From fb8fbec98079cce7f639641bf729272b3fb125c2 Mon Sep 17 00:00:00 2001
From: Nishi <nishi@nishi.boats>
Date: Thu, 19 Sep 2024 07:44:13 +0000
Subject: [PATCH] security fix: heck path later

git-svn-id: file:///raid/svn-personal/tewi/trunk@69 8739d7e6-ffea-ec47-b151-bdff447c6205
---
 Server/http.c | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/Server/http.c b/Server/http.c
index 979d090..fbbbf8d 100644
--- a/Server/http.c
+++ b/Server/http.c
@@ -297,5 +297,44 @@ getout:
 	}
 	free(req->path);
 	req->path = result;
+
+	int incr = 0;
+	char* p = malloc(1);
+	p[0] = 0;
+	int j;
+	for(j = 0;; j++) {
+		if(req->path[j] == '/' || req->path[j] == 0) {
+			char oldc = req->path[j];
+			cbuf[0] = oldc;
+			req->path[j] = 0;
+
+			char* pth = req->path + incr;
+
+			if(strcmp(pth, "..") == 0) {
+				int k;
+				if(p[strlen(p) - 1] == '/') p[strlen(p) - 1] = 0;
+				for(k = strlen(p) - 1; k >= 0; k--) {
+					if(p[k] == '/') {
+						p[k + 1] = 0;
+						break;
+					}
+				}
+				if(strlen(p) == 0) {
+					free(p);
+					p = cm_strdup("/");
+				}
+			} else if(strcmp(pth, ".") == 0) {
+			} else if(oldc != '\\') {
+				char* tmp = p;
+				p = cm_strcat3(tmp, pth, cbuf);
+				free(tmp);
+			}
+
+			incr = j + 1;
+			if(oldc == 0) break;
+		}
+	}
+	free(req->path);
+	req->path = p;
 	return 0;
 }