CVSROOT: /cvs Module name: src Changes by: flor...@cvs.openbsd.org 2024/04/16 11:15:51
Modified files:
usr.sbin/httpd : server_file.c
Log message:
Prevent toctu issues in static file serving and auto index generation.
This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.
testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt
