diff options
author | Matt Caswell <matt@openssl.org> | 2019-10-18 16:40:44 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-10-28 13:11:15 +0000 |
commit | 0a4d6c67480a4d2fce514e08d3efe571f2ee99c9 (patch) | |
tree | e67043137d9872989cdf21ce65f68f803d6f1e0e /crypto/cmp/cmp_local.h | |
parent | c549cb46e0d3cb4e611acafae5f919b4a8df4007 (diff) |
Fix an s_server arbitrary file read issue on Windows
Running s_server in WWW mode on Windows can allow a client to read files
outside the s_server directory by including backslashes in the name, e.g.
GET /..\myfile.txt HTTP/1.0
There exists a check for this for Unix paths but it is not sufficient
for Windows.
Since s_server is a test tool no CVE is assigned.
Thanks to Jobert Abma for reporting this.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10215)
Diffstat (limited to 'crypto/cmp/cmp_local.h')
0 files changed, 0 insertions, 0 deletions