You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Martin Kraemer <Ma...@fujitsu-siemens.com> on 2004/02/04 19:33:29 UTC
Re: [SECURITY-PATCH] cygwin: Apache 1.3.29 and below directory traversal vulnerability
On Wed, Feb 04, 2004 at 05:48:48PM +0100, Stipe Tolj wrote:
> Hi list,
>
> attached patch fixes the bug# 26152 as described in
> http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152
>
> Main purpose was to handle backslashes in the URI to avoid misleading
> interpretation via the underlying cygwin OS layer, which allows
> backslashes as directory delimiters.
>
> Therefore src/os/cygwin/util_cygwin.c implements it's own
> ap_os_canonical_filename() routine to map backslashes to slashes and
> relly on the afterlying directory_walk() and file_walk() security
> mechanisms.
Thanks (but please send the diffs in a registered plaintext format,
e.g. text/plain, not application/x-unknown-content-type-diff_auto_file)
+API_EXPORT(char *) ap_os_canonical_filename(pool *pPool, const char *szFile)
+{
+ char *buf;
+ char buf2[MAX_STRING_LEN];
+ int rc, len;
+ char *pos;
+
+ len = strlen(szFile);
+ buf = ap_pstrndup(pPool, szFile, len);
+
+ /* Switch backslashes to forward */
+ for (pos=buf; *pos; pos++)
+ if (*pos == '\\')
+ *pos = '/';
+
+ return ap_pstrdup(pPool, buf);
IMO this additional dupping is not needed; just "return buf;"
+}
Martin
--
<Ma...@Fujitsu-Siemens.com> | Fujitsu Siemens
Fon: +49-89-636-46021, FAX: +49-89-636-47655 | 81730 Munich, Germany