diff options
| author | Vincent Douillet <vincent@vdouillet.fr> | 2024-12-26 17:25:35 +0100 |
|---|---|---|
| committer | Vincent Douillet <vincent@vdouillet.fr> | 2024-12-26 17:25:35 +0100 |
| commit | a29738212841dcb699dc397ad66c3416324eccf8 (patch) | |
| tree | 3a28a9730f33461a34198c0c3ff50e7c73e04051 | |
| parent | 69208140ddc9faa4e607cacefab6cae9badeaa7c (diff) | |
remove check_request_path because we have unveil
| -rw-r--r-- | browse.c | 8 | ||||
| -rw-r--r-- | download.c | 18 | ||||
| -rw-r--r-- | test.c | 19 | ||||
| -rw-r--r-- | url.c | 37 | ||||
| -rw-r--r-- | url.h | 8 |
5 files changed, 28 insertions, 62 deletions
@@ -294,14 +294,6 @@ browse(struct kreq * r) KHTTP_200, "" }; - /* check that the requested URL can be safely processed */ - if (!check_request_path(r->path, r->suffix)) { - ret = (struct http_ret) { - KHTTP_400, - "browse: Invalid request path" - }; - goto end; - } /* list requested directory content */ file = file_new(r->path); if (file == NULL) { @@ -92,14 +92,6 @@ download(struct kreq * r) KHTTP_200, "" }; - /* check that the requested URL can be safely processed */ - if (strlen(r->path) == 0 || !check_request_path(r->path, r->suffix)) { - ret = (struct http_ret) { - KHTTP_400, - "download: invalid request path" - }; - goto end; - } /* build requested file path, with suffix or without */ if (strlen(r->suffix) > 0) { if (snprintf(request_path, sizeof(request_path), "%s.%s", r->path, r->suffix) @@ -129,6 +121,15 @@ download(struct kreq * r) }; goto end; } + /* we do not support downloading folders */ + if (f->is_dir) { + ret = (struct http_ret) { + KHTTP_400, + "download: can't download folder" + }; + goto end; + } + /* memory map the file */ path_size = file_get_data_path(f, file_path, PATH_MAX, NULL); if (path_size == 0 || path_size >= PATH_MAX) { ret = (struct http_ret) { @@ -137,7 +138,6 @@ download(struct kreq * r) }; goto end; } - /* memory map the file */ fd = open(file_path, O_RDONLY); if (fd < 0) { ret = (struct http_ret) { @@ -3,6 +3,7 @@ #include "browse.h" #include "delete.h" +#include "download.h" #include "http.h" #include "upload.h" #include "url.h" @@ -92,6 +93,23 @@ test_upload_post() } static char * +test_download() +{ + struct kreq r; + struct http_ret ret; + + r = (struct kreq) { + .pname = "/vault", + .path = "a", + .suffix = "txt", + }; + ret = download(&r); + + mu_assert("error, download failed!", ret.code <= KHTTP_400); + return 0; +} + +static char * test_delete_get() { struct kreq r; @@ -163,6 +181,7 @@ all_tests() mu_run_test(test_browse_invalid_traversal); mu_run_test(test_browse_path_too_long); mu_run_test(test_url_build); + mu_run_test(test_download); mu_run_test(test_upload_post); mu_run_test(test_delete_get); mu_run_test(test_delete_post); @@ -42,43 +42,6 @@ #include "str.h" #include "url.h" -bool -check_request_path(const char *path, const char *suffix) -{ - char p [PATH_MAX], resolved[PATH_MAX]; - char *rp, *data_dir; - - data_dir = config_data_dir(); - if (data_dir == NULL) - return false; - - /* build absolute path from DATA_DIR */ - if (strlcpy(p, data_dir, sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, "/", sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, path, sizeof(p)) >= sizeof(p)) - return false; - if (strlen(suffix) > 0) { - /* add suffix */ - if (strlcat(p, ".", sizeof(p)) >= sizeof(p)) - return false; - if (strlcat(p, suffix, sizeof(p)) >= sizeof(p)) - return false; - } - /* canonicalize the path */ - rp = realpath(p, resolved); - if (rp == NULL) - return false; - - /* path must start with DATA_DIR */ - rp[PATH_MAX - 1] = '\0'; - if (strstr(rp, data_dir) != rp) - return false; - - return true; -} - char * url_encode(const char *str) { @@ -34,14 +34,6 @@ #include <stdbool.h> /* - * Checks that the path can be safely processed. Namely, it should not contain - * "..", which denotes an attempt to get out of the DATA_DIR root folder. - * The path is required. - * The suffix is required but can be an empty string - */ -bool -check_request_path(const char *, const char *); -/* * Encode a string to use in an HTTP context. * Returns NULL in case of error, or the encoded string in case of success. */ |