flewkey/cuberite-2a
1
0
Fork 0
Code Releases Activity

Fix directory traversal bug (#4341)

Browse Source 
Refuse to serve an URL containing `../`.
This commit is contained in:
Wilhem Barbier 2019-06-11 10:33:56 +02:00 committed by Mattes D
parent 31a8d017d9
commit 85006d10f5
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/WebAdmin.cpp
View File

@ -375,14 +375,13 @@ void cWebAdmin::HandleFileRequest(cHTTPServerConnection & a_Connection, cHTTPInc
} }
} }
// Remove all "../" strings:
ReplaceString(FileURL, "../", "");
// Read the file contents and guess its mime-type, based on the extension: // Read the file contents and guess its mime-type, based on the extension:
AString Content = "<h2>404 Not Found</h2>"; AString Content = "<h2>404 Not Found</h2>";
AString ContentType; AString ContentType = "text/html";
AString Path = Printf(FILE_IO_PREFIX "webadmin/files/%s", FileURL.c_str()); AString Path = Printf(FILE_IO_PREFIX "webadmin/files/%s", FileURL.c_str());
if (cFile::IsFile(Path))
// Return 404 if the file is not found, or the URL contains '../' (for security reasons)
if ((FileURL.find("../") == AString::npos) && cFile::IsFile(Path))
{ {
cFile File(Path, cFile::fmRead); cFile File(Path, cFile::fmRead);
AString FileContent; AString FileContent;
@ -395,11 +394,11 @@ void cWebAdmin::HandleFileRequest(cHTTPServerConnection & a_Connection, cHTTPInc
ContentType = GetContentTypeFromFileExt(Path.substr(LastPointPosition + 1)); ContentType = GetContentTypeFromFileExt(Path.substr(LastPointPosition + 1));
} }
} }
}
if (ContentType.empty()) if (ContentType.empty())
{ {
ContentType = "application/unknown"; ContentType = "application/unknown";
} }
}
// Send the response: // Send the response:
cHTTPOutgoingResponse Resp; cHTTPOutgoingResponse Resp;