oss-sec mailing list archives
Re: radvd 1.8.2 released with security fixes
From: Reuben Hawkins <reubenhwk () gmail com>
Date: Tue, 11 Oct 2011 23:26:55 -0700
On Sat, Oct 8, 2011 at 9:55 AM, Vasiliy Kulikov <segoon () openwall com> wrote:
On Fri, Oct 07, 2011 at 15:41 +0100, John Haxby wrote:On 07/10/11 14:03, Robert Święcki wrote:On Fri, Oct 7, 2011 at 12:35 PM, Huzaifa Sidhpurwala <huzaifas () redhat com> wrote:Shouldnt this be: /* No path traversal */ if (strstr(iface, "..") || strchr(iface, '/')) return -1;FWIW, this will reject too much; /path/to/sth..jpgIndeed, since I don't believe that iface can reasonably include a "/" its sufficient to check for that. If not then you need to check for "../" at the beginning of iface and "/.." anywhere else in it. But simply forbidding "/" should be fine.Crap, thank you for noticing it, guys. The fix should be: https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f Now, "", "..", "." and filenames with "/" inside are denied. Thanks, -- Vasiliy Kulikov http://www.openwall.com - bringing security into open computing environments
Are y'all waiting on me to release 1.8.3 with the latest fix?
Current thread:
- radvd 1.8.2 released with security fixes Solar Designer (Oct 06)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes John Haxby (Oct 07)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 08)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 11)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 12)
- Ruby 3.0.10 WEBrick::HTTPRequest X-Forwarded-* Kurt Seifried (Oct 12)
- Re: radvd 1.8.2 released with security fixes Reuben Hawkins (Oct 14)
- Re: radvd 1.8.2 released with security fixes Robert Święcki (Oct 07)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 07)
- Re: radvd 1.8.2 released with security fixes Solar Designer (Oct 13)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 13)
- Re: radvd 1.8.2 released with security fixes Vasiliy Kulikov (Oct 14)
- Re: radvd 1.8.2 released with security fixes Yves-Alexis Perez (Oct 20)
- Re: radvd 1.8.2 released with security fixes Huzaifa Sidhpurwala (Oct 21)