CC-tea/org-hyperion-cules
1
0
Fork 0
mirror of https://github.com/SDL-Hercules-390/hyperion.git synced 2026-04-17 01:15:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

mostly dasdcopy & http server fixes; see CHANGES for details

Browse Source 
git-svn-id: file:///home/jj/hercules.svn/trunk@2016 956126f8-22a0-4046-8f4a-272fa8102e63
This commit is contained in:
Fish (David B Trout)
2003-09-26 00:58:00 +00:00
parent 51ef7bd2c3
commit b0fc860091
16 changed files with 220 additions and 120 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
httpserv.c
View File

@@ -56,8 +56,9 @@ int html_include(WEBBLK *webblk, char *filename)
char buffer[HTTP_PATH_LENGTH];
int ret;
strlcpy(fullname,sysblk.httproot,sizeof(fullname));
strlcat(fullname,filename,sizeof(fullname));
strlcpy( fullname, sysblk.httproot, sizeof(fullname) );
strlcat( fullname, filename, sizeof(fullname) );
inclfile = fopen(fullname,"r");
if (!inclfile)
@@ -278,22 +279,27 @@ char *http_variable(WEBBLK *webblk, char *name, int type)
static void http_verify_path(WEBBLK *webblk, char *path)
{
char resolved_base[HTTP_PATH_LENGTH];
char resolved_path[HTTP_PATH_LENGTH];
int i;
realpath(sysblk.httproot,resolved_base); strlcat(resolved_base,"/",sizeof(resolved_base));
realpath(path,resolved_path);
for (i = 0; path[i]; i++)
if (!isalnum((int)path[i]) && !strchr("/.-_", path[i]))
http_error(webblk, "404 File Not Found","",
"Illegal character in filename");
if(strncmp(resolved_base,resolved_path,strlen(resolved_base)))
if (!realpath( path, resolved_path ))
{
http_error(webblk, "404 File Not Found","",
"Invalid pathname");
}
// The following verifies the specified file does not lie
// outside the specified httproot (Note: sysblk.httproot
// was previously resolved to an absolute path by config.c)
if (strncmp( sysblk.httproot, resolved_path, strlen(sysblk.httproot)))
http_error(webblk, "404 File Not Found","",
"Invalid pathname");
}
@@ -364,8 +370,8 @@ static void http_download(WEBBLK *webblk, char *filename)
struct stat st;
CONTYP *mime_type = mime_types;
strlcpy(fullname,sysblk.httproot,sizeof(fullname));
strlcat(fullname,filename,sizeof(fullname));
strlcpy( fullname, sysblk.httproot, sizeof(fullname) );
strlcat( fullname, filename, sizeof(fullname) );
http_verify_path(webblk,fullname);