uri processing reject paths not starting with slash
https://github.com/warmcat/libwebsockets/issues/481 Return 403 Forbidden if we don't end up with a uri path starting with / Test server already did this, but this makes it built into the library. Signed-off-by: Andy Green <andy@warmcat.com>
This commit is contained in:
Andy Green
parent
e3e89a7241
commit
8b83266301
1 changed files with 8 additions and 0 deletions
|
|
@ -243,6 +243,14 @@ lws_http_action(struct lws *wsi)
|
|||
break;
|
||||
}
|
||||
|
||||
/* we insist on absolute paths */
|
||||
|
||||
if (uri_ptr[0] != '/') {
|
||||
lws_return_http_status(wsi, HTTP_STATUS_FORBIDDEN, NULL);
|
||||
|
||||
goto bail_nuke_ah;
|
||||
}
|
||||
|
||||
/* HTTP header had a content length? */
|
||||
|
||||
wsi->u.http.content_length = 0;
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue