[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FDclone-users:00789] Re: Directory Traversal in FDclone
- Subject: [FDclone-users:00789] Re: Directory Traversal in FDclone
- From: Takashi SHIRAI <shirai@unixusers.net>
- Date: Tue, 17 Jun 2008 21:38:48 +0900
しらいです。
In Message-Id <20080616155707.C965A4806BE@yuka.unixusers.net>
Takashi SHIRAI <shirai@unixusers.net>writes:
> しらいです。
> 対処としては、URL drive に access した場合は「/」を含むよ
> うな filename は無視するようにしようと考えていて、一応そうい
> う code は書いてみました。
その書いてみた code を FD-3.00 に対する patch の形で添付し
ておきます。もし検証環境を見つけたら誰か試してみて下さい。
---- Cut Here ----
diff -u ../old/FD-3.00/ftp.c ./ftp.c
--- ../old/FD-3.00/ftp.c Sat May 31 00:00:00 2008
+++ ./ftp.c Tue Jun 17 00:43:03 2008
@@ -110,7 +110,7 @@
NULL
};
static CONST lsparse_t ftpformat = {
- NULL, NULL, form_ftp, ign_ftp, NULL, 0, 0, 0
+ NULL, NULL, form_ftp, ign_ftp, NULL, 0, 0, LF_NOTRAVERSE
};
static CONST ftpcmd_t ftpcmdlist[] = {
{FTP_QUIT, {"QUIT", NULL}, 0, 0},
diff -u ../old/FD-3.00/http.c ./http.c
--- ../old/FD-3.00/http.c Sat May 31 00:00:00 2008
+++ ./http.c Tue Jun 17 00:26:22 2008
@@ -103,7 +103,7 @@
NULL
};
static CONST lsparse_t httpformat = {
- NULL, NULL, form_http, NULL, NULL, 0, 0, 0
+ NULL, NULL, form_http, NULL, NULL, 0, 0, LF_NOTRAVERSE
};
static CONST httpcmd_t cmdlist[] = {
{HTTP_OPTIONS, "OPTIONS"},
diff -u ../old/FD-3.00/lsparse.c ./lsparse.c
--- ../old/FD-3.00/lsparse.c Sat May 31 00:00:00 2008
+++ ./lsparse.c Tue Jun 17 00:41:10 2008
@@ -63,7 +63,7 @@
static char *NEAR readlinkname __P_((CONST char *, int));
# endif
static int NEAR readfileent __P_((namelist *,
- CONST char *, CONST char *, int));
+ CONST char *, CONST char *, int, int));
#endif /* !OLDPARSE */
static int NEAR dircmp __P_((CONST char *, CONST char *));
static char *NEAR pseudodir __P_((namelist *, namelist *, int));
@@ -650,10 +650,10 @@
}
# endif /* !NOSYMLINK */
-static int NEAR readfileent(tmp, line, form, skip)
+static int NEAR readfileent(tmp, line, form, skip, flags)
namelist *tmp;
CONST char *line, *form;
-int skip;
+int skip, flags;
{
# ifndef NOUID
uidtable *up;
@@ -980,6 +980,11 @@
if (n <= 0) break;
free2(tmp -> name);
tmp -> name = readfname(rawbuf, n);
+ if (!(flags & LF_NOTRAVERSE)) /*EMPTY*/;
+ else if (strdelim(tmp -> name, 0)) {
+ hit = -1;
+ break;
+ }
hit++;
err = 0;
# ifndef NOSYMLINK
@@ -1391,7 +1396,7 @@
break;
/*NOTREACHED*/
#else /* !OLDPARSE */
- score = readfileent(&tmp, cp, form, skip);
+ score = readfileent(&tmp, cp, form, skip, list -> flags);
free2(cp);
if (score < 0) {
diff -u ../old/FD-3.00/lsparse.h ./lsparse.h
--- ../old/FD-3.00/lsparse.h Sat May 31 00:00:00 2008
+++ ./lsparse.h Tue Jun 17 00:25:38 2008
@@ -50,6 +50,7 @@
#define LF_DIRNOPREP 0004
#define LF_FILELOOP 0010
#define LF_FILENOPREP 0020
+#define LF_NOTRAVERSE 0040
#define SKP_NONE MAXUTYPE(u_char)
#define FLD_NONE MAXUTYPE(u_char)
#define SEP_NONE MAXUTYPE(u_char)
---- Cut Here ----
しらい たかし