Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 09 Nov 2010 19:24:25 +0800
From: Andy Sy <andy.sy@...titans.com>
To: popa3d-users@...ts.openwall.com
Subject: Re: popa3d-vname, allowing hierarchies for "domain:directory"
 in vnamemap

Hi Alexander,

> As to "address", I recommend that rather than completely remove the
> check for slash you replace it with a check preventing traversal to
> upper-level directories.
> 
> Something like:
> 
> 	if (strchr(user, '/') ||
> 	    !strcmp(user, "..") ||
> 	    strstr(address, ".."))
> 		return NULL;
> 
> ...and you don't need vname_lookup_fail.
> 
> This is completely untested, use at your own risk.

Was able to drastically simplify the patch by just replacing

   if ( strchr(user, '/') || ...

with:

   if ( strstr(address, "..") || ...

The above seems to work fine.

- Andy

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ