mirror of
https://github.com/gophernicus/gophernicus.git
synced 2024-12-04 14:46:37 -05:00
Fix URI inserting aribitary scripts
Fixes #118 Fixes #117 Encodes characters using html percent encoding. I hope this is correct, I'm pretty sure it is, but can't be certain right now.
This commit is contained in:
parent
ac249aaeef
commit
a00fa5330d
@ -107,10 +107,13 @@ void send_text_file(state *st)
|
||||
*/
|
||||
void url_redirect(state *st)
|
||||
{
|
||||
char dest[BUFSIZE];
|
||||
char unsafe[BUFSIZE];
|
||||
|
||||
/* Basic security checking */
|
||||
sstrlcpy(dest, st->req_selector + 4);
|
||||
sstrlcpy(unsafe, st->req_selector + 4);
|
||||
|
||||
char dest[BUFSIZE];
|
||||
html_encode(unsafe, dest, BUFSIZE);
|
||||
|
||||
if (sstrncmp(dest, "http://") != MATCH &&
|
||||
sstrncmp(dest, "https://") != MATCH &&
|
||||
|
@ -107,6 +107,27 @@ void footer(state *st)
|
||||
}
|
||||
}
|
||||
|
||||
void html_encode(const char *unsafe, char *dest, int bufsize)
|
||||
{
|
||||
char literals[] = "!#$&'()*+,/:;=?@[]-_.~";
|
||||
int i = 0, j = 0;
|
||||
while (unsafe[i] != '\0') {
|
||||
if (j >= bufsize - 5) {
|
||||
break;
|
||||
}
|
||||
if (strchr(literals, unsafe[i]) ||
|
||||
(unsafe[i] >= 'a' && unsafe[i] <= 'z') ||
|
||||
(unsafe[i] >= 'A' && unsafe[i] <= 'Z') ||
|
||||
(unsafe[i] >= '0' && unsafe[i] <= '9')) {
|
||||
dest[j] = unsafe[i];
|
||||
i += 1;
|
||||
j += 1;
|
||||
} else {
|
||||
j += snprintf(&dest[j], BUFSIZE - j, "%%%02x", unsafe[i]);
|
||||
i += 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Print error message & exit
|
||||
@ -134,13 +155,17 @@ void die(state *st, const char *message, const char *description)
|
||||
|
||||
/* Handle HTML errors */
|
||||
else if (st->req_filetype == TYPE_HTML) {
|
||||
char safe_message[BUFSIZE];
|
||||
html_encode(message, safe_message, BUFSIZE);
|
||||
char safe_description[BUFSIZE];
|
||||
html_encode(description, safe_description, BUFSIZE);
|
||||
printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n"
|
||||
"<HTML>\n<HEAD>\n"
|
||||
" <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html;charset=iso-8859-1\">\n"
|
||||
" <TITLE>" ERROR_PREFIX "%1$s %2$s</TITLE>\n"
|
||||
"</HEAD>\n<BODY>\n"
|
||||
"<STRONG>" ERROR_PREFIX "%1$s %2$s</STRONG>\n"
|
||||
"<PRE>", message, description);
|
||||
"<PRE>", safe_message, safe_description);
|
||||
footer(st);
|
||||
printf("</PRE>\n</BODY>\n</HTML>\n");
|
||||
}
|
||||
|
@ -446,6 +446,7 @@ void info(state *st, char *str, char type);
|
||||
void footer(state *st);
|
||||
void die(state *st, const char *message, const char *description);
|
||||
void log_combined(state *st, int status);
|
||||
void html_encode(const char *unsafe, char *dest, int bufsize);
|
||||
|
||||
/* file.c */
|
||||
void send_binary_file(state *st);
|
||||
|
Loading…
Reference in New Issue
Block a user