For -WWW, fix test for ".." directory references (and avoid warning for
index -1).
This commit is contained in:
Bodo Möller
parent
bf7b0d2d2b
commit
7f950bd8a2
1 changed files with 22 additions and 6 deletions
|
|
@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
|
|||
BIO *file;
|
||||
char *p,*e;
|
||||
static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
|
||||
int prev_slash;
|
||||
|
||||
/* skip the '/' */
|
||||
p= &(buf[5]);
|
||||
dot=0;
|
||||
|
||||
dot = 1;
|
||||
for (e=p; *e != '\0'; e++)
|
||||
{
|
||||
if (e[0] == ' ') break;
|
||||
if ( (e[0] == '.') &&
|
||||
(strncmp(&(e[-1]),"/../",4) == 0))
|
||||
dot=1;
|
||||
if (e[0] == ' ')
|
||||
break;
|
||||
|
||||
switch (dot)
|
||||
{
|
||||
case 0:
|
||||
dot = (e[0] == '/') ? 1 : 0;
|
||||
break;
|
||||
case 1:
|
||||
dot = (e[0] == '.') ? 2 : 0;
|
||||
break;
|
||||
case 2:
|
||||
dot = (e[0] == '.') ? 3 : 0;
|
||||
break;
|
||||
case 3:
|
||||
dot = (e[0] == '/') ? -1 : 0;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
|
||||
|
||||
if (*e == '\0')
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue