Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: roxen1.htm

Roxen Web Server with the Pike-tag enabled - RXML issues



    All systems running Roxen with the Pike-tag enabled.


    Peter Bortas found  following.  Following  some discussion on  the
    Roxen  mailing  list  a  rather  nasty  exploit that works on many
    Roxen servers was discovered.  This also applies to a less  degree
    of all systems running Roxen with the main RXML-parser enabled.

    Due to the recursive  nature of RXML it  is vital that input  from
    the client is  properly quoted or  stopped from further  recursive
    parsing.  The  code  for  the  <referer>-tag  missed  to  do  this
    properly.  OBSERVE: You are not protected just because you are not
    using the <referer>-tag!


    Apply this patch to htmlparse.pike:

    --- htmlparse.pike      1999/05/25 11:40:57     1.180
    +++ htmlparse.pike      1999/10/05 08:30:18
    @@ -2521,7 +2521,7 @@
         return ("Compatibility alias for referrer");
    -    return sizeof(id->referer)?id->referer*"":m->alt?m->alt:"..";
    +    return sizeof(id->referer)?({ id->referer*"" }):m->alt?m->alt:"..";
       return m->alt?m->alt:"..";

    cd to the Roxen directory and run:

        patch server/modules/tags/htmlparse.pike < file_with_patch

    Or, disable the RXML-parser in  all you Roxen servers.   This will
    also  automaticly  disable  the  Pike-tag.   The  patch  is   also
    available as

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH