Bodo Moeller wrote:
>
> On Fri, Mar 30, 2001 at 04:55:52PM +0200, [EMAIL PROTECTED] wrote:
>
> > Modified: apps s_server.c
> > Log:
> > this time *really* fix the /../ check ...
>
> Well, I guess this one was a little late ...
>
> The original implementation had the problem that it did not detect the ".."
> path component in "GET /.. ". (Besides, the negative array index got compiler
> warnings.) My first attempt to fix that was incorrect in that it
> did not reject "GET /./../ ".
Attempting to make URL to file translations safe is a tricky task. I
suggest we don't even bother with s_server - why would we want to? It is
a test/demo tool?
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
ApacheCon 2001! http://ApacheCon.com/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
