patch for windows xp
git-svn-id: file:///raid/svn-personal/tewi/trunk@70 8739d7e6-ffea-ec47-b151-bdff447c6205
This commit is contained in:
parent
fb8fbec980
commit
8d8e81e210
|
@ -6,6 +6,8 @@
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
|
|
||||||
int cm_hex(const char* str, int len);
|
int cm_hex(const char* str, int len);
|
||||||
|
bool cm_nocase_endswith(const char* str, const char* end);
|
||||||
|
bool cm_endswith(const char* str, const char* end);
|
||||||
char* cm_html_escape(const char* str);
|
char* cm_html_escape(const char* str);
|
||||||
char* cm_url_escape(const char* str);
|
char* cm_url_escape(const char* str);
|
||||||
char* cm_strcat(const char* a, const char* b);
|
char* cm_strcat(const char* a, const char* b);
|
||||||
|
|
|
@ -7,6 +7,8 @@
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
|
||||||
char* cm_strcat(const char* a, const char* b) {
|
char* cm_strcat(const char* a, const char* b) {
|
||||||
|
if(a == NULL) a = "";
|
||||||
|
if(b == NULL) b = "";
|
||||||
char* str = malloc(strlen(a) + strlen(b) + 1);
|
char* str = malloc(strlen(a) + strlen(b) + 1);
|
||||||
memcpy(str, a, strlen(a));
|
memcpy(str, a, strlen(a));
|
||||||
memcpy(str + strlen(a), b, strlen(b));
|
memcpy(str + strlen(a), b, strlen(b));
|
||||||
|
@ -23,6 +25,24 @@ char* cm_strcat3(const char* a, const char* b, const char* c) {
|
||||||
|
|
||||||
char* cm_strdup(const char* str) { return cm_strcat(str, ""); }
|
char* cm_strdup(const char* str) { return cm_strcat(str, ""); }
|
||||||
|
|
||||||
|
bool cm_endswith(const char* str, const char* end) {
|
||||||
|
if(strlen(str) < strlen(end)) return false;
|
||||||
|
int i;
|
||||||
|
for(i = strlen(str) - strlen(end); i < strlen(str); i++) {
|
||||||
|
if(str[i] != end[i - strlen(str) + strlen(end)]) return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool cm_nocase_endswith(const char* str, const char* end) {
|
||||||
|
if(strlen(str) < strlen(end)) return false;
|
||||||
|
int i;
|
||||||
|
for(i = strlen(str) - strlen(end); i < strlen(str); i++) {
|
||||||
|
if(tolower(str[i]) != tolower(end[i - strlen(str) + strlen(end)])) return false;
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
char* cm_trimstart(const char* str) {
|
char* cm_trimstart(const char* str) {
|
||||||
int i;
|
int i;
|
||||||
for(i = 0; str[i] != 0; i++) {
|
for(i = 0; str[i] != 0; i++) {
|
||||||
|
|
|
@ -284,11 +284,13 @@ getout:
|
||||||
if(req->path[i] == '%') {
|
if(req->path[i] == '%') {
|
||||||
if(req->path[i + 1] == 0) continue;
|
if(req->path[i + 1] == 0) continue;
|
||||||
cbuf[0] = cm_hex(req->path + i + 1, 2);
|
cbuf[0] = cm_hex(req->path + i + 1, 2);
|
||||||
|
if(cbuf[0] != '\\') {
|
||||||
char* tmp = result;
|
char* tmp = result;
|
||||||
result = cm_strcat(tmp, cbuf);
|
result = cm_strcat(tmp, cbuf);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
|
}
|
||||||
i += 2;
|
i += 2;
|
||||||
} else {
|
} else if(req->path[i] != '\\') {
|
||||||
cbuf[0] = req->path[i];
|
cbuf[0] = req->path[i];
|
||||||
char* tmp = result;
|
char* tmp = result;
|
||||||
result = cm_strcat(tmp, cbuf);
|
result = cm_strcat(tmp, cbuf);
|
||||||
|
@ -324,7 +326,7 @@ getout:
|
||||||
p = cm_strdup("/");
|
p = cm_strdup("/");
|
||||||
}
|
}
|
||||||
} else if(strcmp(pth, ".") == 0) {
|
} else if(strcmp(pth, ".") == 0) {
|
||||||
} else if(oldc != '\\') {
|
} else {
|
||||||
char* tmp = p;
|
char* tmp = p;
|
||||||
p = cm_strcat3(tmp, pth, cbuf);
|
p = cm_strcat3(tmp, pth, cbuf);
|
||||||
free(tmp);
|
free(tmp);
|
||||||
|
|
|
@ -51,6 +51,10 @@ int sockcount = 0;
|
||||||
SOCKADDR addresses[MAX_PORTS];
|
SOCKADDR addresses[MAX_PORTS];
|
||||||
int sockets[MAX_PORTS];
|
int sockets[MAX_PORTS];
|
||||||
|
|
||||||
|
#ifdef __MINGW32__
|
||||||
|
const char* reserved_names[] = {"CON", "PRN", "AUX", "NUL", "COM1", "COM2", "COM3", "COM4", "COM5", "COM6", "COM7", "COM8", "COM9", "LPT1", "LPT2", "LPT3", "LPT4", "LPT5", "LPT6", "LPT7", "LPT8", "LPT9"};
|
||||||
|
#endif
|
||||||
|
|
||||||
/* https://qiita.com/gyu-don/items/5a640c6d2252a860c8cd */
|
/* https://qiita.com/gyu-don/items/5a640c6d2252a860c8cd */
|
||||||
int tw_wildcard_match(const char* wildcard, const char* target) {
|
int tw_wildcard_match(const char* wildcard, const char* target) {
|
||||||
const char *pw = wildcard, *pt = target;
|
const char *pw = wildcard, *pt = target;
|
||||||
|
@ -479,8 +483,31 @@ void tw_server_pass(int sock, bool ssl, int port, SOCKADDR addr) {
|
||||||
cm_log("Server", "Document root is %s", vhost_entry->root == NULL ? "not set" : vhost_entry->root);
|
cm_log("Server", "Document root is %s", vhost_entry->root == NULL ? "not set" : vhost_entry->root);
|
||||||
char* path = cm_strcat(vhost_entry->root == NULL ? "" : vhost_entry->root, req.path);
|
char* path = cm_strcat(vhost_entry->root == NULL ? "" : vhost_entry->root, req.path);
|
||||||
cm_log("Server", "Filesystem path is %s", path);
|
cm_log("Server", "Filesystem path is %s", path);
|
||||||
|
bool rej = false;
|
||||||
|
#ifdef __MINGW32__
|
||||||
|
for(i = 0; i < sizeof(reserved_names) / sizeof(reserved_names[0]); i++) {
|
||||||
|
char* n = cm_strcat("/", reserved_names[i]);
|
||||||
|
if(cm_nocase_endswith(path, n)) {
|
||||||
|
tw_http_error(s, sock, 403, name, port);
|
||||||
|
free(n);
|
||||||
|
rej = true;
|
||||||
|
cm_log("Server", "XP Patch ; rejecting access to device");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
free(n);
|
||||||
|
char* y = cm_strcat3("/", reserved_names[i], ":");
|
||||||
|
if(cm_nocase_endswith(path, y)) {
|
||||||
|
tw_http_error(s, sock, 403, name, port);
|
||||||
|
free(y);
|
||||||
|
rej = true;
|
||||||
|
cm_log("Server", "XP Patch ; rejecting access to device");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
free(y);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
struct stat st;
|
struct stat st;
|
||||||
if(stat(path, &st) == 0) {
|
if(!rej && stat(path, &st) == 0) {
|
||||||
if(!tw_permission_allowed(path, addr, req, vhost_entry)) {
|
if(!tw_permission_allowed(path, addr, req, vhost_entry)) {
|
||||||
tw_http_error(s, sock, 403, name, port);
|
tw_http_error(s, sock, 403, name, port);
|
||||||
} else if(S_ISDIR(st.st_mode)) {
|
} else if(S_ISDIR(st.st_mode)) {
|
||||||
|
@ -647,6 +674,7 @@ void tw_server_pass(int sock, bool ssl, int port, SOCKADDR addr) {
|
||||||
fread(rmbuf, s.st_size, 1, fr);
|
fread(rmbuf, s.st_size, 1, fr);
|
||||||
addstring(&str, "<pre><code>%h</code></pre>\n", rmbuf);
|
addstring(&str, "<pre><code>%h</code></pre>\n", rmbuf);
|
||||||
fclose(fr);
|
fclose(fr);
|
||||||
|
free(rmbuf);
|
||||||
}
|
}
|
||||||
free(fpth);
|
free(fpth);
|
||||||
}
|
}
|
||||||
|
@ -681,11 +709,11 @@ void tw_server_pass(int sock, bool ssl, int port, SOCKADDR addr) {
|
||||||
}
|
}
|
||||||
free(vhost);
|
free(vhost);
|
||||||
free(host);
|
free(host);
|
||||||
tw_free_request(&req);
|
|
||||||
} else if(ret == -1) {
|
} else if(ret == -1) {
|
||||||
} else {
|
} else {
|
||||||
tw_http_error(s, sock, 400, name, port);
|
tw_http_error(s, sock, 400, name, port);
|
||||||
}
|
}
|
||||||
|
tw_free_request(&req);
|
||||||
cleanup:
|
cleanup:
|
||||||
#ifndef NO_SSL
|
#ifndef NO_SSL
|
||||||
if(sslworks) {
|
if(sslworks) {
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
#ifndef __TW_VERSION_H__
|
#ifndef __TW_VERSION_H__
|
||||||
#define __TW_VERSION_H__
|
#define __TW_VERSION_H__
|
||||||
|
|
||||||
#define TW_VERSION "1.00\0"
|
#define TW_VERSION "1.01\0"
|
||||||
|
|
||||||
const char* tw_get_version(void);
|
const char* tw_get_version(void);
|
||||||
const char* tw_get_platform(void);
|
const char* tw_get_platform(void);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user