From owner-freebsd-hackers@FreeBSD.ORG  Tue Jun  2 11:31:26 2009
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 26073106564A
	for <freebsd-hackers@FreeBSD.org>; Tue,  2 Jun 2009 11:31:26 +0000 (UTC)
	(envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id D926F8FC19
	for <freebsd-hackers@FreeBSD.org>; Tue,  2 Jun 2009 11:31:25 +0000 (UTC)
	(envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id 014946D420;
	Tue,  2 Jun 2009 13:31:24 +0200 (CEST)
Received: by ds4.des.no (Postfix, from userid 1001)
	id CD078844E2; Tue,  2 Jun 2009 13:31:24 +0200 (CEST)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Bruce Evans <bde@zeta.org.au>
References: <23727599.post@talk.nabble.com> <86prdvipwe.fsf@ds4.des.no>
	<20090527233110.E4243@delplex.bde.org> <86r5yaijef.fsf@ds4.des.no>
	<20090529210855.V1643@besplex.bde.org> <86vdnju9z1.fsf@ds4.des.no>
	<86r5y7u9r3.fsf@ds4.des.no> <20090530033902.Q6382@delplex.bde.org>
Date: Tue, 02 Jun 2009 13:31:24 +0200
In-Reply-To: <20090530033902.Q6382@delplex.bde.org> (Bruce Evans's message of
	"Sat, 30 May 2009 04:17:43 +1000 (EST)")
Message-ID: <86oct6rhwz.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.92 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-hackers@FreeBSD.org, Jakub Lach <jakub_lach@mailplus.pl>
Subject: Re: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file
	symlink) vulnerability
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Jun 2009 11:31:26 -0000

Bruce Evans <bde@zeta.org.au> writes:
> This comment could do with some rewording to emphasize inheritance of the
> flag and to improve the grammar of the comment.

Suggestions?  For reference, here's the entire comment:

	/*
	 * Replace multiple slashes by a single slash and trailing slashes
	 * by a null.  This must be done before VOP_LOOKUP() because some
	 * fs's don't know about trailing slashes.  Remember if there were
	 * trailing slashes to handle symlinks, existing non-directories
	 * and non-existing files that won't be directories specially later.
	 */

>> -		if (*cp =3D=3D '\0' && trailing_slash &&
>> +		if (*cp =3D=3D '\0' && (cnp->cn_flags & TRAILINGSLASH) &&
>> 		     !(cnp->cn_flags & WILLBEDIR)) {
>> 			error =3D ENOENT;
>> 			goto bad;
>
> Try replacing *cp =3D=3D '\0' by (cnp->cn_flags & ISLASTCN) and maybe com=
bine
> the flags tests.  Apparently I hacked in the *cp test because I didn't
> quite understand ISLASTCN.

Is the test necessary at all?  Cf. Eygene's comment.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no