security fix: heck path later

git-svn-id: file:///raid/svn-personal/tewi/trunk@69 8739d7e6-ffea-ec47-b151-bdff447c6205

diff --git a/Server/http.c b/Server/http.c
index 979d0903fbd24537e886968702229e836abb178c..fbbbf8d0d9cf7a7c3f153f5941139c948e81ab15 100644 (file)
--- a/Server/http.c
+++ b/Server/http.c
@@ -297,5 +297,44 @@ getout:
        }
        free(req->path);
        req->path = result;
+
+       int incr = 0;
+       char* p = malloc(1);
+       p[0] = 0;
+       int j;
+       for(j = 0;; j++) {
+               if(req->path[j] == '/' || req->path[j] == 0) {
+                       char oldc = req->path[j];
+                       cbuf[0] = oldc;
+                       req->path[j] = 0;
+
+                       char* pth = req->path + incr;
+
+                       if(strcmp(pth, "..") == 0) {
+                               int k;
+                               if(p[strlen(p) - 1] == '/') p[strlen(p) - 1] = 0;
+                               for(k = strlen(p) - 1; k >= 0; k--) {
+                                       if(p[k] == '/') {
+                                               p[k + 1] = 0;
+                                               break;
+                                       }
+                               }
+                               if(strlen(p) == 0) {
+                                       free(p);
+                                       p = cm_strdup("/");
+                               }
+                       } else if(strcmp(pth, ".") == 0) {
+                       } else if(oldc != '\\') {
+                               char* tmp = p;
+                               p = cm_strcat3(tmp, pth, cbuf);
+                               free(tmp);
+                       }
+
+                       incr = j + 1;
+                       if(oldc == 0) break;
+               }
+       }
+       free(req->path);
+       req->path = p;
        return 0;
 }