remove any query_string before chdir

a query string could contain a '/' character, which would make vger try to chdir to an incorrect directory. remove the query_string before this, and before percent-decoding (in case there is an encoded '?'). This should happen even if we are not doing cgi, because some clients might send a query_string anyway, which should be ignored.
2022-03-19 14:49:44 +00:00 · 2022-03-19 14:49:44 +00:00 · 394b86bca8
parent 01f2503376
commit 394b86bca8
1 changed files with 11 additions and 6 deletions
--- a/main.c
+++ b/main.c
@ -436,6 +436,16 @@ main(int argc, char **argv)
 		estrlcat(tmp, dir, sizeof(tmp));
 		estrlcpy(dir, tmp, sizeof(dir));
 	}
+
+	/* remove a query string before percent decoding */
+	/* look for "?" if any to set query for cgi, remove it */
+	pos = strchr(dir, '?');
+	if (pos != NULL) {
+		estrlcpy(query, pos + 1, sizeof(query));
+		uridecode(query);
+		pos[0] = '\0';
+	}
+
 	/* percent decode */
 	uridecode(dir);

@ -479,13 +489,8 @@ main(int argc, char **argv)
 		esetenv("SERVER_PROTOCOL", "GEMINI", 1);
 		esetenv("SERVER_SOFTWARE", "vger/1", 1);

-		/* look for "?" if any to set query for cgi, remove it */
-		pos = strchr(file, '?');
-		if (pos != NULL) {
-			estrlcpy(query, pos + 1, sizeof(query));
+		if (*query)
 			esetenv("QUERY_STRING", query, 1);
-			pos[0] = '\0';
-		}
 		/* look for an extension to find PATH_INFO */
 		pos = strrchr(file, '.');
 		if (pos != NULL) {