[ntp:security] [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Tue Oct 13 20:36:33 UTC 2015


http://bugs.ntp.org/show_bug.cgi?id=2938

--- Comment #4 from Danny Mayer <mayer at ntp.org> 2015-10-13 20:36:33 UTC ---
(In reply to comment #1)
> File names for 'savevonfig' must match the regular expression
> 
>    [_A-Za-z0-9][-+._A-Za-z0-9]*
> 
> to be accepted. This blocks globbing bombs, path traversal and drive selection
> (Windows,VMS); while eliminating file names that are valid for a given platform
> the permitted subset should be safe to use everywhere.

This probably should be represented as the regular expression [.\w]+ which
matches what you have above and allows the file name to start with a period.
That's valid on all O/S's that I know.

Danny

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list