Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 103527 Details for
Bug 157288
dev-lang/mono Remote Source Disclosure Vulnerability (CVE-2006-6104)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
mono-system.web_fix_r68790.patch
mono-system.web_fix_r68790.patch (text/plain), 795 bytes, created by
Sune Kloppenborg Jeppesen (RETIRED)
on 2006-12-07 02:45:53 UTC
(
hide
)
Description:
mono-system.web_fix_r68790.patch
Filename:
MIME Type:
Creator:
Sune Kloppenborg Jeppesen (RETIRED)
Created:
2006-12-07 02:45:53 UTC
Size:
795 bytes
patch
obsolete
>Index: mcs/class/System.Web/System.Web/HttpRequest.cs >=================================================================== >--- mcs/class/System.Web/System.Web/HttpRequest.cs (revision 68789) >+++ mcs/class/System.Web/System.Web/HttpRequest.cs (revision 68790) >@@ -923,8 +923,10 @@ > if (worker_request == null) > return String.Empty; // don't check security with an empty string! > >- if (physical_path == null) >- physical_path = MapPath (CurrentExecutionFilePath); >+ if (physical_path == null) { >+ // Don't call HttpRequest.MapPath here, as that one *trims* the input >+ physical_path = worker_request.GetFilePathTranslated (); >+ } > > if (SecurityManager.SecurityEnabled) { > new FileIOPermission (FileIOPermissionAccess.PathDiscovery, physical_path).Demand ();
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=103527">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 157288
: 103527 |
103528
