mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-09 00:00:04 +01:00
back up directory paths properly
Signed-off-by: Andy Green <andy.green@linaro.org>
This commit is contained in:
parent
4e7a13314d
commit
d3f6873942
2 changed files with 26 additions and 9 deletions
|
@ -297,6 +297,20 @@ int libwebsocket_parse(struct libwebsocket *wsi, unsigned char c)
|
|||
case URIPS_SEEN_SLASH_DOT:
|
||||
/* swallow second . */
|
||||
if (c == '.') {
|
||||
/*
|
||||
* back up one dir level if possible
|
||||
* safe against header fragmentation because
|
||||
* the method URI can only be in 1 fragment
|
||||
*/
|
||||
if (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 2) {
|
||||
wsi->u.hdr.ah->pos--;
|
||||
wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--;
|
||||
do {
|
||||
wsi->u.hdr.ah->pos--;
|
||||
wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len--;
|
||||
} while (wsi->u.hdr.ah->frags[wsi->u.hdr.ah->next_frag_index].len > 1 &&
|
||||
wsi->u.hdr.ah->data[wsi->u.hdr.ah->pos] != '/');
|
||||
}
|
||||
wsi->u.hdr.ups = URIPS_SEEN_SLASH_DOT_DOT;
|
||||
goto swallow;
|
||||
}
|
||||
|
|
|
@ -164,32 +164,35 @@ if [ $? -ne 0 ] ; then
|
|||
fi
|
||||
|
||||
echo
|
||||
echo "---- directory attack 4 (/blah/.. should be /blah/)"
|
||||
echo "---- directory attack 4 (/blah/.. should be /)"
|
||||
rm -f /tmp/lwscap
|
||||
echo -e "GET /blah/.. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
|
||||
check
|
||||
if [ -z "`grep '<h1>403 Forbidden</h1>' /tmp/lwscap`" ] ; then
|
||||
echo "FAIL: should have told forbidden (test server has no dirs)"
|
||||
diff /tmp/lwscap /usr/share/libwebsockets-test-server/test.html > /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "FAIL: got something other than test.html back"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "---- directory attack 5 (/blah/../ should be /blah/)"
|
||||
echo "---- directory attack 5 (/blah/../ should be /)"
|
||||
rm -f /tmp/lwscap
|
||||
echo -e "GET /blah/../ HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
|
||||
check
|
||||
if [ -z "`grep '<h1>403 Forbidden</h1>' /tmp/lwscap`" ] ; then
|
||||
echo "FAIL: should have told forbidden (test server has no dirs)"
|
||||
diff /tmp/lwscap /usr/share/libwebsockets-test-server/test.html > /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "FAIL: got something other than test.html back"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo
|
||||
echo "---- directory attack 6 (/blah/../. should be /blah/)"
|
||||
echo "---- directory attack 6 (/blah/../. should be /)"
|
||||
rm -f /tmp/lwscap
|
||||
echo -e "GET /blah/../. HTTP/1.1\x0d\x0a\x0d\x0a" | nc $SERVER $PORT | sed '1,/^\r$/d'> /tmp/lwscap
|
||||
check
|
||||
if [ -z "`grep '<h1>403 Forbidden</h1>' /tmp/lwscap`" ] ; then
|
||||
echo "FAIL: should have told forbidden (test server has no dirs)"
|
||||
diff /tmp/lwscap /usr/share/libwebsockets-test-server/test.html > /dev/null
|
||||
if [ $? -ne 0 ] ; then
|
||||
echo "FAIL: got something other than test.html back"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
Loading…
Add table
Reference in a new issue