Fixed SecUploadFileMode to set the correct mode (MODSEC-129).

2026-01-13 15:07:10 +03:00 · 2010-02-05 18:26:43 +00:00
parent b8509495d9
commit 04fe141c73
7 changed files with 31 additions and 12 deletions
--- a/apache2/apache2_config.c
+++ b/apache2/apache2_config.c
@@ -543,7 +543,7 @@ void init_directory_config(directory_config *dcfg)
    if (dcfg->upload_dir == NOT_SET_P) dcfg->upload_dir = NULL;
    if (dcfg->upload_keep_files == NOT_SET) dcfg->upload_keep_files = KEEP_FILES_OFF;
    if (dcfg->upload_validates_files == NOT_SET) dcfg->upload_validates_files = 0;
-    if (dcfg->upload_filemode == NOT_SET) dcfg->upload_filemode = mode2fileperms(0600);
+    if (dcfg->upload_filemode == NOT_SET) dcfg->upload_filemode = 0600;
    if (dcfg->upload_file_limit == NOT_SET) dcfg->upload_file_limit = 100;

    /* Misc */
--- a/apache2/configure
+++ b/apache2/configure
@@ -4195,7 +4195,7 @@ test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in
 esac


-for ac_func in atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol
+for ac_func in atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol fchmod
 do :
  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
--- a/apache2/configure.in
+++ b/apache2/configure.in
@@ -40,7 +40,7 @@ AC_TYPE_UINT8_T
 # Checks for library functions.
 AC_FUNC_MALLOC
 AC_FUNC_MEMCMP
-AC_CHECK_FUNCS([atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol])
+AC_CHECK_FUNCS([atexit getcwd memmove memset strcasecmp strchr strdup strerror strncasecmp strrchr strstr strtol fchmod])

 # Some directories
 MSC_BASE_DIR=`pwd`
--- a/apache2/mod_security2_config.h.in
+++ b/apache2/mod_security2_config.h.in
@@ -3,6 +3,9 @@
 /* Define to 1 if you have the `atexit' function. */
 #undef HAVE_ATEXIT

+/* Define to 1 if you have the `fchmod' function. */
+#undef HAVE_FCHMOD
+
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H

--- a/apache2/msc_multipart.c
+++ b/apache2/msc_multipart.c
@@ -457,8 +457,10 @@ static int multipart_process_part_data(modsec_rec *msr, char **error_msg) {
                msr->mpd->nfiles++;

                if (msr->txcfg->debuglog_level >= 4) {
-                    msr_log(msr, 4, "Multipart: Created temporary file %d: %s",
+                    msr_log(msr, 4,
+                        "Multipart: Created temporary file %d (mode %04o): %s",
                        msr->mpd->nfiles,
+                        (unsigned int)msr->txcfg->upload_filemode,
                        log_escape_nq(msr->mp, msr->mpd->mpp->tmp_file_name));
                }
            }
--- a/apache2/msc_util.c
+++ b/apache2/msc_util.c
@@ -16,15 +16,16 @@
 * directly using the email address support@breach.com.
 *
 */
-#include "msc_release.h"
-#include "msc_util.h"
-
 #include <ctype.h>
 #include <fcntl.h>
 #include <stdlib.h>
 #include <sys/types.h>
 #include <sys/stat.h>

+#include "mod_security2_config.h"
+#include "msc_release.h"
+#include "msc_util.h"
+
 #include <apr_lib.h>

 /**
@@ -435,14 +436,25 @@ char *current_filetime(apr_pool_t *mp) {
 *
 */
 int msc_mkstemp_ex(char *template, int mode) {
+    int fd = -1;
+
    /* ENH Use apr_file_mktemp instead. */

-    #if !(defined(WIN32)||defined(NETWARE))
-    return mkstemp(template);
-    #else
+#if !(defined(WIN32)||defined(NETWARE))
+    fd = mkstemp(template);
+#ifdef HAVE_FCHMOD
+    if ((fd != -1) && (mode != 0)) {
+        if (fchmod(fd, mode) == -1) {
+            return -1;
+        }
+    }
+#endif /* HAVE_FCHMOD */
+#else
    if (mktemp(template) == NULL) return -1;
-    return open(template, O_WRONLY | O_APPEND | O_CREAT | O_BINARY, mode);
-    #endif
+    fd = open(template, O_WRONLY | O_APPEND | O_CREAT | O_BINARY, mode);
+#endif /* !(defined(WIN32)||defined(NETWARE)) */
+
+    return fd;
 }

 /**