thac0/gmnisrv
1
0
Fork 0
forked from aniani/gmnisrv
Code Pull Requests Activity

Revert "Routing: Fix non-ascii paths"

Browse Source 
This causes a security issue (path traversal)

This reverts commit ea360fa4c1.
This commit is contained in:
Drew DeVault 2021-05-04 09:43:23 -04:00
parent 8b65e303b0
commit 0dc0e4432a
1 changed files with 3 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/serve.c
View File

@ -12,7 +12,6 @@
#include <sys/types.h> #include <sys/types.h>
#include <unistd.h> #include <unistd.h>
#include "config.h" #include "config.h"
#include "escape.h"
#include "gemini.h" #include "gemini.h"
#include "log.h" #include "log.h"
#include "mime.h" #include "mime.h"
@ -415,10 +414,9 @@ serve_request(struct gmnisrv_client *client)
struct gmnisrv_route *route = host->routes; struct gmnisrv_route *route = host->routes;
assert(route); assert(route);
char *client_path = curl_unescape(client->path, 0);
char *url_path = NULL; char *url_path = NULL;
while (route) { while (route) {
if (route_match(route, client_path, &url_path)) { if (route_match(route, client->path, &url_path)) {
break; break;
} }
@ -428,7 +426,6 @@ serve_request(struct gmnisrv_client *client)
if (!route) { if (!route) {
client_submit_response(client, client_submit_response(client,
GEMINI_STATUS_NOT_FOUND, "Not found", NULL); GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
free(client_path);
free(url_path); free(url_path);
return; return;
} }
@ -437,6 +434,7 @@ serve_request(struct gmnisrv_client *client)
// Paths on paths on paths on paths // Paths on paths on paths on paths
// My apologies to the stack // My apologies to the stack
char client_path[PATH_MAX + 1] = "";
char real_path[PATH_MAX + 1] = ""; char real_path[PATH_MAX + 1] = "";
char pathinfo[PATH_MAX + 1] = ""; char pathinfo[PATH_MAX + 1] = "";
char temp_path[PATH_MAX + 1] = ""; char temp_path[PATH_MAX + 1] = "";
@ -444,10 +442,10 @@ serve_request(struct gmnisrv_client *client)
if ((size_t)n >= sizeof(real_path)) { if ((size_t)n >= sizeof(real_path)) {
client_submit_response(client, GEMINI_STATUS_PERMANENT_FAILURE, client_submit_response(client, GEMINI_STATUS_PERMANENT_FAILURE,
"Request path exceeds PATH_MAX", NULL); "Request path exceeds PATH_MAX", NULL);
free(client_path);
free(url_path); free(url_path);
return; return;
} }
strcpy(client_path, client->path);
int nlinks = 0; int nlinks = 0;
struct stat st; struct stat st;
@ -494,7 +492,6 @@ serve_request(struct gmnisrv_client *client)
client_submit_response(client, client_submit_response(client,
GEMINI_STATUS_NOT_FOUND, "Not found", NULL); GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
free(client_path);
free(url_path); free(url_path);
return; return;
} }
@ -502,7 +499,6 @@ serve_request(struct gmnisrv_client *client)
if (S_ISDIR(st.st_mode)) { if (S_ISDIR(st.st_mode)) {
if (route->autoindex) { if (route->autoindex) {
serve_autoindex(client, real_path); serve_autoindex(client, real_path);
free(client_path);
free(url_path); free(url_path);
return; return;
} else { } else {
@ -526,7 +522,6 @@ serve_request(struct gmnisrv_client *client)
client_submit_response(client, client_submit_response(client,
GEMINI_STATUS_NOT_FOUND, GEMINI_STATUS_NOT_FOUND,
"Not found", NULL); "Not found", NULL);
free(client_path);
free(url_path); free(url_path);
return; return;
} }
@ -545,7 +540,6 @@ serve_request(struct gmnisrv_client *client)
// Don't serve special files // Don't serve special files
client_submit_response(client, client_submit_response(client,
GEMINI_STATUS_NOT_FOUND, "Not found", NULL); GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
free(client_path);
free(url_path); free(url_path);
return; return;
} }
@ -557,12 +551,9 @@ serve_request(struct gmnisrv_client *client)
serve_cgi(client, real_path, serve_cgi(client, real_path,
(const char *)client_path, (const char *)client_path,
(const char *)pathinfo); (const char *)pathinfo);
free(client_path);
return; return;
} }
free(client_path);
FILE *body = fopen(real_path, "r"); FILE *body = fopen(real_path, "r");
if (!body) { if (!body) {
if (errno == ENOENT) { if (errno == ENOENT) {