nate/swebs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed some problems with directory pages

Browse Source
This commit is contained in:
Nate Choe
2022-01-30 12:07:36 -06:00
parent 5a6c38c680
commit e4fe179480
3 changed files with 51 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
example/logs
View File

@@ -150,3 +150,36 @@
[2022-01-30T17:39:45Z] swebs started [2022-01-30T17:39:45Z] swebs started
[2022-01-30T17:42:25Z] swebs started [2022-01-30T17:42:25Z] swebs started
[2022-01-30T17:43:31Z] swebs started [2022-01-30T17:43:31Z] swebs started
[2022-01-30T17:46:31Z] swebs started
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:46Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:46:52Z] Accepting a stream failed
[2022-01-30T17:47:55Z] swebs started
[2022-01-30T18:00:18Z] swebs started
[2022-01-30T18:00:47Z] swebs started
[2022-01-30T18:01:18Z] swebs started
[2022-01-30T18:02:49Z] swebs started
[2022-01-30T18:03:30Z] swebs started
[2022-01-30T18:03:43Z] swebs started
[2022-01-30T18:05:01Z] swebs started
[2022-01-30T18:05:37Z] swebs started
[2022-01-30T18:05:53Z] swebs started
[2022-01-30T18:06:10Z] swebs started
[2022-01-30T18:06:27Z] swebs started

2
example/run.sh
View File

@@ -1,3 +1,3 @@
#!/bin/sh #!/bin/sh
../build/swebs -s sitefile -o logs -p 8000 ../build/swebs -j 2 -s sitefile -o logs -p 8000

17
src/responses.c
View File

@@ -54,6 +54,7 @@ static void readResponse(Connection *conn, char *path) {
free(assembledPath); free(assembledPath);
goto error; goto error;
} }
char responsePath[PATH_MAX]; char responsePath[PATH_MAX];
if (realpath(path, responsePath) == NULL) { if (realpath(path, responsePath) == NULL) {
free(assembledPath); free(assembledPath);
@@ -64,6 +65,22 @@ static void readResponse(Connection *conn, char *path) {
free(assembledPath); free(assembledPath);
goto forbidden; goto forbidden;
} }
//in theory an attacker could just request
// /blog/../../../../site/privatekey.pem
//so we make sure that the filepath is actually within the path
//specified by the page.
struct stat requestbuf;
if (stat(requestPath, &requestbuf)) {
free(assembledPath);
sendErrorResponse(conn, ERROR_404);
return;
}
if (S_ISDIR(requestbuf.st_mode)) {
free(assembledPath);
sendErrorResponse(conn, ERROR_400);
return;
}
file = fopen(requestPath, "r"); file = fopen(requestPath, "r");
free(assembledPath); free(assembledPath);