[ntp:security] [Bug 2938] ntpq saveconfig command allows dangerous characters in filenames

bugzilla-daemon at ntp.org bugzilla-daemon at ntp.org
Wed Jan 13 05:57:18 UTC 2016


http://bugs.ntp.org/show_bug.cgi?id=2938

Harlan Stenn <stenn at ntp.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|READY                       |STAGED
   Target Milestone|---                         |4.2.8
              Flags|                            |Q/A-TestRequest+

--- Comment #8 from Harlan Stenn <stenn at ntp.org> 2016-01-13 05:57:18 UTC ---
Pearly, thanks for your work on this.

Danny, thanks for your comments.

STAGED for 4.2.8p6.

We need a unit test for is_safe_filename().

-- 
Configure bugmail: http://bugs.ntp.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


More information about the security mailing list