artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: aedeff4) | patch
Prevent toctu issues in static file serving and auto index generation.
authorflorian <florian@openbsd.org>
Tue, 16 Apr 2024 17:15:50 +0000 (17:15 +0000)
committerflorian <florian@openbsd.org>
Tue, 16 Apr 2024 17:15:50 +0000 (17:15 +0000)
commitdb87a26fba663e62a178a3feb0b334b857c5b5e6
tree7cac077cf40647ceac3c5bdd944532741e341cadtree | snapshot
parentaedeff457fedf7268794c95d21b9b50b91c0debdcommit | diff
Prevent toctu issues in static file serving and auto index generation.

This fixes a problem in passing, reported by matthieu@ where httpd
would return 500 Internal Server Error when it could stat(2) but not
open(2) a file. The correct error code is 403.

testing matthieu
ok tobhe, tl;dr ok stsp
input & OK deraadt
usr.sbin/httpd/server_file.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim