Message5856
> In message <1666126880.20160708143147@inbox.ru>,
> I am still concerned if something in the url could be slipped
> past. High bit encoded characters that get stripped during the path
> conversion so the path ends up with .. even though it's not encoded
> that way in the name. Maybe some conversion function will change the
> path string before it gets passed to an open function or something.
> I may just be paranoid, but I remember path traversal bugs related to
> encoding issues.
> Anybody else want to chime in here?
I think that all decoding is done in the upper level and we are
working with character string representing a path part. If the
bad things (double period) is slipped past in some encoded form it will not make
sense because a system calls do not care about encoding. I think that
fopen("%2F%2E%2E%2F%2F%2E%2E%2Fpasswd") will fail anyway.
These are more likely my feelings than results of analyzing. |
|
Date |
User |
Action |
Args |
2016-07-15 10:29:58 | antmail | set | recipients:
+ antmail, schlatterbeck, rouilj, joseph_myers |
2016-07-15 10:29:58 | antmail | link | issue2550891 messages |
2016-07-15 10:29:58 | antmail | create | |
|