tijmen/http-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Put double dot check after path construction for extra safety

Browse Source
This commit is contained in:
Tijmen van Nesselrooij
2019-06-15 21:10:01 +02:00
parent 95636a2189
commit 9e99dc104f
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/middleware/staticcontent.cpp
View File

@@ -61,13 +61,6 @@ namespace Middleware
} }
} }
if (ContainsDoubleDots(request.url.GetPath()))
{
// We cannot deal with this, we are not going to bother checking if
// this double dot escapes our root directory
return;
}
std::string path; std::string path;
if (request.url.HasPath()) if (request.url.HasPath())
{ {
@@ -79,6 +72,13 @@ namespace Middleware
path = root + "/index.html"; path = root + "/index.html";
} }
if (ContainsDoubleDots(request.url.GetPath()))
{
// We cannot deal with this, we are not going to bother checking if
// this double dot escapes our root directory
return;
}
if (!TryReadAllBytes(path, response.content)) if (!TryReadAllBytes(path, response.content))
{ {
return; return;