Date: Fri, 29 May 2009 22:35:07 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Dag-Erling Sm??rgrav <des@des.no> Cc: freebsd-hackers@FreeBSD.org, Jakub Lach <jakub_lach@mailplus.pl>, Bruce Evans <bde@zeta.org.au> Subject: Re: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability Message-ID: <7Wfi244TRj6h0BU0G5CUnAA6n1Y@BpFm1zkZmHABxHH1eUOcQSRoWTc> In-Reply-To: <86vdnju9z1.fsf@ds4.des.no> References: <23727599.post@talk.nabble.com> <86prdvipwe.fsf@ds4.des.no> <20090527233110.E4243@delplex.bde.org> <86r5yaijef.fsf@ds4.des.no> <20090529210855.V1643@besplex.bde.org> <86vdnju9z1.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Fri, May 29, 2009 at 06:53:22PM +0200, Dag-Erling Sm??rgrav wrote:
> Bruce Evans <bde@zeta.org.au> writes:
> > % /*
> > % * Get a buffer for the name to be translated, and copy the
> > % * name into the buffer.
> > % @@ -533,6 +536,8 @@
> > % if (*cp == '\0') {
> > % trailing_slash = 1;
> >
> > I thought at first that this flag can go away.
>
> I intend to remove it later - I just wanted to get the bug fixed first.
> I'm happy to hear that removing it will fix the two bugs introduced by
> the patch I committed :)
What are those bugs?
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7Wfi244TRj6h0BU0G5CUnAA6n1Y>