From 5d3ab9b096934c9d419be8c87324b7842d26d1f4 Mon Sep 17 00:00:00 2001
From: Bodo Möller <bodo@openssl.org>
Date: Fri, 30 Mar 2001 10:47:21 +0000
Subject: For -WWW, fix test for ".." directory references (and avoid warning
 for index -1).

---
 apps/s_server.c | 30 ++++++++++++++++++++++--------
 1 file changed, 22 insertions(+), 8 deletions(-)

(limited to 'apps/s_server.c')

diff --git a/apps/s_server.c b/apps/s_server.c
index 6200e4bef3..f8e44ce43e 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1423,20 +1423,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
 			{
 			BIO *file;
 			char *p,*e;
-			static char *text="HTTP/1.0 200 ok\r\n"
-                                "Content-type: text/plain\r\n\r\n";
+			static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
 
 			/* skip the '/' */
 			p= &(buf[5]);
-			dot=0;
+
+			dot = 1;
 			for (e=p; *e != '\0'; e++)
 				{
-				if (e[0] == ' ') break;
-				if (	(e[0] == '.') &&
-					(strncmp(&(e[-1]),"/../",4) == 0))
-					dot=1;
+				if (e[0] == ' ')
+					break;
+
+				switch (dot)
+					{
+				case 0:
+					dot = (e[0] == '/') ? 1 : 0;
+					break;
+				case 1:
+					dot = (e[0] == '.') ? 2 : 0;
+					break;
+				case 2:
+					dot = (e[0] == '.') ? 3 : 0;
+					break;
+				case 3:
+					dot = (e[0] == '/') ? -1 : 0;
+					break;
+					}
 				}
-			
+			dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
 
 			if (*e == '\0')
 				{
-- 
cgit v1.2.3