FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Dag-Erling Smørgrav
des at des.no
Tue Jun 2 11:31:26 UTC 2009
Bruce Evans <bde at zeta.org.au> writes:
> This comment could do with some rewording to emphasize inheritance of the
> flag and to improve the grammar of the comment.
Suggestions? For reference, here's the entire comment:
/*
* Replace multiple slashes by a single slash and trailing slashes
* by a null. This must be done before VOP_LOOKUP() because some
* fs's don't know about trailing slashes. Remember if there were
* trailing slashes to handle symlinks, existing non-directories
* and non-existing files that won't be directories specially later.
*/
>> - if (*cp == '\0' && trailing_slash &&
>> + if (*cp == '\0' && (cnp->cn_flags & TRAILINGSLASH) &&
>> !(cnp->cn_flags & WILLBEDIR)) {
>> error = ENOENT;
>> goto bad;
>
> Try replacing *cp == '\0' by (cnp->cn_flags & ISLASTCN) and maybe combine
> the flags tests. Apparently I hacked in the *cp test because I didn't
> quite understand ISLASTCN.
Is the test necessary at all? Cf. Eygene's comment.
DES
--
Dag-Erling Smørgrav - des at des.no
More information about the freebsd-hackers
mailing list