FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Fri May 29 18:35:17 UTC 2009
Fri, May 29, 2009 at 06:53:22PM +0200, Dag-Erling Sm??rgrav wrote:
> Bruce Evans <bde at zeta.org.au> writes:
> > % /*
> > % * Get a buffer for the name to be translated, and copy the
> > % * name into the buffer.
> > % @@ -533,6 +536,8 @@
> > % if (*cp == '\0') {
> > % trailing_slash = 1;
> >
> > I thought at first that this flag can go away.
>
> I intend to remove it later - I just wanted to get the bug fixed first.
> I'm happy to hear that removing it will fix the two bugs introduced by
> the patch I committed :)
What are those bugs?
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
More information about the freebsd-hackers
mailing list