FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
symlink) vulnerability
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Wed Jun 3 10:27:15 UTC 2009
Wed, Jun 03, 2009 at 11:03:45AM +0200, Dag-Erling Sm??rgrav wrote:
> Isn't it clearly described in the preceding comment? Specifically, by
> the first two sentences: "Replace multiple slashes by a single slash and
> trailing slashes by a null. This must be done before VOP_LOOKUP()
> because some fs's don't know about trailing slashes."
Yes, it is clearly described. But I started to understand this
description only after asking myself "what ndp->ni_next is doing here
and why do we want to place '\0' to this address"? I could be a bit
stupid, yeah ;)) But this code snippet can be a bit hard to read for
others as well. May be not -- can't say for sure.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
More information about the freebsd-hackers
mailing list