nate/swebs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed some problems with directory pages

Browse Source
This commit is contained in:
Nate Choe
2022-01-30 12:07:36 -06:00
parent 5a6c38c680
commit e4fe179480
3 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/responses.c
View File

@@ -54,6 +54,7 @@ static void readResponse(Connection *conn, char *path) {
free(assembledPath);
goto error;
}
char responsePath[PATH_MAX];
if (realpath(path, responsePath) == NULL) {
free(assembledPath);
@@ -64,6 +65,22 @@ static void readResponse(Connection *conn, char *path) {
free(assembledPath);
goto forbidden;
}
//in theory an attacker could just request
// /blog/../../../../site/privatekey.pem
//so we make sure that the filepath is actually within the path
//specified by the page.
struct stat requestbuf;
if (stat(requestPath, &requestbuf)) {
free(assembledPath);
sendErrorResponse(conn, ERROR_404);
return;
}
if (S_ISDIR(requestbuf.st_mode)) {
free(assembledPath);
sendErrorResponse(conn, ERROR_400);
return;
}
file = fopen(requestPath, "r");
free(assembledPath);