FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability

Dag-Erling Smørgrav des at
Wed Jun 3 09:03:47 UTC 2009

Eygene Ryabinkin <rea-fbsd at> writes:
> "Dag-Erling Smørgrav" <des at> writes:
> > Eygene Ryabinkin <rea-fbsd at> writes:
> > > Perhaps 'XXX for direnter()' should be changed to something like
> > > 'strip trailing slashes in cnp->cn_nameptr'.
> > I'll just remove it, since the previous comment clearly explains
> > what is going on.
> May be it's better to leave the comment, but replace it with more
> undestandable one: this instruction is a bit tricky and it makes one to
> think what the hell is going on.

Isn't it clearly described in the preceding comment?  Specifically, by
the first two sentences: "Replace multiple slashes by a single slash and
trailing slashes by a null.  This must be done before VOP_LOOKUP()
because some fs's don't know about trailing slashes."

Dag-Erling Smørgrav - des at

More information about the freebsd-hackers mailing list