[Mldonkey-commits] mldonkey distrib/ChangeLog src/utils/lib/url.ml

mldonkey-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Mldonkey-commits] mldonkey distrib/ChangeLog src/utils/lib/url.ml

From:	mldonkey-commits
Subject:	[Mldonkey-commits] mldonkey distrib/ChangeLog src/utils/lib/url.ml
Date:	Tue, 24 Feb 2009 18:38:34 +0000

CVSROOT:        /sources/mldonkey
Module name:    mldonkey
Changes by:     spiralvoice <spiralvoice>       09/02/24 18:38:34

Modified files:
        distrib        : ChangeLog 
        src/utils/lib  : url.ml 

Log message:
        patch #6754

CVSWeb URLs:
http://cvs.savannah.gnu.org/viewcvs/mldonkey/distrib/ChangeLog?cvsroot=mldonkey&r1=1.1392&r2=1.1393
http://cvs.savannah.gnu.org/viewcvs/mldonkey/src/utils/lib/url.ml?cvsroot=mldonkey&r1=1.9&r2=1.10

Patches:
Index: distrib/ChangeLog
===================================================================
RCS file: /sources/mldonkey/mldonkey/distrib/ChangeLog,v
retrieving revision 1.1392
retrieving revision 1.1393
diff -u -b -r1.1392 -r1.1393
--- distrib/ChangeLog   24 Feb 2009 18:35:45 -0000      1.1392
+++ distrib/ChangeLog   24 Feb 2009 18:38:34 -0000      1.1393
@@ -15,6 +15,9 @@
 =========
 
 2009/02/24
+6754: Fix local file access bug in internal http server
+- this is an urgent security related bug-fix and effects
+  all MLDonkey versions >= 2.8.4
 6752: Optimized implementation of the ip_set module (cbah)
 6736: Add/fix some copyright texts
 -------------------------------------------------------------------------------

Index: src/utils/lib/url.ml
===================================================================
RCS file: /sources/mldonkey/mldonkey/src/utils/lib/url.ml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -b -r1.9 -r1.10
--- src/utils/lib/url.ml        17 Mar 2007 18:49:32 -0000      1.9
+++ src/utils/lib/url.ml        24 Feb 2009 18:38:34 -0000      1.10
@@ -175,6 +175,19 @@
   Buffer.contents res  
   
 let of_string ?(args=[]) s =
+  let remove_leading_slashes s =
+    let len = String.length s in
+    let left =
+      let rec aux i =
+        if i < len && s.[i] = '/' then aux (i+1) else i in
+      aux 0 in
+    if left = 0 then s
+    else
+      String.sub s left (len - left) in
+
+  (* redefine s to remove all leading slashes *)
+  let s = remove_leading_slashes s in
+
   let s = put_args s args in
   let url =
     let get_two init_pos =

[Prev in Thread]

Current Thread

[Next in Thread]

[Mldonkey-commits] mldonkey distrib/ChangeLog src/utils/lib/url.ml, mldonkey-commits <=

Prev by Date: [Mldonkey-commits] mldonkey distrib/ChangeLog src/daemon/common/co...
Next by Date: [Mldonkey-commits] mldonkey/src config/mingw/os_stubs_c.c config/u...
Previous by thread: [Mldonkey-commits] mldonkey distrib/ChangeLog src/daemon/common/co...
Next by thread: [Mldonkey-commits] mldonkey/src config/mingw/os_stubs_c.c config/u...
Index(es):
- Date
- Thread