Searched hist:"631 ce2c6" (Results 1 – 1 of 1) sorted by relevance
| /openbsd/usr.bin/mandoc/ |
| H A D | cgi.c | 631ce2c6 Sat Jul 19 13:15:07 GMT 2014 schwarze <schwarze@openbsd.org> Security fix:
Validate the manpath up front and report a Bad Request if it is not
listed in manpath.conf, such that clients can't probe which directories
exist on the server. In case of configuration errors, consistently
report Internal Server Error without disclosing any further information.
Partially based on a patch from Sebastien Marie <semarie-openbsd at
latrappe dot fr>, but avoiding a couple of issues with that patch
and approaching the issue in a somewhat more rigorous way.
|