mirror of
https://github.com/gophernicus/gophernicus.git
synced 2025-01-03 14:56:43 -05:00
Fix URI inserting aribitary scripts
Fixes #118 Fixes #117 Encodes characters using html percent encoding. I hope this is correct, I'm pretty sure it is, but can't be certain right now.
This commit is contained in:
fosslinux
parent
ac249aaeef
commit
a00fa5330d
@ -107,10 +107,13 @@ void send_text_file(state *st)
|
|||||||
*/
|
*/
|
||||||
void url_redirect(state *st)
|
void url_redirect(state *st)
|
||||||
{
|
{
|
||||||
char dest[BUFSIZE];
|
char unsafe[BUFSIZE];
|
||||||
|
|
||||||
/* Basic security checking */
|
/* Basic security checking */
|
||||||
sstrlcpy(dest, st->req_selector + 4);
|
sstrlcpy(unsafe, st->req_selector + 4);
|
||||||
|
|
||||||
|
char dest[BUFSIZE];
|
||||||
|
html_encode(unsafe, dest, BUFSIZE);
|
||||||
|
|
||||||
if (sstrncmp(dest, "http://") != MATCH &&
|
if (sstrncmp(dest, "http://") != MATCH &&
|
||||||
sstrncmp(dest, "https://") != MATCH &&
|
sstrncmp(dest, "https://") != MATCH &&
|
||||||
|
|||||||
@ -107,6 +107,27 @@ void footer(state *st)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void html_encode(const char *unsafe, char *dest, int bufsize)
|
||||||
|
{
|
||||||
|
char literals[] = "!#$&'()*+,/:;=?@[]-_.~";
|
||||||
|
int i = 0, j = 0;
|
||||||
|
while (unsafe[i] != '\0') {
|
||||||
|
if (j >= bufsize - 5) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
if (strchr(literals, unsafe[i]) ||
|
||||||
|
(unsafe[i] >= 'a' && unsafe[i] <= 'z') ||
|
||||||
|
(unsafe[i] >= 'A' && unsafe[i] <= 'Z') ||
|
||||||
|
(unsafe[i] >= '0' && unsafe[i] <= '9')) {
|
||||||
|
dest[j] = unsafe[i];
|
||||||
|
i += 1;
|
||||||
|
j += 1;
|
||||||
|
} else {
|
||||||
|
j += snprintf(&dest[j], BUFSIZE - j, "%%%02x", unsafe[i]);
|
||||||
|
i += 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Print error message & exit
|
* Print error message & exit
|
||||||
@ -134,13 +155,17 @@ void die(state *st, const char *message, const char *description)
|
|||||||
|
|
||||||
/* Handle HTML errors */
|
/* Handle HTML errors */
|
||||||
else if (st->req_filetype == TYPE_HTML) {
|
else if (st->req_filetype == TYPE_HTML) {
|
||||||
|
char safe_message[BUFSIZE];
|
||||||
|
html_encode(message, safe_message, BUFSIZE);
|
||||||
|
char safe_description[BUFSIZE];
|
||||||
|
html_encode(description, safe_description, BUFSIZE);
|
||||||
printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n"
|
printf("<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n"
|
||||||
"<HTML>\n<HEAD>\n"
|
"<HTML>\n<HEAD>\n"
|
||||||
" <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html;charset=iso-8859-1\">\n"
|
" <META HTTP-EQUIV=\"Content-Type\" CONTENT=\"text/html;charset=iso-8859-1\">\n"
|
||||||
" <TITLE>" ERROR_PREFIX "%1$s %2$s</TITLE>\n"
|
" <TITLE>" ERROR_PREFIX "%1$s %2$s</TITLE>\n"
|
||||||
"</HEAD>\n<BODY>\n"
|
"</HEAD>\n<BODY>\n"
|
||||||
"<STRONG>" ERROR_PREFIX "%1$s %2$s</STRONG>\n"
|
"<STRONG>" ERROR_PREFIX "%1$s %2$s</STRONG>\n"
|
||||||
"<PRE>", message, description);
|
"<PRE>", safe_message, safe_description);
|
||||||
footer(st);
|
footer(st);
|
||||||
printf("</PRE>\n</BODY>\n</HTML>\n");
|
printf("</PRE>\n</BODY>\n</HTML>\n");
|
||||||
}
|
}
|
||||||
|
|||||||
@ -446,6 +446,7 @@ void info(state *st, char *str, char type);
|
|||||||
void footer(state *st);
|
void footer(state *st);
|
||||||
void die(state *st, const char *message, const char *description);
|
void die(state *st, const char *message, const char *description);
|
||||||
void log_combined(state *st, int status);
|
void log_combined(state *st, int status);
|
||||||
|
void html_encode(const char *unsafe, char *dest, int bufsize);
|
||||||
|
|
||||||
/* file.c */
|
/* file.c */
|
||||||
void send_binary_file(state *st);
|
void send_binary_file(state *st);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user