Date: Fri, 29 May 2009 22:35:07 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Dag-Erling Sm??rgrav <des@des.no> Cc: freebsd-hackers@FreeBSD.org, Jakub Lach <jakub_lach@mailplus.pl>, Bruce Evans <bde@zeta.org.au> Subject: Re: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability Message-ID: <7Wfi244TRj6h0BU0G5CUnAA6n1Y@BpFm1zkZmHABxHH1eUOcQSRoWTc> In-Reply-To: <86vdnju9z1.fsf@ds4.des.no> References: <23727599.post@talk.nabble.com> <86prdvipwe.fsf@ds4.des.no> <20090527233110.E4243@delplex.bde.org> <86r5yaijef.fsf@ds4.des.no> <20090529210855.V1643@besplex.bde.org> <86vdnju9z1.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Fri, May 29, 2009 at 06:53:22PM +0200, Dag-Erling Sm??rgrav wrote: > Bruce Evans <bde@zeta.org.au> writes: > > % /* > > % * Get a buffer for the name to be translated, and copy the > > % * name into the buffer. > > % @@ -533,6 +536,8 @@ > > % if (*cp == '\0') { > > % trailing_slash = 1; > > > > I thought at first that this flag can go away. > > I intend to remove it later - I just wanted to get the bug fixed first. > I'm happy to hear that removing it will fix the two bugs introduced by > the patch I committed :) What are those bugs? -- Eygene _ ___ _.--. # \`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard / ' ` , __.--' # to read the on-line manual )/' _/ \ `-_, / # while single-stepping the kernel. `-'" `"\_ ,_.-;_.-\_ ', fsc/as # _.-'_./ {_.' ; / # -- FreeBSD Developers handbook {_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7Wfi244TRj6h0BU0G5CUnAA6n1Y>