improve check of cgi_dir request
This commit is contained in:
parent
aa6f001022
commit
1e13a08865
27
vger.c
27
vger.c
|
@ -214,18 +214,22 @@ int
|
|||
do_cgi(const char *rel_cgi_dir, const char *path, const char *hostname, const char *query)
|
||||
{
|
||||
|
||||
/* WARNING : this function is fragile since it
|
||||
* compares path using the string to access them.
|
||||
* It would be preferable to use stat() to check
|
||||
* if two path refer to the same inode
|
||||
*/
|
||||
|
||||
struct stat sbcgi = {0};
|
||||
struct stat sbpath = {0};
|
||||
char cgifp[PATH_MAX] = {'\0'}; /* cgi file to execute */
|
||||
char path_dir[PATH_MAX] = {'\0'};
|
||||
char *path_info = NULL;
|
||||
|
||||
/* check if path starts with rel_cgi_dir */
|
||||
if (strncmp(rel_cgi_dir, path, strlen(rel_cgi_dir)) != 0)
|
||||
return 1; /* not in cgi_dir, go to display_file */
|
||||
/* get beginning of path */
|
||||
/* path_dir is initialized so there is an \0 at the end */
|
||||
memcpy(path_dir, path, strlen(rel_cgi_dir));
|
||||
|
||||
if (stat(rel_cgi_dir, &sbcgi) + stat(path_dir, &sbpath) != 0)
|
||||
goto nocgi;
|
||||
|
||||
/* compare inodes */
|
||||
if (sbcgi.st_ino != sbpath.st_ino)
|
||||
goto nocgi; /* not in cgi_dir, go to display_file */
|
||||
|
||||
/* set env variables for CGI
|
||||
* see
|
||||
|
@ -251,7 +255,7 @@ do_cgi(const char *rel_cgi_dir, const char *path, const char *hostname, const ch
|
|||
/* cgi file to execute */
|
||||
esnprintf(cgifp, sizeof(cgifp), "%s", path + strlen(rel_cgi_dir) + 1);
|
||||
if (!(*cgifp)) /* problem with cgi file, abort */
|
||||
return 1;
|
||||
goto nocgi;
|
||||
|
||||
/* check if there is something after cgi file for PATH_INFO */
|
||||
path_info = strchr(cgifp, '/');
|
||||
|
@ -268,6 +272,9 @@ do_cgi(const char *rel_cgi_dir, const char *path, const char *hostname, const ch
|
|||
|
||||
cgi(cgifp);
|
||||
return 0;
|
||||
|
||||
nocgi:
|
||||
return 1;
|
||||
}
|
||||
|
||||
ssize_t
|
||||
|
|
Loading…
Reference in New Issue