kumasulidwa kokonza ndi kuthetsa otsutsa (), zomwe mukusintha kosasintha kungayambitse kupha kwa code yakutali ndi wowukira wokhala ndi mwayi wa mizu. Vuto limangowoneka ngati chithandizo cha TLS chayatsidwa ndipo chimagwiritsidwa ntchito popereka chiphaso cha kasitomala chopangidwa mwapadera kapena mtengo wosinthidwa ku SNI. Kusatetezeka ndi Qualys.
vuto mu chogwirira pothawa zilembo zapadera mu chingwe ( kuchokera ku string.c) ndipo zimayambitsidwa ndi zilembo za '\' kumapeto kwa chingwecho kumasuliridwa pamaso pa zilembo zopanda pake ('\0') ndikuthawa. Pothawa, ndondomeko ya '\' ndi code null end-of-line code imatengedwa ngati khalidwe limodzi ndipo pointer imasunthidwa ku deta kunja kwa mzere, womwe umatengedwa ngati kupitiriza kwa mzere.
Khodi yoyimbira string_interpret_escape() imagawa chotchinga chokhetsa potengera kukula kwake, ndipo cholozera chowonekera chimathera kudera lomwe lili kunja kwa malire a buffer. Chifukwa chake, poyesa kukonza chingwe cholowera, vuto limakhala powerenga deta kuchokera kudera lomwe lili kunja kwa malire a buffer, ndipo kuyesa kulemba chingwe chosathawika kungayambitse kulemba kupyola malire a buffer.
Mukusintha kosasintha, chiwopsezocho chingagwiritsidwe ntchito potumiza deta yopangidwa mwapadera ku SNI pokhazikitsa kulumikizana kotetezeka ku seva. Vutoli litha kugwiritsidwanso ntchito mwakusintha makonda a peerdn mumasinthidwe okonzedwa kuti atsimikizire satifiketi ya kasitomala kapena potumiza satifiketi. Kuwukira kudzera pa SNI ndi peerdn ndizotheka kuyambira pakumasulidwa , momwe string_unprinting() ntchito idagwiritsidwa ntchito kusindikiza peerdn ndi SNI zomwe zili.
Chitsanzo chogwiritsidwa ntchito chakonzedwa kuti chiwukidwe kudzera pa SNI, ikuyenda pa i386 ndi amd64 zomangamanga pa Linux machitidwe ndi Glibc. Kugwiritsira ntchito kumagwiritsa ntchito deta pamwamba pa gawo la mulu, zomwe zimapangitsa kuti zisinthe kukumbukira komwe dzina la fayilo la chipika limasungidwa. Dzina lafayilo lasinthidwa ndi "/../../../../../../../../etc/passwd". Kenaka, kusinthika ndi adiresi ya wotumiza kumalembedwa, yomwe imasungidwa koyamba mu chipika, chomwe chimakulolani kuti muwonjezere wogwiritsa ntchito watsopano ku dongosolo.
Zosintha zamaphukusi zokhala ndi zovuta zomwe zimatulutsidwa ndi magawo , , , ΠΈ . RHEL ndi vuto la CentOS , popeza Exim sinaphatikizidwe m'malo awo okhazikika (in sinthani , koma panopa kumalo osungirako anthu). Mu Exim code vuto limakonzedwa ndi mzere umodzi , zomwe zimalepheretsa kuthawa kwa backslash ngati kuli kumapeto kwa mzere.
Monga njira yothanirana ndi chiopsezo, mutha kuletsa chithandizo cha TLS kapena kuwonjezera
Gawo la ACL "acl_smtp_mail":
kukana chikhalidwe = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
kukana chikhalidwe = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Source: opennet.ru