projects / oweals / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bf7b0d2)
For -WWW, fix test for ".." directory references (and avoid warning for
authorBodo Möller <bodo@openssl.org>
Fri, 30 Mar 2001 10:47:56 +0000 (10:47 +0000)
committerBodo Möller <bodo@openssl.org>
Fri, 30 Mar 2001 10:47:56 +0000 (10:47 +0000)
index -1).

apps/s_server.c patch | blob | history

diff --git a/apps/s_server.c b/apps/s_server.c
index 29ed59863871741b0b8e58724b650800d8c0a3bb..6b1ba350840b82260d36451eb7a9ebf80ec7492f 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
                        BIO *file;
                        char *p,*e;
                        static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+                       int prev_slash;
 
                        /* skip the '/' */
                        p= &(buf[5]);
-                       dot=0;
+
+                       dot = 1;
                        for (e=p; *e != '\0'; e++)
                                {
-                               if (e[0] == ' ') break;
-                               if (    (e[0] == '.') &&
-                                       (strncmp(&(e[-1]),"/../",4) == 0))
-                                       dot=1;
+                               if (e[0] == ' ')
+                                       break;
+
+                               switch (dot)
+                                       {
+                               case 0:
+                                       dot = (e[0] == '/') ? 1 : 0;
+                                       break;
+                               case 1:
+                                       dot = (e[0] == '.') ? 2 : 0;
+                                       break;
+                               case 2:
+                                       dot = (e[0] == '.') ? 3 : 0;
+                                       break;
+                               case 3:
+                                       dot = (e[0] == '/') ? -1 : 0;
+                                       break;
+                                       }
                                }
-                       
+                       dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
                        if (*e == '\0')
                                {
Unnamed repository; edit this file 'description' to name the repository.