Compare commits

..

No commits in common. "76ec53dfb0e046e9aa17490705a99585e561f5b0" and "c77f8cdb9670ac50f77ce53dc3cd5649efc961e3" have entirely different histories.

3 changed files with 1 additions and 24 deletions

View file

@ -452,8 +452,6 @@ int main(int argc, char **argv) {
response_code = C_SIMPLE_HTTP_Response_400_Bad_Request; response_code = C_SIMPLE_HTTP_Response_400_Bad_Request;
} else if (file_info.result == STATIC_FILE_RESULT_404NotFound) { } else if (file_info.result == STATIC_FILE_RESULT_404NotFound) {
response_code = C_SIMPLE_HTTP_Response_404_Not_Found; response_code = C_SIMPLE_HTTP_Response_404_Not_Found;
} else if (file_info.result == STATIC_FILE_RESULT_InvalidPath) {
response_code = C_SIMPLE_HTTP_Response_400_Bad_Request;
} else { } else {
response_code = C_SIMPLE_HTTP_Response_500_Internal_Server_Error; response_code = C_SIMPLE_HTTP_Response_500_Internal_Server_Error;
} }

View file

@ -120,9 +120,6 @@ C_SIMPLE_HTTP_StaticFileInfo c_simple_http_get_file(
} else if (!ignore_mime_type && !c_simple_http_is_xdg_mime_available()) { } else if (!ignore_mime_type && !c_simple_http_is_xdg_mime_available()) {
file_info.result = STATIC_FILE_RESULT_NoXDGMimeAvailable; file_info.result = STATIC_FILE_RESULT_NoXDGMimeAvailable;
return file_info; return file_info;
} else if (c_simple_http_static_validate_path(path) != 0) {
file_info.result = STATIC_FILE_RESULT_InvalidPath;
return file_info;
} }
uint64_t buf_size = 128; uint64_t buf_size = 128;
@ -199,7 +196,6 @@ C_SIMPLE_HTTP_StaticFileInfo c_simple_http_get_file(
if (size_t_ret != file_info.buf_size) { if (size_t_ret != file_info.buf_size) {
fprintf(stderr, "ERROR Failed to read path fd \"%s\"!\n", path); fprintf(stderr, "ERROR Failed to read path fd \"%s\"!\n", path);
free(file_info.buf); free(file_info.buf);
file_info.buf = NULL;
file_info.buf_size = 0; file_info.buf_size = 0;
file_info.result = STATIC_FILE_RESULT_FileError; file_info.result = STATIC_FILE_RESULT_FileError;
return file_info; return file_info;
@ -302,17 +298,4 @@ C_SIMPLE_HTTP_StaticFileInfo c_simple_http_get_file(
return file_info; return file_info;
} }
int c_simple_http_static_validate_path(const char *path) {
uint64_t length = strlen(path);
for (uint64_t idx = 0; idx <= length && path[idx] != 0; ++idx) {
if (length - idx >= 2) {
if (path[idx] == '.' && path[idx + 1] == '.') {
// Contains "..", invalid.
return 1;
}
}
}
return 0;
}
// vim: et ts=2 sts=2 sw=2 // vim: et ts=2 sts=2 sw=2

View file

@ -26,8 +26,7 @@ typedef enum C_SIMPLE_HTTP_StaticFileResult {
STATIC_FILE_RESULT_InvalidParameter, STATIC_FILE_RESULT_InvalidParameter,
STATIC_FILE_RESULT_NoXDGMimeAvailable, STATIC_FILE_RESULT_NoXDGMimeAvailable,
STATIC_FILE_RESULT_InternalError, STATIC_FILE_RESULT_InternalError,
STATIC_FILE_RESULT_404NotFound, STATIC_FILE_RESULT_404NotFound
STATIC_FILE_RESULT_InvalidPath
} C_SIMPLE_HTTP_StaticFileResult; } C_SIMPLE_HTTP_StaticFileResult;
typedef struct C_SIMPLE_HTTP_StaticFileInfo { typedef struct C_SIMPLE_HTTP_StaticFileInfo {
@ -48,9 +47,6 @@ void c_simple_http_cleanup_static_file_info(
C_SIMPLE_HTTP_StaticFileInfo c_simple_http_get_file( C_SIMPLE_HTTP_StaticFileInfo c_simple_http_get_file(
const char *static_dir, const char *path, int_fast8_t ignore_mime_type); const char *static_dir, const char *path, int_fast8_t ignore_mime_type);
/// Returns zero if OK.
int c_simple_http_static_validate_path(const char *path);
#endif #endif
// vim: et ts=2 sts=2 sw=2 // vim: et ts=2 sts=2 sw=2