Date: Wed, 3 Jun 2009 14:27:08 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: Dag-Erling Sm??rgrav <des@des.no> Cc: freebsd-hackers@FreeBSD.org, Jakub Lach <jakub_lach@mailplus.pl>, Bruce Evans <bde@zeta.org.au> Subject: Re: FYI Lighttpd 1.4.23 /kernel (trailing '/' on regular file symlink) vulnerability Message-ID: <ZuxGdg11i7%2BYzQKFs9VOfJU60%2B4@j4OYE6OL8eALCd4BvSxIfwgoxSc> In-Reply-To: <86my8pelji.fsf@ds4.des.no> References: <86prdvipwe.fsf@ds4.des.no> <20090527233110.E4243@delplex.bde.org> <86r5yaijef.fsf@ds4.des.no> <20090529210855.V1643@besplex.bde.org> <86vdnju9z1.fsf@ds4.des.no> <86r5y7u9r3.fsf@ds4.des.no> <qlE9VS4n%2BoBC3U4EHMxYsjC7RHI@XX1fo6zQUfC4h0jjRC6IBz3oNH4> <86skiiri1p.fsf@ds4.des.no> <dl%2BTldq1IjLtbwOv9fvp7D68xCc@10Ilc7MfiXA2JVIRVQpZfk7cTQ4> <86my8pelji.fsf@ds4.des.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Wed, Jun 03, 2009 at 11:03:45AM +0200, Dag-Erling Sm??rgrav wrote:
> Isn't it clearly described in the preceding comment? Specifically, by
> the first two sentences: "Replace multiple slashes by a single slash and
> trailing slashes by a null. This must be done before VOP_LOOKUP()
> because some fs's don't know about trailing slashes."
Yes, it is clearly described. But I started to understand this
description only after asking myself "what ndp->ni_next is doing here
and why do we want to place '\0' to this address"? I could be a bit
stupid, yeah ;)) But this code snippet can be a bit hard to read for
others as well. May be not -- can't say for sure.
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZuxGdg11i7%2BYzQKFs9VOfJU60%2B4>