ecliptik
/
molly-brown
forked from solderpunk/molly-brown
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Limit CGI processes to a particular path.

This commit is contained in:
Solderpunk 2020-01-12 13:39:38 +01:00
parent cadb7b2ea5
commit 8239e7fd3f
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.go
View File

@ -12,6 +12,7 @@ type Config struct {
DocBase string DocBase string
HomeDocBase string HomeDocBase string
LogPath string LogPath string
CGIPath string
} }
func getConfig(filename string) (Config, error) { func getConfig(filename string) (Config, error) {
@ -26,6 +27,7 @@ func getConfig(filename string) (Config, error) {
config.DocBase = "/var/gemini/" config.DocBase = "/var/gemini/"
config.HomeDocBase = "users" config.HomeDocBase = "users"
config.LogPath = "molly.log" config.LogPath = "molly.log"
config.CGIPath = "^/var/gemini/cgi-bin/"
// Return defaults if no filename given // Return defaults if no filename given
if filename == "" { if filename == "" {

5
handler.go
View File

@ -13,6 +13,7 @@ import (
"os" "os"
"os/exec" "os/exec"
"path/filepath" "path/filepath"
"regexp"
"strconv" "strconv"
"strings" "strings"
"time" "time"
@ -124,8 +125,10 @@ func handleGeminiRequest(conn net.Conn, config Config, logEntries chan LogEntry)
log.Status = 20 log.Status = 20
conn.Write([]byte(generateDirectoryListing(path))) conn.Write([]byte(generateDirectoryListing(path)))
return return
}
// If this file is executable, get dynamic content // If this file is executable, get dynamic content
} else if info.Mode().Perm() & 0111 == 0111 { inCGIPath, err := regexp.Match(config.CGIPath, []byte(path))
if inCGIPath && info.Mode().Perm() & 0111 == 0111 {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel() defer cancel()
cmd := exec.CommandContext(ctx, path) cmd := exec.CommandContext(ctx, path)