Magic-Mirror/radare2
1
0
Fork 0
mirror of https://github.com/radareorg/radare2.git synced 2024-12-15 17:30:31 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
d0fb7bb687
radare2/libr
History
Jann Horn d0fb7bb687 Fix r_sandbox_check_path – there were ways to perform directory traversal. 
- The function failed to catch the case that the path ends with "..",
   allowing the contents of the directory one path component above the
   cwd to be listed. This is probably not very interesting.
 - The function did not check for ".." components in the path if it
   starts with R2_WWWROOT, leading to full directory traversal (example:
   /usr/local/share/radare2/0.9.8.git/www/../../../../../../etc/passwd
 - Use strncmp instead of memcmp
 - Handle relative webroot paths properly
 - Check for empty R2_WWWROOT
2014-03-27 00:32:43 +01:00
..
anal Code clean up and fix o+ 2014-03-26 22:32:45 +01:00
asm cr16: Fix bugs with anal and add missing dedic register names 2014-03-26 22:29:34 +01:00
bin Code clean up and fix o+ 2014-03-26 22:32:45 +01:00
bp Add some Jam files and merge rsign into ranal 2013-12-31 05:30:39 +01:00
config Add some Jam files and merge rsign into ranal 2013-12-31 05:30:39 +01:00
cons Fix linkage of RCoreJava plugin 2014-03-18 00:55:26 +01:00
core Code clean up and fix o+ 2014-03-26 22:32:45 +01:00
crypto Remove more r_lib references 2014-01-18 02:52:49 +01:00
db more calloc! 2014-03-26 22:29:09 +01:00
debug Fix static typedef issues 2014-03-25 00:34:23 +01:00
diff Add some Jam files and merge rsign into ranal 2013-12-31 05:30:39 +01:00
egg Fix static typedef issues 2014-03-25 00:34:23 +01:00
flags Fixes for p= and add 'fm' to move flags 2014-03-02 05:41:45 +01:00
fs Code clean up and fix o+ 2014-03-26 22:32:45 +01:00
hash Fix self:// on Linux 2014-03-02 04:19:36 +01:00
include Update sdb from git and sync base64 fixes 2014-03-26 23:17:40 +01:00
io Added extend to io support, now files can be extended, b00y4! 2014-03-24 22:57:36 -05:00
lang Some fixes for RLang plugins 2014-03-26 01:34:32 +01:00
magic Coverity fixes #590 2014-02-02 23:58:50 +01:00
parse Remove some warnings and unused code 2014-03-21 12:28:34 +01:00
reg fix #629 and add some warnings 2014-03-21 03:54:12 +01:00
search Add more Jamroot files and move some plugs to r2-extras 2013-12-31 15:34:27 +01:00
socket Fix some coverity issues 2014-03-16 00:16:43 +01:00
syscall Deprecate RPair API and ?k. Use SDB and integrate it with 'k' 2014-03-07 01:26:11 +01:00
sysproxy * Make r_cons independent from r_line 2009-04-07 11:28:22 +00:00
util Fix r_sandbox_check_path – there were ways to perform directory traversal. 2014-03-27 00:32:43 +01:00
config.h.head * Add support to ARM for the debugger 2010-02-03 14:34:00 +01:00
config.h.tail * Initial import of the 'configure-plugins' script 2010-01-13 23:42:49 +01:00
config.mk.head Simplify the build system 2012-10-03 14:31:35 +02:00
config.mk.tail Fix solib version for symstall rule 2014-03-09 11:24:44 +01:00
depgraph.pl * Export 'srwx' perms of sections in rabin2 -rS 2010-04-08 12:29:47 +02:00
Jamroot More Jamroot files and move vm out 2013-12-31 15:57:52 +01:00
libr.pc.acr Fix static link 2014-03-18 01:36:54 +01:00
Makefile Merge RCmd inside RCore 2014-03-18 00:05:44 +01:00
rules.mk Fix solib file name on MacOS X 2014-03-08 23:13:18 +01:00
stripsyms.sh Added '-' to create command aliases and lowercase i8080 2012-10-30 02:49:05 +01:00
symgraph.pl Fix symgraph script 2014-03-09 17:48:12 +01:00