Branch: Tag:

2018-04-09

2018-04-09 11:39:38 by Henrik Grubbström (Grubba) <grubba@grubba.org>

WebDAV: Fixed case insensitive path prefix check in check_locks().

check_locks() now returns 423 directly in some more cases.

Fixes [WS-251].

1850:    Roxen.http_dav_error(Protocols.HTTP.DAV_LOCKED, "lock-token-submitted");    foreach(locks;;DAVLock lock) {    TRACE_ENTER(sprintf("Checking lock %O against %O.", lock, path), 0); -  if (has_prefix(path, lock->path)) { +  // NB: We can't perform a string comparison here, as we don't +  // know whether the path is case-sensitive or not. But as +  // we know that all lock paths are on the path to or through +  // `path`, a comparison of the string lengths is sufficient. +  if (sizeof(lock->path) <= sizeof(path)) {    TRACE_LEAVE("Direct lock.");    TRACE_LEAVE("Locked.");    return ret;