thttpd 2.04 released (fwd)

[marcs () ZNEP COM (Marc Slemko)]

FYI, anyone using thttpd should take note of the below and ensure they
aren't vulnerable.

The exploit is obvious from the fix so I won't belabour the point.

---------- Forwarded message ----------
Date: Mon, 10 Aug 1998 19:24:57 -0700
From: Jef Poskanzer <jef () acme com>
To: thttpd () acme com
Cc: Marc Slemko <marcs () znep com>
Subject: thttpd 2.04 released

Marc Slemko discovered a fairly serious security problem in thttpd.
If you're not running chrooted, an attacker can use this bug to
read files outside of your document tree, for instance /etc/passwd.
Obviously this warrants an immediate patch release.

If you are running thttpd chrooted (i.e. you start it as root),
then you are safe from this bug.  Better install the fix anyway
though.

New in version 2.04:
 - The simple mmap cache added in version 2.01 is now more aggressive,
   improving performance when a small set of files gets fetched a while lot.
 - Fixed bug in filename translation.

Tarchive available as usual at http://www.acme.com/software/thttpd/
If all you want is the bug fix, a patch for just that is appended.
---
Jef

         Jef Poskanzer  jef () acme com  http://www.acme.com/jef/

*** /tmp/,RCSt101alaP   Mon Aug 10 19:09:49 1998
--- libhttpd.c  Mon Aug 10 19:09:31 1998
***************
*** 975,980 ****
--- 975,986 ----
      (void) strcpy( rest, path );
      if ( rest[restlen - 1] == '/' )
        rest[--restlen] = '\0';         /* trim trailing slash */
+     /* Remove any leading slashes. */
+     while ( rest[0] == '/' )
+       {
+       (void) strcpy( rest, &(rest[1]) );
+       --restlen;
+       }
      r = rest;
      nlinks = 0;