From 8ca217a87d6b9b87fb27153577ba398b49590470 Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Fri, 6 Jun 2025 11:02:21 +0100 Subject: [PATCH] * modules/dav/fs/repos.c (dav_fs_remove_resource): Return a 404 if apr_file_remove() fails with an ENOENT error, likely due to a race with another DELETE. PR: 60746 --- changes-entries/pr60746.txt | 2 ++ modules/dav/fs/repos.c | 12 ++++++++++-- 2 files changed, 12 insertions(+), 2 deletions(-) create mode 100644 changes-entries/pr60746.txt diff --git a/changes-entries/pr60746.txt b/changes-entries/pr60746.txt new file mode 100644 index 00000000000..d8401fd73e5 --- /dev/null +++ b/changes-entries/pr60746.txt @@ -0,0 +1,2 @@ + *) mod_dav_fs: Return a 404 for DELETE if deletion fails because the + resource no longer exists. PR 60746. [Joe Orton] diff --git a/modules/dav/fs/repos.c b/modules/dav/fs/repos.c index 5ef59177588..614154502e7 100644 --- a/modules/dav/fs/repos.c +++ b/modules/dav/fs/repos.c @@ -1521,8 +1521,16 @@ static dav_error * dav_fs_remove_resource(dav_resource *resource, /* not a collection; remove the file and its properties */ if ((status = apr_file_remove(info->pathname, info->pool)) != APR_SUCCESS) { - /* ### put a description in here */ - return dav_new_error(info->pool, HTTP_FORBIDDEN, 0, status, NULL); + if (APR_STATUS_IS_ENOENT(status)) { + /* Return a 404 if there is a race with another DELETE, + * per RFC 4918ยง9.6. */ + return dav_new_error(info->pool, HTTP_NOT_FOUND, 0, status, + "Cannot remove already-removed resource."); + } + else { + return dav_new_error(info->pool, HTTP_FORBIDDEN, 0, status, + "Cannot remove resource"); + } } /* update resource state */