remove '../' after percent decoding
This commit is contained in:
parent
46f2c7238a
commit
bc306eaf8a
2
main.c
2
main.c
|
@ -58,6 +58,8 @@ main(int argc, char **argv)
|
||||||
uridecode(query);
|
uridecode(query);
|
||||||
uridecode(path);
|
uridecode(path);
|
||||||
|
|
||||||
|
rmdbldot(path);
|
||||||
|
|
||||||
/* is it cgi ? */
|
/* is it cgi ? */
|
||||||
if (*cgi_dir)
|
if (*cgi_dir)
|
||||||
if (do_cgi(chroot_dir, cgi_dir, path, hostname, query) == 0)
|
if (do_cgi(chroot_dir, cgi_dir, path, hostname, query) == 0)
|
||||||
|
|
16
vger.c
16
vger.c
|
@ -327,11 +327,6 @@ cgi(const char *cgicmd)
|
||||||
char *
|
char *
|
||||||
read_request(char *request)
|
read_request(char *request)
|
||||||
{
|
{
|
||||||
/*
|
|
||||||
* read the request, check for errors and sanitize the input
|
|
||||||
*/
|
|
||||||
char *pos = NULL;
|
|
||||||
|
|
||||||
/* read 1024 +1 chars from stdin to get the request (1024 + \0) */
|
/* read 1024 +1 chars from stdin to get the request (1024 + \0) */
|
||||||
|
|
||||||
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
if (fgets(request, GEMINI_REQUEST_MAX, stdin) == NULL) {
|
||||||
|
@ -359,11 +354,18 @@ read_request(char *request)
|
||||||
/* save request for logs */
|
/* save request for logs */
|
||||||
esnprintf(_request, sizeof(_request), "%s", request);
|
esnprintf(_request, sizeof(_request), "%s", request);
|
||||||
|
|
||||||
|
return request;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
void
|
||||||
|
rmdbldot(char *request)
|
||||||
|
{
|
||||||
|
char *pos = NULL;
|
||||||
|
|
||||||
/* remove all "/.." for safety reasons */
|
/* remove all "/.." for safety reasons */
|
||||||
while ((pos = strstr(request, "/..")) != NULL)
|
while ((pos = strstr(request, "/..")) != NULL)
|
||||||
memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
|
memmove(request, pos + 3, strlen(pos) + 1 - 3); /* "/.." = 3 */
|
||||||
|
|
||||||
return request;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
char *
|
char *
|
||||||
|
|
1
vger.h
1
vger.h
|
@ -46,6 +46,7 @@ void check_path(char *, size_t, int, size_t);
|
||||||
ssize_t display_file(const char *);
|
ssize_t display_file(const char *);
|
||||||
int do_cgi(const char *, const char *, const char *, const char *, const char *);
|
int do_cgi(const char *, const char *, const char *, const char *, const char *);
|
||||||
void drop_privileges(const char *, const char *, const char *);
|
void drop_privileges(const char *, const char *, const char *);
|
||||||
|
void rmdbldot(char *);
|
||||||
char * set_path(char *, size_t, int, const char *);
|
char * set_path(char *, size_t, int, const char *);
|
||||||
void split_request(const char *, char *, char *, char *);
|
void split_request(const char *, char *, char *, char *);
|
||||||
void status(const int, const char *, ...);
|
void status(const int, const char *, ...);
|
||||||
|
|
Loading…
Reference in New Issue