nsogbu
The koodu na-akpọ string_interpret_escape() na-ekenye ihe nchekwa maka igbapu nke dabere na nha n'ezie, na pointer ekpughere na-ejedebe na mpaghara na-abụghị oke nchekwa. N'ihi ya, mgbe ị na-agbalị ịhazi eriri ntinye, ọnọdụ na-ebilite mgbe ị na-agụ data sitere na mpaghara dị n'èzí nke ebe nchekwa ekenyela, na ịnwa ịde eriri na-enweghị mgbapụ nwere ike iduga n'ịde ihe gafere oke nke nchekwa ahụ.
Na nhazi nke ndabara, enwere ike iji adịghị ike ahụ site na izipu data emebere pụrụ iche na SNI mgbe ị na-ewepụta njikọ echekwara na sava ahụ. Enwere ike irigbu okwu a site n'ịgbanwe ụkpụrụ peerdn na nhazi ahaziri maka njirimara asambodo ndị ahịa ma ọ bụ mgbe ị na-ebubata asambodo. Mwakpo sitere na SNI na peerdn ga-ekwe omume malite na ntọhapụ
A kwadebere ụdị nrigbu maka mbuso agha site na SNI, na-agba ọsọ na i386 na amd64 architectures na sistemụ Linux na Glibc. Nrigbu a na-eji data machie na mpaghara ikpo okwu, na-ebute idegharị ebe nchekwa ebe echekwara aha faịlụ ndekọ. A na-eji "/../../.../../../../../../etc/passwd" dochie aha faịlụ ahụ. Na-esote, a na-edegharị mgbanwe na adreesị onye na-ezipụ ya, nke a na-echekwa na mbụ na log, nke na-enye gị ohere itinye onye ọrụ ọhụrụ na usoro ahụ.
Mmelite ngwugwu nwere ndozi adịghị ike nke nkesa weputara
Dị ka ihe na-arụ ọrụ iji gbochie adịghị ike ahụ, ị nwere ike gbanyụọ nkwado TLS ma ọ bụ tinye
Ngalaba ACL "acl_smtp_mail":
deny condition = ${if eq{\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
isi: opennet.ru