From: Bodo Möller Date: Fri, 30 Mar 2001 10:47:56 +0000 (+0000) Subject: For -WWW, fix test for ".." directory references (and avoid warning for X-Git-Tag: OpenSSL_0_9_6a-beta3~5 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=7f950bd8a2d1990979386a6519c8b4792f02a7fd;p=oweals%2Fopenssl.git For -WWW, fix test for ".." directory references (and avoid warning for index -1). --- diff --git a/apps/s_server.c b/apps/s_server.c index 29ed598638..6b1ba35084 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO *file; char *p,*e; static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + int prev_slash; /* skip the '/' */ p= &(buf[5]); - dot=0; + + dot = 1; for (e=p; *e != '\0'; e++) { - if (e[0] == ' ') break; - if ( (e[0] == '.') && - (strncmp(&(e[-1]),"/../",4) == 0)) - dot=1; + if (e[0] == ' ') + break; + + switch (dot) + { + case 0: + dot = (e[0] == '/') ? 1 : 0; + break; + case 1: + dot = (e[0] == '.') ? 2 : 0; + break; + case 2: + dot = (e[0] == '.') ? 3 : 0; + break; + case 3: + dot = (e[0] == '/') ? -1 : 0; + break; + } } - + dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ if (*e == '\0') {