For -WWW, fix test for ".." directory references (and avoid warning for

index -1).
author: Bodo Möller <bodo@openssl.org> 2001-03-30 10:47:56 +0000
committer: Bodo Möller <bodo@openssl.org> 2001-03-30 10:47:56 +0000
commit: 7f950bd8a2d1990979386a6519c8b4792f02a7fd (patch)
tree: 3233d56868f316d8460f2f1f12efcf10ca1a6f6f /apps
parent: bf7b0d2d2bf05a98bf0b41da8df8ce62d1e10f3a (diff)
download: openssl-7f950bd8a2d1990979386a6519c8b4792f02a7fd.tar.gz
1 files changed, 22 insertions, 6 deletions
diff --git a/apps/s_server.c b/apps/s_server.c
index 29ed598638..6b1ba35084 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			BIO *file;
 			char *p,*e;
 			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
+			int prev_slash;
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 0:
+					dot = (e[0] == '/') ? 1 : 0;
+					break;
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
author	Bodo Möller <bodo@openssl.org>	2001-03-30 10:47:56 +0000
committer	Bodo Möller <bodo@openssl.org>	2001-03-30 10:47:56 +0000
commit	7f950bd8a2d1990979386a6519c8b4792f02a7fd (patch)
tree	3233d56868f316d8460f2f1f12efcf10ca1a6f6f /apps
parent	bf7b0d2d2bf05a98bf0b41da8df8ce62d1e10f3a (diff)
download	openssl-7f950bd8a2d1990979386a6519c8b4792f02a7fd.tar.gz