FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability

Eygene Ryabinkin rea-fbsd at codelabs.ru
Wed May 27 13:16:30 UTC 2009 

Wed, May 27, 2009 at 02:39:07PM +0200, Dag-Erling Sm??rgrav wrote:
> I was working on head.  The code is (mostly) the same, just shifted
> somewhere between ~50 and ~90 lines depending on where you look.  Your
> patch should apply cleanly.
> 
> BTW, you made a lot of whitespace changes in namei.h.  This is generally
> frowned upon, as it makes the functional change almost impossible to
> spot in the diff.

Yes, spit the patch into two pieces.  Thanks for the reminder!

> > And yes, I know what was meant by '(cnp->cn_flags & ISSYMLINK) == 0'
> > ;))
> 
> I know you know :)  I was just pointing out that the comment is
> misleading.

Changed it too.  All three pieces are attached.

Regarding the 'ln -s /etc/motd file; ln -s file/ anotherone': do you
(or anyone reading this) think that 'cat anotherone' should really
show the contents of /etc/motd or patch's behaviour is good?
-- 
Eygene
 _                ___       _.--.   #
 \`.|\..----...-'`   `-._.-'_.-'`   #  Remember that it is hard
 /  ' `         ,       __.--'      #  to read the on-line manual
 )/' _/     \   `-_,   /            #  while single-stepping the kernel.
 `-'" `"\_  ,_.-;_.-\_ ',  fsc/as   #
     _.-'_./   {_.'   ; /           #    -- FreeBSD Developers handbook
    {_.-``-'         {_/            #
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_lookup-trailing-symlink-with-slash.diff
Type: text/x-diff
Size: 3069 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20090527/dd0e9849/vfs_lookup-trailing-symlink-with-slash.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_lookup-trailing-symlink-with-slash-fix-whitespace.diff
Type: text/x-diff
Size: 3364 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20090527/dd0e9849/vfs_lookup-trailing-symlink-with-slash-fix-whitespace.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vfs_lookup-trailing-symlink-with-slash-fix-comment.diff
Type: text/x-diff
Size: 856 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20090527/dd0e9849/vfs_lookup-trailing-symlink-with-slash-fix-comment.bin

More information about the freebsd-hackers mailing list