fix unacceptable ../ in autoidx and code formatting

main.c

@@ -214,7 +214,8 @@ autoindex(const char *path)
 		errlog("Can't scan %s", path);
 	} else {
 		for(int j = 0; j < n; j++) {
-			if (!strcmp(namelist[j]->d_name, ".")) {
+			if ((strcmp(namelist[j]->d_name, ".") == 0) ||
+			    (strcmp(namelist[j]->d_name, "..") == 0)) {
 				continue;
 			}
 			if (namelist[j]->d_type == DT_DIR) {
@@ -353,7 +354,12 @@ main(int argc, char **argv)
 	syslog(LOG_DAEMON, "request %s", request);
 
 	/* remove the gemini:// part */
-	memmove(request, request + GEMINI_PART, sizeof(request) - GEMINI_PART);
+	memmove(request, request + GEMINI_PART, strlen(request) +1 - GEMINI_PART);
+
+	/* remove all "/.." for safety reasons */
+    while ((pos = strstr(request, "/..")) != NULL ) {
+		memmove(request, pos+3, strlen(pos) +1 - 3); /* "/.." = 3 */
+	}
 
 	/*
 	 * look for the first / after the hostname
@@ -393,9 +399,8 @@ main(int argc, char **argv)
 	}
 
 	/* check if uri is cgibin */
-	if ((strlen(cgibin) > 0) && 
-		(strncmp(uri, cgibin, strlen(cgibin)) == 0)
-		) {
+	if ((strlen(cgibin) > 0) &&
+		(strncmp(uri, cgibin, strlen(cgibin)) == 0)) {
 		char cgipath[PATH_MAX] = {'\0'};
 		estrlcpy(cgipath, chroot_dir, sizeof(cgipath));
 		estrlcat(cgipath, uri, sizeof(cgipath));
@@ -429,7 +434,7 @@ main(int argc, char **argv)
 		cgi(cgipath);
 
 	} else {
-		//TODO: percent decoding here 
+		//TODO: percent decoding here
 		/* open file and send it to stdout */
 		display_file(uri);
 	}

tests/test.sh

@@ -72,7 +72,7 @@ if ! [ $OUT = "874f5e1af67eff6b93bedf8ac8033066" ] ; then echo "error" ; exit 1
 
 # auto index in directory
 OUT=$(printf "gemini://host.name/autoidx/\r\n" | ../vger -d var/gemini/ -i | tee /dev/stderr | $MD5)
-if ! [ $OUT = "770a987b8f5cf7169e6bc3c6563e1570" ] ; then echo "error" ; exit 1 ; fi
+if ! [ $OUT = "988160d1908a9dcd0cadc21262de4490" ] ; then echo "error" ; exit 1 ; fi
 
 # cgi simple script
 OUT=$(printf "gemini://host.name/cgi-bin/test.cgi\r\n" | ../vger -d var/gemini/ -c /cgi-bin | tee /dev/stderr | $MD5)