Displaying 2 results from an estimated 2 matches for "expanded_path".
Did you mean:
expand_path
2015 Aug 17
2
[PATCH] Expand tilde for UNIX domain socket forwards.
...nels.c
index a84b487..396e192 100644
--- a/channels.c
+++ b/channels.c
@@ -3014,10 +3014,14 @@ channel_setup_fwd_listener_streamlocal(int type, struct Forward *fwd,
debug3("%s: type %d path %s", __func__, type, fwd->listen_path);
+ /* Expand home directory if necessary */
+ char *expanded_path = tilde_expand_filename(fwd->listen_path, getuid());
+
/* Start a Unix domain listener. */
omask = umask(fwd_opts->streamlocal_bind_mask);
- sock = unix_listener(fwd->listen_path, SSH_LISTEN_BACKLOG,
+ sock = unix_listener(expanded_path, SSH_LISTEN_BACKLOG,
fwd_opts->streamloc...
2007 Dec 28
6
Arbitrary system files readable in 1.0.4 - 1.1.2
I just found a vulnerability in one of my web apps that was running
Mongrel 1.1.2 where I could go to URIs like
/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it
would serve the actual /etc/passwd file.
The issue seems to be in lib/mongrel/handlers.rb in the change from
1.0.3 to 1.0.4
req_path = HttpRequest.unescape(path_info)
- if @path
- req_path =