flewkey/cuberite-2a
1
0
Fork 0
Code Releases Activity

Fix directory traversal bug (#4341)

Browse Source 
Refuse to serve an URL containing `../`.
This commit is contained in:
Wilhem Barbier 2019-06-11 10:33:56 +02:00 committed by Mattes D
parent 31a8d017d9
commit 85006d10f5
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/WebAdmin.cpp
View File

@ -375,14 +375,13 @@ void cWebAdmin::HandleFileRequest(cHTTPServerConnection & a_Connection, cHTTPInc
}
}
// Remove all "../" strings:
ReplaceString(FileURL, "../", "");
// Read the file contents and guess its mime-type, based on the extension:
AString Content = "<h2>404 Not Found</h2>";
AString ContentType;
AString ContentType = "text/html";
AString Path = Printf(FILE_IO_PREFIX "webadmin/files/%s", FileURL.c_str());
if (cFile::IsFile(Path))
// Return 404 if the file is not found, or the URL contains '../' (for security reasons)
if ((FileURL.find("../") == AString::npos) && cFile::IsFile(Path))
{
cFile File(Path, cFile::fmRead);
AString FileContent;
@ -395,11 +394,11 @@ void cWebAdmin::HandleFileRequest(cHTTPServerConnection & a_Connection, cHTTPInc
ContentType = GetContentTypeFromFileExt(Path.substr(LastPointPosition + 1));
}
}
}
if (ContentType.empty())
{
ContentType = "application/unknown";
}
}
// Send the response:
cHTTPOutgoingResponse Resp;