Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 124969 Details for
Bug 185442
www-servers/lighttpd < 1.4.16 Multiple issues (CVE-2007-39{46,47,48,49,50}, CVE-2007-2841)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
08_all_lighttpd-1.4.15-mod_access_bypass.diff
08_all_lighttpd-1.4.15-mod_acces_bypass.diff (text/plain), 3.69 KB, created by
Thilo Bangert (RETIRED) (RETIRED)
on 2007-07-15 22:02:54 UTC
(
hide
)
Description:
08_all_lighttpd-1.4.15-mod_access_bypass.diff
Filename:
MIME Type:
Creator:
Thilo Bangert (RETIRED) (RETIRED)
Created:
2007-07-15 22:02:54 UTC
Size:
3.69 KB
patch
obsolete
>Index: src/mod_access.c >=================================================================== >--- src/mod_access.c (revision 1870) >+++ src/mod_access.c (revision 1871) >@@ -111,6 +111,15 @@ > } > #undef PATCH > >+/** >+ * URI handler >+ * >+ * we will get called twice: >+ * - after the clean up of the URL and >+ * - after the pathinfo checks are done >+ * >+ * this handles the issue of trailing slashes >+ */ > URIHANDLER_FUNC(mod_access_uri_handler) { > plugin_data *p = p_d; > int s_len; >@@ -122,28 +131,41 @@ > > s_len = con->uri.path->used - 1; > >+ if (con->conf.log_request_handling) { >+ log_error_write(srv, __FILE__, __LINE__, "s", >+ "-- mod_access_uri_handler called"); >+ } >+ > for (k = 0; k < p->conf.access_deny->used; k++) { > data_string *ds = (data_string *)p->conf.access_deny->data[k]; > int ct_len = ds->value->used - 1; >+ int denied = 0; > >+ > if (ct_len > s_len) continue; >- > if (ds->value->used == 0) continue; > > /* if we have a case-insensitive FS we have to lower-case the URI here too */ > > if (con->conf.force_lowercase_filenames) { > if (0 == strncasecmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { >- con->http_status = 403; >- >- return HANDLER_FINISHED; >+ denied = 1; > } > } else { > if (0 == strncmp(con->uri.path->ptr + s_len - ct_len, ds->value->ptr, ct_len)) { >- con->http_status = 403; >+ denied = 1; >+ } >+ } > >- return HANDLER_FINISHED; >+ if (denied) { >+ con->http_status = 403; >+ >+ if (con->conf.log_request_handling) { >+ log_error_write(srv, __FILE__, __LINE__, "sb", >+ "url denied as we match:", ds->value); > } >+ >+ return HANDLER_FINISHED; > } > } > >@@ -158,7 +180,8 @@ > > p->init = mod_access_init; > p->set_defaults = mod_access_set_defaults; >- p->handle_uri_clean = mod_access_uri_handler; >+ p->handle_uri_clean = mod_access_uri_handler; >+ p->handle_subrequest_start = mod_access_uri_handler; > p->cleanup = mod_access_free; > > p->data = NULL; >Index: tests/mod-access.t >=================================================================== >--- tests/mod-access.t (revision 1870) >+++ tests/mod-access.t (revision 1871) >@@ -8,7 +8,7 @@ > > use strict; > use IO::Socket; >-use Test::More tests => 3; >+use Test::More tests => 4; > use LightyTest; > > my $tf = LightyTest->new(); >@@ -23,5 +23,12 @@ > $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; > ok($tf->handle_http($t) == 0, 'forbid access to ...~'); > >+$t->{REQUEST} = ( <<EOF >+GET /index.html~/ HTTP/1.0 >+EOF >+ ); >+$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.0', 'HTTP-Status' => 403 } ]; >+ok($tf->handle_http($t) == 0, '#1230 - forbid access to ...~ - trailing slash'); >+ > ok($tf->stop_proc == 0, "Stopping lighttpd"); > >Index: tests/prepare.sh >=================================================================== >--- tests/prepare.sh (revision 1870) >+++ tests/prepare.sh (revision 1871) >@@ -25,6 +25,7 @@ > # copy everything into the right places > cp $srcdir/docroot/www/*.html \ > $srcdir/docroot/www/*.php \ >+ $srcdir/docroot/www/*.html~ \ > $srcdir/docroot/www/*.pl \ > $srcdir/docroot/www/*.fcgi \ > $srcdir/docroot/www/*.shtml \ >Index: tests/docroot/www/index.html~ >=================================================================== >Index: tests/docroot/www/Makefile.am >=================================================================== >--- tests/docroot/www/Makefile.am (revision 1870) >+++ tests/docroot/www/Makefile.am (revision 1871) >@@ -1,5 +1,5 @@ > EXTRA_DIST=cgi.php cgi.pl dummydir index.html index.txt phpinfo.php \ > redirect.php cgi-pathinfo.pl get-env.php get-server-env.php \ > nph-status.pl prefix.fcgi get-header.pl ssi.shtml get-post-len.pl \ >- exec-date.shtml >+ exec-date.shtml index.html~ > SUBDIRS=go indexfile expire
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=124969">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 185442
:
124941
|
124943
|
124944
|
124966
|
124968
| 124969 |
124971
