Jerome ALET (alet@unice.fr)
Fri, 12 Feb 1999 12:04:56 +0000
Hi,
a small patch to allow '.' in the config filenames while being still
secure because Geoff told me it was the reason of the:
! strchr(input[config], '.')
test in htsearch.cc
my patch allows people to use config filenames like:
htdig-server.domain.com.conf
while rejecting config filenames which contains '.' in order to access
to a different directory.
bye,
Jerome ALET - alet@unice.fr - http://cortex.unice.fr/~jerome
Faculte de Medecine de Nice - http://noe.unice.fr - Tel: 04 93 37 76 30
28 Avenue de Valombrose - 06107 NICE Cedex 2 - FRANCE
--- htsearch.cc.old Fri Feb 12 12:45:29 1999
+++ htsearch.cc Fri Feb 12 12:49:26 1999
@@ -127,7 +127,7 @@ main(int ac, char **av)
//
config.Defaults(&defaults[0]);
if (!override_config && input.exists("config")
- && !strchr(input["config"], '.'))
+ && (strstr(input["config"], "./") == NULL)) // To allow . in filename while still being 'secure', e.g. htdig-f.q.d.n.conf
{
char *configDir = getenv("CONFIG_DIR");
if (configDir)
------------------------------------
To unsubscribe from the htdig3-dev mailing list, send a message to
htdig3-dev@htdig.org containing the single word "unsubscribe" in
the SUBJECT of the message.
This archive was generated by hypermail 2.0b3 on Fri Feb 12 1999 - 04:32:02 PST