search for: expanded_path

Displaying 2 results from an estimated 2 matches for "expanded_path".

Did you mean: expand_path
2015 Aug 17
2
[PATCH] Expand tilde for UNIX domain socket forwards.
...nels.c index a84b487..396e192 100644 --- a/channels.c +++ b/channels.c @@ -3014,10 +3014,14 @@ channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd, debug3("%s: type %d path %s", __func__, type, fwd->listen_path); + /* Expand home directory if necessary */ + char *expanded_path = tilde_expand_filename(fwd->listen_path, getuid()); + /* Start a Unix domain listener. */ omask = umask(fwd_opts->streamlocal_bind_mask); - sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG, + sock = unix_listener(expanded_path, SSH_LISTEN_BACKLOG, fwd_opts->streamloc...
2007 Dec 28
6
Arbitrary system files readable in 1.0.4 - 1.1.2
I just found a vulnerability in one of my web apps that was running Mongrel 1.1.2 where I could go to URIs like /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it would serve the actual /etc/passwd file. The issue seems to be in lib/mongrel/handlers.rb in the change from 1.0.3 to 1.0.4 req_path = HttpRequest.unescape(path_info) - if @path - req_path =