Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/networking/httpd_indexcgi.c
- Timestamp:
- Jan 1, 2014, 12:47:38 AM (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/3.2/mindi-busybox/networking/httpd_indexcgi.c
r2725 r3232 36 36 */ 37 37 38 #define _GNU_SOURCE 1 /* for strchrnul */ 38 39 #include <sys/types.h> 39 40 #include <sys/stat.h> … … 222 223 int odd; 223 224 DIR *dirp; 224 char *QUERY_STRING; 225 226 QUERY_STRING = getenv("QUERY_STRING"); 227 if (!QUERY_STRING 228 || QUERY_STRING[0] != '/' 229 || strstr(QUERY_STRING, "//") 230 || strstr(QUERY_STRING, "/../") 231 || strcmp(strrchr(QUERY_STRING, '/'), "/..") == 0 225 char *location; 226 227 location = getenv("REQUEST_URI"); 228 if (!location) 229 return 1; 230 231 /* drop URL arguments if any */ 232 strchrnul(location, '?')[0] = '\0'; 233 234 if (location[0] != '/' 235 || strstr(location, "//") 236 || strstr(location, "/../") 237 || strcmp(strrchr(location, '/'), "/..") == 0 232 238 ) { 233 239 return 1; … … 235 241 236 242 if (chdir("..") 237 || ( QUERY_STRING[1] && chdir(QUERY_STRING+ 1))243 || (location[1] && chdir(location + 1)) 238 244 ) { 239 245 return 1; … … 272 278 "<html><head><title>Index of "); 273 279 /* Guard against directories with &, > etc */ 274 fmt_html( QUERY_STRING);280 fmt_html(location); 275 281 fmt_str( 276 282 "</title>\n" … … 279 285 "<body>" "\n" 280 286 "<h1>Index of "); 281 fmt_html( QUERY_STRING);287 fmt_html(location); 282 288 fmt_str( 283 289 "</h1>" "\n"
Note:
See TracChangeset
for help on using the changeset viewer.