diff options
| author | Brent Cook <bcook@cvs.openbsd.org> | 2019-10-04 09:47:35 +0000 |
|---|---|---|
| committer | Brent Cook <bcook@cvs.openbsd.org> | 2019-10-04 09:47:35 +0000 |
| commit | 8681f7b16fa68b4bfdf8fdd99e0b19db752c66de (patch) | |
| tree | 5ce5ca1dcce52133d717717614f68795f0660cc0 /usr.bin | |
| parent | aa6fbc8e985ba095cacf81f2e5a60a2d41e9d36d (diff) | |
Avoid a path traversal bug in s_server on Windows.
openssl s_server has an arbitrary read vulnerability on Windows when run with
the -WWW or -HTTP options, due to an incomplete path check logic. Thanks to
Jobert Abma for reporting.
ok tb@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/openssl/s_server.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/usr.bin/openssl/s_server.c b/usr.bin/openssl/s_server.c index a15795151f2..2026e729421 100644 --- a/usr.bin/openssl/s_server.c +++ b/usr.bin/openssl/s_server.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s_server.c,v 1.31 2019/06/28 13:35:02 deraadt Exp $ */ +/* $OpenBSD: s_server.c,v 1.32 2019/10/04 09:47:34 bcook Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1839,11 +1839,11 @@ www_body(char *hostname, int s, unsigned char *context) dot = (e[0] == '.') ? 3 : 0; break; case 3: - dot = (e[0] == '/') ? -1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? -1 : 0; break; } if (dot == 0) - dot = (e[0] == '/') ? 1 : 0; + dot = (e[0] == '/' || e[0] == '\\') ? 1 : 0; } dot = (dot == 3) || (dot == -1); /* filename contains * ".." component */ |