ingela@erlang.org>
Date: Sun, 21 Feb 2021 12:20:23 +0100
Subject: [PATCH] inets,httpd: HEAD should reject directory link

---
 lib/inets/src/http_server/mod_head.erl |  4 ++++
 lib/inets/test/httpd_SUITE.erl         | 19 +++++++++++++++----
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/lib/inets/src/http_server/mod_head.erl b/lib/inets/src/http_server/mod_head.erl
index 25c11360eb..e90b089f94 100644
--- a/lib/inets/src/http_server/mod_head.erl
+++ b/lib/inets/src/http_server/mod_head.erl
@@ -64,6 +64,10 @@ do_head(Info) ->
     Suffix = httpd_util:suffix(Path),
     %% Does the file exists?
     case file:read_file_info(Path) of
+	{ok, #file_info{type = directory}} ->
+            Status = httpd_file:handle_error(eacces, "access", Info, Path),
+            {proceed,
+             [{status, Status} | Info#mod.data]};
 	{ok, FileInfo} ->
 	    MimeType = 
 		httpd_util:lookup_mime_default(Info#mod.config_db,
diff --git a/lib/inets/test/httpd_SUITE.erl b/lib/inets/test/httpd_SUITE.erl
index e4efeb1b81..7fd357c84c 100644
--- a/lib/inets/test/httpd_SUITE.erl
+++ b/lib/inets/test/httpd_SUITE.erl
@@ -431,7 +431,17 @@ head(Config) when is_list(Config) ->
     ok = httpd_test_lib:verify_request(proplists:get_value(type, Config), Host, 
 				       proplists:get_value(port, Config),  proplists:get_value(node, Config),
 				       http_request("HEAD /index.html ", Version, Host),
-				       [{statuscode, head_status(Version)},
+				       [{statuscode, head_status(Version, 200)},
+					{version, Version}]),
+    
+    ok = httpd_test_lib:verify_request(proplists:get_value(type, Config), Host, 
+				       proplists:get_value(port, Config),  
+				       proplists:get_value(node, Config),
+				       http_request("HEAD /open/ ", Version, Host),
+				       [{statuscode, head_status(Version, 403)},
+					{header, "Content-Type", "text/html"},
+					{header, "Date"},
+					{header, "Server"},
 					{version, Version}]).
 
 get() ->
@@ -2081,10 +2091,11 @@ http_request_missing_CR(Request, "HTTP/1.1" = Version, Host) ->
 http_request_missing_CR(Request, Version, _) ->
     Request ++ Version ++ "\r\n\n".
 
-head_status("HTTP/0.9") ->
+head_status("HTTP/0.9", _) ->
     501; %% Not implemented in HTTP/0.9
-head_status(_) ->
-    200.
+head_status(_, Expected) ->
+    Expected.
+
 
 basic_conf() ->
     [{modules, [mod_alias, mod_range, mod_responsecontrol,
-- 
2.26.2
openSUSE Build Service is sponsored by
Places