diff options
author | Bodo Möller <bodo@openssl.org> | 2001-03-30 10:47:21 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-03-30 10:47:21 +0000 |
commit | 5d3ab9b096934c9d419be8c87324b7842d26d1f4 (patch) | |
tree | e754699a43864cf18ca9acf8f1816c22ca23f96b /apps/s_server.c | |
parent | 4fea8145e2c4d1766d6f4d6243af703ad96cf95e (diff) | |
download | openssl-5d3ab9b096934c9d419be8c87324b7842d26d1f4.tar.gz |
For -WWW, fix test for ".." directory references (and avoid warning for
index -1).
Diffstat (limited to 'apps/s_server.c')
-rw-r--r-- | apps/s_server.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 6200e4bef3..f8e44ce43e 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1423,20 +1423,34 @@ static int www_body(char *hostname, int s, unsigned char *context) { BIO *file; char *p,*e; - static char *text="HTTP/1.0 200 ok\r\n" - "Content-type: text/plain\r\n\r\n"; + static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; /* skip the '/' */ p= &(buf[5]); - dot=0; + + dot = 1; for (e=p; *e != '\0'; e++) { - if (e[0] == ' ') break; - if ( (e[0] == '.') && - (strncmp(&(e[-1]),"/../",4) == 0)) - dot=1; + if (e[0] == ' ') + break; + + switch (dot) + { + case 0: + dot = (e[0] == '/') ? 1 : 0; + break; + case 1: + dot = (e[0] == '.') ? 2 : 0; + break; + case 2: + dot = (e[0] == '.') ? 3 : 0; + break; + case 3: + dot = (e[0] == '/') ? -1 : 0; + break; + } } - + dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ if (*e == '\0') { |