search for: req_path

...vulnerability in one of my web apps that was running Mongrel 1.1.2 where I could go to URIs like /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it would serve the actual /etc/passwd file. The issue seems to be in lib/mongrel/handlers.rb in the change from 1.0.3 to 1.0.4 req_path = HttpRequest.unescape(path_info) - if @path - req_path = File.expand_path(File.join(@path, path_info), @path) - else - req_path = File.expand_path(req_path) - end - - if req_path.index(@path) == 0 and File.exist? req_path - # it exists and it''s in...

This is a proposed patch for the security hole reported today. You can just add the test for @path being at index 0 in the exanded req_path as shown below. Take heed of the comment I''ve added too, and there was a test for this very attack in the unit test suite, so it was removed by someone as well. I didn''t test this but I''m pretty sure it''s the fix. === lib/mongrel/handlers.rb ==================...

...alize: def initialize(path, listing_allowed=true, index_html="index.html") @abs = path == "/" # Absolute paths are allowed @path = File.expand_path(path) ... next to method can_serve, which should start with this: def can_serve(path_info) req_path = HttpRequest.unescape(path_info) # Add path prefix, except to absolute Windows paths: req_path = File.join(@path,req_path) if (!@abs || req_path =~ % r{\a[A-Z]:[/^\\]}i) # Expand it to an absolute path: req_path = File.expand_path req_path if File.exist? req_pa...

I''m using mongrel as my http server. I was using yslow to evaluate the performance of my web site and noticed I was downloading the .css file on every request??? I use one .css file for the whole site and I though I would be cached? Yslow indicates that there is no expires date/time set for the css file. How can I tell mongrel to send an expires header with my static content? thanks,

...9; (and ''%20'' is also normalized to a ''+'' in the cache file filename), but this code converts them to an actual space character which then means the cache files are always incorrectly overlooked. Similar line in mongrel''s handlers.rb can_serve(): req_path = File.expand_path(File.join(@path,HttpRequest.unescape(path_info)), @path) where unescaping the path turns the ''+'' into a '' ''. - Walter Korman -- http://www.lemurware.com --~--~---------~--~----~------------~-------~--~----~ You received this message becaus...

....length] unless @urlroot.nil? or path_info[0, at urlroot.length]! =@urlroot and in handlers.rb / DirHandler#process path_info = request.params[Const::PATH_INFO] path_info = path_info[urlroot.length,path_info.length- urlroot.length] unless urlroot.nil? or path_info[0,urlroot.length]! =urlroot req_path = can_serve path_info I imagine there are other places where such a parameter might need to be added to get serving things other than rails apps to work right. I also didn''t try to add it to the Windows service binaries. So, I guess my question is twofold: 1) I''m new to mak...

...111) parse_processed_dfs_path: servicename: dfs [2005/01/04 10:48:56, 10] smbd/msdfs.c:parse_processed_dfs_path(116) parse_processed_dfs_path: rest of the path: desktop.ini [2005/01/04 10:48:56, 10] smbd/msdfs.c:resolve_dfs_path(307) resolve_dfs_path: Conn path = /home/data/shares/postdfs req_path = desktop.ini [2005/01/04 10:48:56, 5] smbd/filename.c:unix_convert(109) unix_convert called on file "desktop.ini" [2005/01/04 10:48:56, 10] smbd/statcache.c:stat_cache_lookup(249) stat_cache_lookup: lookup failed for name [DESKTOP.INI] ... [2005/01/04 10:48:56, 8] lib/util.c:is_in_...

Hi we have samba 3.0.14a on FreeBSD 5.4. We tried with different kind of locking and oplocks (both enabled and disabled). If we try to copy from a Windows XP client a file larger than 3g, we get these error: Cannot copy XXX. The specified network name is no longer available. We traced this problem in the logs (log level 10) and we got this error ------------ [2006/09/19 10:29:41, 5]