dgaudet 98/02/13 19:39:20
Modified: src CHANGES mod_userdir.c Log: Deal with /~.. and lame UserDir /abspath. PR: 1701 Submitted by: Lauri Jesmin <[EMAIL PROTECTED]> Reviewed by: Dean Gaudet, Marc Slemko Revision Changes Path 1.294 +5 -0 apache-1.2/src/CHANGES Index: CHANGES =================================================================== RCS file: /export/home/cvs/apache-1.2/src/CHANGES,v retrieving revision 1.293 retrieving revision 1.294 diff -u -r1.293 -r1.294 --- CHANGES 1998/02/14 02:51:36 1.293 +++ CHANGES 1998/02/14 03:39:18 1.294 @@ -1,5 +1,10 @@ Changes with Apache 1.2.6 + *) SECURITY: "UserDir /abspath" without a * in the path would allow + remote users to access "/~.." and bypass access restrictions + (but note /~../.. was handled properly). + [Lauri Jesmin <[EMAIL PROTECTED]>] PR#1701 + *) mod_rewrite's RewriteLog should behave like mod_log_config, it shouldn't force hostname lookups. [Dean Gaudet] PR#1684 1.16 +2 -1 apache-1.2/src/mod_userdir.c Index: mod_userdir.c =================================================================== RCS file: /export/home/cvs/apache-1.2/src/mod_userdir.c,v retrieving revision 1.15 retrieving revision 1.16 diff -u -r1.15 -r1.16 --- mod_userdir.c 1998/01/30 09:14:10 1.15 +++ mod_userdir.c 1998/02/14 03:39:18 1.16 @@ -128,7 +128,8 @@ dname = name + 2; w = getword(r->pool, &dname, '/'); - if (!strcmp(w, "")) + /* disallow the empty username, . and .. */ + if (w[0] == '\0' || (w[1] == '.' && (w[2] == '\0' || (w[2] == '.' && w[3] == '\0')))) return DECLINED; /* The 'dname' funny business involves backing it up to capture