From 7f950bd8a2d1990979386a6519c8b4792f02a7fd Mon Sep 17 00:00:00 2001
From: =?utf8?q?Bodo=20M=C3=B6ller?= <bodo@openssl.org>
Date: Fri, 30 Mar 2001 10:47:56 +0000
Subject: [PATCH] For -WWW, fix test for ".." directory references (and avoid
 warning for index -1).

---
 apps/s_server.c | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/apps/s_server.c b/apps/s_server.c
index 29ed598638..6b1ba35084 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO *file;
 			char *p,*e;
 			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+			int prev_slash;
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 0:
+					dot = (e[0] == '/') ? 1 : 0;
+					break;
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
-- 
2.25.1