micahmoore/pserv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vunerability fix in handle_static_asset

Browse Source
This commit is contained in:
Micah Moore 2022-12-09 14:38:17 -05:00
parent 724afe49c1
commit af936cb46e
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/http.c
View File

@ -323,6 +323,23 @@ handle_static_asset(struct http_transaction *ta, char *basedir)
// which? Fix it to avoid indirect object reference (IDOR) attacks. // which? Fix it to avoid indirect object reference (IDOR) attacks.
snprintf(fname, sizeof fname, "%s%s", basedir, req_path); snprintf(fname, sizeof fname, "%s%s", basedir, req_path);
char *endptr;
char *p = calloc(strlen(fname) + 1, sizeof(char));
memcpy(p, fname, strlen(fname) + 1);
char *dir = strtok_r(p, "/", &endptr);
dir = strtok_r(NULL, "/", &endptr); // initial ".." is okay
while (dir != NULL) {
if (!strcmp(dir, "..")) {
return send_not_found(ta);
}
dir = strtok_r(NULL, "/", &endptr);
}
if (!strcmp(req_path, "/")) {
memset(fname, 0, PATH_MAX);
snprintf(fname, sizeof fname, "%s%s", server_root, "/index.html");
}
if (access(fname, R_OK)) { if (access(fname, R_OK)) {
if (errno == EACCES) if (errno == EACCES)
return send_error(ta, HTTP_PERMISSION_DENIED, "Permission denied."); return send_error(ta, HTTP_PERMISSION_DENIED, "Permission denied.");