1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
#! /bin/sh /usr/share/dpatch/dpatch-run
## 008_make_include_safe by Adam Conrad <adconrad@0c3.net>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Avoid including dpkg droppings in globbed includes.
@DPATCH@
--- apache2-2.2.0/server/config.c 2005-11-17 13:39:15.000000000 +0000
+++ apache2-2.2.0/server/config.c 2006-01-27 17:06:19.000000000 +0000
@@ -34,6 +34,7 @@
#include "apr_portable.h"
#include "apr_file_io.h"
#include "apr_fnmatch.h"
+#include "apr_lib.h"
#define APR_WANT_STDIO
#define APR_WANT_STRFUNC
@@ -1521,6 +1522,30 @@
return strcmp(f1->fname,f2->fname);
}
+static int fname_valid(const char *fname) {
+ const unsigned char *c = fname;
+ unsigned char bad_dpkg[] = "*.dpkg*";
+
+ if (!apr_isalnum(*c)) {
+ return 0;
+ }
+ ++c;
+
+
+ while (*c) {
+ if (!apr_isalnum(*c) && *c!='_' && *c!='-' && *c!='.') {
+ return 0;
+ }
+ ++c;
+ }
+
+ if (!apr_fnmatch(bad_dpkg, fname, 0)) {
+ return 0;
+ }
+
+ return 1;
+}
+
static const char *process_resource_config_nofnmatch(server_rec *s,
const char *fname,
ap_directive_t **conftree,
@@ -1564,7 +1589,8 @@
while (apr_dir_read(&dirent, APR_FINFO_DIRENT, dirp) == APR_SUCCESS) {
/* strip out '.' and '..' */
if (strcmp(dirent.name, ".")
- && strcmp(dirent.name, "..")) {
+ && strcmp(dirent.name, "..")
+ && fname_valid(dirent.name)) {
fnew = (fnames *) apr_array_push(candidates);
fnew->fname = ap_make_full_path(p, path, dirent.name);
}
@@ -1692,7 +1718,8 @@
if (strcmp(dirent.name, ".")
&& strcmp(dirent.name, "..")
&& (apr_fnmatch(pattern, dirent.name,
- APR_FNM_PERIOD) == APR_SUCCESS)) {
+ APR_FNM_PERIOD) == APR_SUCCESS)
+ && fname_valid(dirent.name)) {
fnew = (fnames *) apr_array_push(candidates);
fnew->fname = ap_make_full_path(p, path, dirent.name);
}
|
