Module Name: src Committed By: snj Date: Fri Oct 15 23:18:22 UTC 2010
Modified Files: src/libexec/httpd [netbsd-5-0]: bozohttpd.c Log Message: Apply patch (requested by mrg in ticket #1456): fix a serious error in vhost handling; "Host:.." would allow access to the next level directory from the virtual root directory To generate a diff of this commit: cvs rdiff -u -r1.7.8.3 -r1.7.8.3.2.1 src/libexec/httpd/bozohttpd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/libexec/httpd/bozohttpd.c diff -u src/libexec/httpd/bozohttpd.c:1.7.8.3 src/libexec/httpd/bozohttpd.c:1.7.8.3.2.1 --- src/libexec/httpd/bozohttpd.c:1.7.8.3 Thu Mar 26 17:19:45 2009 +++ src/libexec/httpd/bozohttpd.c Fri Oct 15 23:18:21 2010 @@ -1,4 +1,4 @@ -/* $NetBSD: bozohttpd.c,v 1.7.8.3 2009/03/26 17:19:45 snj Exp $ */ +/* $NetBSD: bozohttpd.c,v 1.7.8.3.2.1 2010/10/15 23:18:21 snj Exp $ */ /* $eterna: bozohttpd.c,v 1.142 2008/03/03 03:36:11 mrg Exp $ */ @@ -111,7 +111,7 @@ #define INDEX_HTML "index.html" #endif #ifndef SERVER_SOFTWARE -#define SERVER_SOFTWARE "bozohttpd/20080303" +#define SERVER_SOFTWARE "bozohttpd/20080303-nb1" #endif #ifndef DIRECT_ACCESS_FILE #define DIRECT_ACCESS_FILE ".bzdirect" @@ -1038,6 +1038,9 @@ if (strncasecmp(myname, request->hr_host, len) != 0) { s = 0; for (i = scandir(vpath, &list, 0, 0); i--; list++) { + if (strcmp((*list)->d_name, ".") == 0 || + strcmp((*list)->d_name, "..") == 0) + continue; debug((DEBUG_OBESE, "looking at dir``%s''", (*list)->d_name)); if (strncasecmp((*list)->d_name, request->hr_host,