diff options
author | Bodo Möller <bodo@openssl.org> | 2001-03-30 10:47:56 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2001-03-30 10:47:56 +0000 |
commit | 7f950bd8a2d1990979386a6519c8b4792f02a7fd (patch) | |
tree | 3233d56868f316d8460f2f1f12efcf10ca1a6f6f /apps | |
parent | bf7b0d2d2bf05a98bf0b41da8df8ce62d1e10f3a (diff) | |
download | openssl-7f950bd8a2d1990979386a6519c8b4792f02a7fd.tar.gz |
For -WWW, fix test for ".." directory references (and avoid warning for
index -1).
Diffstat (limited to 'apps')
-rw-r--r-- | apps/s_server.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/apps/s_server.c b/apps/s_server.c index 29ed598638..6b1ba35084 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1349,18 +1349,34 @@ static int www_body(char *hostname, int s, unsigned char *context) BIO *file; char *p,*e; static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n"; + int prev_slash; /* skip the '/' */ p= &(buf[5]); - dot=0; + + dot = 1; for (e=p; *e != '\0'; e++) { - if (e[0] == ' ') break; - if ( (e[0] == '.') && - (strncmp(&(e[-1]),"/../",4) == 0)) - dot=1; + if (e[0] == ' ') + break; + + switch (dot) + { + case 0: + dot = (e[0] == '/') ? 1 : 0; + break; + case 1: + dot = (e[0] == '.') ? 2 : 0; + break; + case 2: + dot = (e[0] == '.') ? 3 : 0; + break; + case 3: + dot = (e[0] == '/') ? -1 : 0; + break; + } } - + dot = (dot == 3) || (dot == -1); /* filename contains ".." component */ if (*e == '\0') { |