For -WWW, fix test for ".." directory references (and avoid warning for

index -1).
author: Bodo Möller <bodo@openssl.org> 2001-03-30 10:47:21 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-03-30 10:47:21 +0000
commit: 5d3ab9b096934c9d419be8c87324b7842d26d1f4 (patch)
tree: e754699a43864cf18ca9acf8f1816c22ca23f96b /apps/s_server.c
parent: 4fea8145e2c4d1766d6f4d6243af703ad96cf95e (diff)
download: openssl-5d3ab9b096934c9d419be8c87324b7842d26d1f4.tar.gz
1 files changed, 22 insertions, 8 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 6200e4bef3..f8e44ce43e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1423,20 +1423,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			{
 			BIO *file;
 			char *p,*e;
-			static char *text="HTTP/1.0 200 ok\r\n"
-                                "Content-type: text/plain\r\n\r\n";
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 0:
+					dot = (e[0] == '/') ? 1 : 0;
+					break;
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
author	Bodo Möller <bodo@openssl.org>	2001-03-30 10:47:21 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-03-30 10:47:21 +0000
commit	5d3ab9b096934c9d419be8c87324b7842d26d1f4 (patch)
tree	e754699a43864cf18ca9acf8f1816c22ca23f96b /apps/s_server.c
parent	4fea8145e2c4d1766d6f4d6243af703ad96cf95e (diff)
download	openssl-5d3ab9b096934c9d419be8c87324b7842d26d1f4.tar.gz