Date: Tue, 09 Nov 2010 19:24:25 +0800 From: Andy Sy <andy.sy@...titans.com> To: popa3d-users@...ts.openwall.com Subject: Re: popa3d-vname, allowing hierarchies for "domain:directory" in vnamemap Hi Alexander, > As to "address", I recommend that rather than completely remove the > check for slash you replace it with a check preventing traversal to > upper-level directories. > > Something like: > > if (strchr(user, '/') || > !strcmp(user, "..") || > strstr(address, "..")) > return NULL; > > ...and you don't need vname_lookup_fail. > > This is completely untested, use at your own risk. Was able to drastically simplify the patch by just replacing if ( strchr(user, '/') || ... with: if ( strstr(address, "..") || ... The above seems to work fine. - Andy
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.