Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: radvd 1.8.2 released with security fixes
From: Reuben Hawkins <reubenhwk () gmail com>
Date: Tue, 11 Oct 2011 23:26:55 -0700

On Sat, Oct 8, 2011 at 9:55 AM, Vasiliy Kulikov <segoon () openwall com> wrote:
On Fri, Oct 07, 2011 at 15:41 +0100, John Haxby wrote:
On 07/10/11 14:03, Robert Święcki wrote:
On Fri, Oct 7, 2011 at 12:35 PM, Huzaifa Sidhpurwala
<huzaifas () redhat com> wrote:
Shouldnt this be:

       /* No path traversal */
       if (strstr(iface, "..") || strchr(iface, '/'))
               return -1;
FWIW, this will reject too much;

/path/to/sth..jpg


Indeed, since I don't believe that iface can reasonably include a "/"
its sufficient to check for that.   If not then you need to check for
"../" at the beginning of iface and "/.." anywhere else in it.   But
simply forbidding "/" should be fine.

Crap, thank you for noticing it, guys.  The fix should be:

https://github.com/reubenhwk/radvd/commit/7a1471b62da88373e8f4209d503307c5d841b81f

Now, "", "..", "." and filenames with "/" inside are denied.


Thanks,

--
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments


Are y'all waiting on me to release 1.8.3 with the latest fix?


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault