projects
/
openssl.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (from parent 1:
4fea814
)
For -WWW, fix test for ".." directory references (and avoid warning for
author
Bodo Möller
<bodo@openssl.org>
Fri, 30 Mar 2001 10:47:21 +0000
(10:47 +0000)
committer
Bodo Möller
<bodo@openssl.org>
Fri, 30 Mar 2001 10:47:21 +0000
(10:47 +0000)
index -1).
apps/s_server.c
patch
|
blob
|
history
diff --git
a/apps/s_server.c
b/apps/s_server.c
index 6200e4bef3d7b1bfb0c403edf12196b6dd6695a6..f8e44ce43e095866da6cb4cb493596594b917372 100644
(file)
--- a/
apps/s_server.c
+++ b/
apps/s_server.c
@@
-1423,20
+1423,34
@@
static int www_body(char *hostname, int s, unsigned char *context)
{
BIO *file;
char *p,*e;
{
BIO *file;
char *p,*e;
- static char *text="HTTP/1.0 200 ok\r\n"
- "Content-type: text/plain\r\n\r\n";
+ static char *text="HTTP/1.0 200 ok\r\nContent-type: text/plain\r\n\r\n";
/* skip the '/' */
p= &(buf[5]);
/* skip the '/' */
p= &(buf[5]);
- dot=0;
+
+ dot = 1;
for (e=p; *e != '\0'; e++)
{
for (e=p; *e != '\0'; e++)
{
- if (e[0] == ' ') break;
- if ( (e[0] == '.') &&
- (strncmp(&(e[-1]),"/../",4) == 0))
- dot=1;
+ if (e[0] == ' ')
+ break;
+
+ switch (dot)
+ {
+ case 0:
+ dot = (e[0] == '/') ? 1 : 0;
+ break;
+ case 1:
+ dot = (e[0] == '.') ? 2 : 0;
+ break;
+ case 2:
+ dot = (e[0] == '.') ? 3 : 0;
+ break;
+ case 3:
+ dot = (e[0] == '/') ? -1 : 0;
+ break;
+ }
}
}
-
+ dot = (dot == 3) || (dot == -1); /* filename contains ".." component */
if (*e == '\0')
{
if (*e == '\0')
{