Commit | Line | Data |
---|---|---|
dc9c5d88 FAW |
1 | From: Julien Viard de Galbert <julien@vdg.blogsite.org> |
2 | Date: Tue, 23 Nov 2010 23:29:54 +0100 | |
3 | Subject: Solve a symlink vulnerability | |
4 | ||
5 | In the same spirit as previous 08_symlink_vulnerability patch for #359745 | |
6 | The .htaccess file creation did not test the symlink. | |
7 | ||
8 | Index: webalizer/output.c | |
9 | =================================================================== | |
10 | --- webalizer.orig/output.c 2010-11-24 14:34:36.000000000 +0100 | |
11 | +++ webalizer/output.c 2010-11-24 14:36:56.000000000 +0100 | |
12 | @@ -2408,6 +2408,21 @@ | |
13 | /* .htaccess file needed? */ | |
14 | if (htaccess) | |
15 | { | |
16 | + struct stat out_stat; | |
17 | + | |
18 | + /* stat the file */ | |
19 | + if ( !(lstat(".htaccess", &out_stat)) ) | |
20 | + { | |
21 | + /* check if the file a symlink */ | |
22 | + if ( S_ISLNK(out_stat.st_mode) ) | |
23 | + { | |
24 | + if (verbose) | |
25 | + fprintf(stderr,"%s %s (symlink)\n",msg_no_open,".htaccess"); | |
26 | + return NULL; | |
27 | + } | |
28 | + } | |
29 | + | |
30 | + /* open the file... */ | |
31 | if ((out_fp=fopen(".htaccess","wx")) != NULL) | |
32 | { | |
33 | fprintf(out_fp,"DirectoryIndex %s\n",index_fname); |