diff options
| author | Drew DeVault <sir@cmpwn.com> | 2021-05-04 09:43:23 -0400 |
|---|---|---|
| committer | Drew DeVault <sir@cmpwn.com> | 2021-05-04 09:43:23 -0400 |
| commit | 0dc0e4432a70eafde69509fde8a29802e46ae712 (patch) | |
| tree | 1870584e81b3045d349ca3d95a597783b47a4da6 /src/serve.c | |
| parent | 8b65e303b01fc573cb1c40a365fb5db166146a37 (diff) | |
| download | gmnisrv-0dc0e4432a70eafde69509fde8a29802e46ae712.tar.gz gmnisrv-0dc0e4432a70eafde69509fde8a29802e46ae712.tar.xz gmnisrv-0dc0e4432a70eafde69509fde8a29802e46ae712.zip | |
Revert "Routing: Fix non-ascii paths"
This causes a security issue (path traversal)
This reverts commit ea360fa4c10791c3c720c33470c86923424348fe.
Diffstat (limited to 'src/serve.c')
| -rw-r--r-- | src/serve.c | 15 |
1 files changed, 3 insertions, 12 deletions
diff --git a/src/serve.c b/src/serve.c index d77c2ff..b2d114e 100644 --- a/src/serve.c +++ b/src/serve.c @@ -12,7 +12,6 @@ #include <sys/types.h> #include <unistd.h> #include "config.h" -#include "escape.h" #include "gemini.h" #include "log.h" #include "mime.h" @@ -415,10 +414,9 @@ serve_request(struct gmnisrv_client *client) struct gmnisrv_route *route = host->routes; assert(route); - char *client_path = curl_unescape(client->path, 0); char *url_path = NULL; while (route) { - if (route_match(route, client_path, &url_path)) { + if (route_match(route, client->path, &url_path)) { break; } @@ -428,7 +426,6 @@ serve_request(struct gmnisrv_client *client) if (!route) { client_submit_response(client, GEMINI_STATUS_NOT_FOUND, "Not found", NULL); - free(client_path); free(url_path); return; } @@ -437,6 +434,7 @@ serve_request(struct gmnisrv_client *client) // Paths on paths on paths on paths // My apologies to the stack + char client_path[PATH_MAX + 1] = ""; char real_path[PATH_MAX + 1] = ""; char pathinfo[PATH_MAX + 1] = ""; char temp_path[PATH_MAX + 1] = ""; @@ -444,10 +442,10 @@ serve_request(struct gmnisrv_client *client) if ((size_t)n >= sizeof(real_path)) { client_submit_response(client, GEMINI_STATUS_PERMANENT_FAILURE, "Request path exceeds PATH_MAX", NULL); - free(client_path); free(url_path); return; } + strcpy(client_path, client->path); int nlinks = 0; struct stat st; @@ -494,7 +492,6 @@ serve_request(struct gmnisrv_client *client) client_submit_response(client, GEMINI_STATUS_NOT_FOUND, "Not found", NULL); - free(client_path); free(url_path); return; } @@ -502,7 +499,6 @@ serve_request(struct gmnisrv_client *client) if (S_ISDIR(st.st_mode)) { if (route->autoindex) { serve_autoindex(client, real_path); - free(client_path); free(url_path); return; } else { @@ -526,7 +522,6 @@ serve_request(struct gmnisrv_client *client) client_submit_response(client, GEMINI_STATUS_NOT_FOUND, "Not found", NULL); - free(client_path); free(url_path); return; } @@ -545,7 +540,6 @@ serve_request(struct gmnisrv_client *client) // Don't serve special files client_submit_response(client, GEMINI_STATUS_NOT_FOUND, "Not found", NULL); - free(client_path); free(url_path); return; } @@ -557,12 +551,9 @@ serve_request(struct gmnisrv_client *client) serve_cgi(client, real_path, (const char *)client_path, (const char *)pathinfo); - free(client_path); return; } - free(client_path); - FILE *body = fopen(real_path, "r"); if (!body) { if (errno == ENOENT) { |
