Fixed some problems with directory pages
This commit is contained in:
Nate Choe
33
example/logs
33
example/logs
@@ -150,3 +150,36 @@
|
||||
[2022-01-30T17:39:45Z] swebs started
|
||||
[2022-01-30T17:42:25Z] swebs started
|
||||
[2022-01-30T17:43:31Z] swebs started
|
||||
[2022-01-30T17:46:31Z] swebs started
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:46Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:46:52Z] Accepting a stream failed
|
||||
[2022-01-30T17:47:55Z] swebs started
|
||||
[2022-01-30T18:00:18Z] swebs started
|
||||
[2022-01-30T18:00:47Z] swebs started
|
||||
[2022-01-30T18:01:18Z] swebs started
|
||||
[2022-01-30T18:02:49Z] swebs started
|
||||
[2022-01-30T18:03:30Z] swebs started
|
||||
[2022-01-30T18:03:43Z] swebs started
|
||||
[2022-01-30T18:05:01Z] swebs started
|
||||
[2022-01-30T18:05:37Z] swebs started
|
||||
[2022-01-30T18:05:53Z] swebs started
|
||||
[2022-01-30T18:06:10Z] swebs started
|
||||
[2022-01-30T18:06:27Z] swebs started
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
../build/swebs -s sitefile -o logs -p 8000
|
||||
../build/swebs -j 2 -s sitefile -o logs -p 8000
|
||||
|
||||
@@ -54,6 +54,7 @@ static void readResponse(Connection *conn, char *path) {
|
||||
free(assembledPath);
|
||||
goto error;
|
||||
}
|
||||
|
||||
char responsePath[PATH_MAX];
|
||||
if (realpath(path, responsePath) == NULL) {
|
||||
free(assembledPath);
|
||||
@@ -64,6 +65,22 @@ static void readResponse(Connection *conn, char *path) {
|
||||
free(assembledPath);
|
||||
goto forbidden;
|
||||
}
|
||||
//in theory an attacker could just request
|
||||
// /blog/../../../../site/privatekey.pem
|
||||
//so we make sure that the filepath is actually within the path
|
||||
//specified by the page.
|
||||
|
||||
struct stat requestbuf;
|
||||
if (stat(requestPath, &requestbuf)) {
|
||||
free(assembledPath);
|
||||
sendErrorResponse(conn, ERROR_404);
|
||||
return;
|
||||
}
|
||||
if (S_ISDIR(requestbuf.st_mode)) {
|
||||
free(assembledPath);
|
||||
sendErrorResponse(conn, ERROR_400);
|
||||
return;
|
||||
}
|
||||
|
||||
file = fopen(requestPath, "r");
|
||||
free(assembledPath);
|
||||
|
||||
Reference in New Issue
Block a user