httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bh...@gensym.com (Ben Hyde)
Subject http://localhost/nul/auz.html -> \\.\aux
Date Tue, 12 May 1998 19:34:49 GMT

>> >     * SECURITY: check if the magic con/aux/nul/etc names do anything
>> >         really bad
>> 
>> Discussion on this died down; when we last left it, I wondered aloud
>> whether the device-checking patch which was applied last week solved this
>> problem.
>
>Ah, yes - I was halfway through testing that, when I suddenly had to
>spend my time making the blasted thing work instead. By the time I had
>finished I'd forgotten why I was doing it.

notes dejour...

  http://localhost/nul/aux.html
initially maps (today) to 
  d:/bt/as/site0/htdocs/nul/aux.html

GetFullPathName via sub_canonical_filename via ap_os_canonical_filename
via directory_walk chews that into:
  \\.\aux\

That's likely to confuse the <directory> logic.

(an aside about GetFullPathName:  In spite of the documenation
szFilePart is not a substring of buf in this case that makes
the predicate in there "(szFilePart < buf+3)" suspect.)

ap_os_canonical_filename converts it to:  //./aux/

directory_walk doesn't like double // so soon it's
  /./aux

It is all too bogus at this point so I lost interest.

I'm sure I understand the theory of operation for d: 
and \\.\ and \\machine\ amoung {file,directory}_walk,
and ap_os_canonical_filename.  Ben - you have my
sympathy!

 - ben hyde

Mime
View raw message