For -WWW, fix test for ".." directory references (and avoid warning for

author Bodo Möller <bodo@openssl.org>

Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)

committer Bodo Möller <bodo@openssl.org>

Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)
author Bodo Möller <bodo@openssl.org>
Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)
committer Bodo Möller <bodo@openssl.org>
Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)
diff --git a/apps/s_server.c b/apps/s_server.c

index 6200e4bef3d7b1bfb0c403edf12196b6dd6695a6..f8e44ce43e095866da6cb4cb493596594b917372 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -1423,20 +1423,34 @@ static int www_body(char *hostname, int s, unsigned char *context)
                         {
                         BIO *file;
                         char *p,*e;
                         {
                         BIO *file;
                         char *p,*e;
-                       static char *text="HTTP/1.0 200 ok\r\n"
-                                "Content-type: text/plain\r\n\r\n";
+                       static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
  
                         /* skip the '/' */
                         p= &(buf[5]);
  
                         /* skip the '/' */
                         p= &(buf[5]);
-                       dot=0;
+
+                       dot = 1;
                         for (e=p; *e != '\0'; e++)
                                 {
                         for (e=p; *e != '\0'; e++)
                                 {
-                               if (e[0] == ' ') break;
-                               if (    (e[0] == '.') &&
-                                       (strncmp(&(e[-1]),"/../",4) == 0))
-                                       dot=1;
+                               if (e[0] == ' ')
+                                       break;
+
+                               switch (dot)
+                                       {
+                               case 0:
+                                       dot = (e[0] == '/') ? 1 : 0;
+                                       break;
+                               case 1:
+                                       dot = (e[0] == '.') ? 2 : 0;
+                                       break;
+                               case 2:
+                                       dot = (e[0] == '.') ? 3 : 0;
+                                       break;
+                               case 3:
+                                       dot = (e[0] == '/') ? -1 : 0;
+                                       break;
+                                       }
                                 }
                                 }
-                       
+                       dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
  
                         if (*e == '\0')
                                 {
  
                         if (*e == '\0')
                                 {
author	Bodo Möller <bodo@openssl.org>
	Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Fri, 30 Mar 2001 10:47:21 +0000 (10:47 +0000)