From bc306eaf8aee87945b0c47d9b9c51d2acf81ff3a Mon Sep 17 00:00:00 2001 From: prx Date: Mon, 22 Aug 2022 11:20:24 +0200 Subject: [PATCH] remove '../' after percent decoding --- main.c | 2 ++ vger.c | 16 +++++++++------- vger.h | 1 + 3 files changed, 12 insertions(+), 7 deletions(-) diff --git a/main.c b/main.c index 26de7bf..b9d37cf 100644 --- a/main.c +++ b/main.c @@ -58,6 +58,8 @@ main(int argc, char **argv) uridecode(query); uridecode(path); + rmdbldot(path); + /* is it cgi ? */ if (*cgi_dir) if (do_cgi(chroot_dir, cgi_dir, path, hostname, query) == 0) diff --git a/vger.c b/vger.c index df7772b..a6996e3 100644 --- a/vger.c +++ b/vger.c @@ -327,11 +327,6 @@ cgi(const char *cgicmd) char * read_request(char *request) { -/* -* read the request, check for errors and sanitize the input -*/ - char *pos = NULL; - /* read 1024 +1 chars from stdin to get the request (1024 + \0) */ if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) { @@ -359,11 +354,18 @@ read_request(char *request) /* save request for logs */ esnprintf(_request, sizeof(_request), "%s", request); + return request; +} + + +void +rmdbldot(char *request) +{ + char *pos = NULL; + /* remove all "/.." for safety reasons */ while ((pos = strstr(request, "/..")) != NULL) memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */ - - return request; } char * diff --git a/vger.h b/vger.h index 8246f1f..c9937f7 100644 --- a/vger.h +++ b/vger.h @@ -46,6 +46,7 @@ void check_path(char *, size_t, int, size_t); ssize_t display_file(const char *); int do_cgi(const char *, const char *, const char *, const char *, const char *); void drop_privileges(const char *, const char *, const char *); +void rmdbldot(char *); char * set_path(char *, size_t, int, const char *); void split_request(const char *, char *, char *, char *); void status(const int, const char *, ...);