diff options
| author | Vincent Douillet <vincent@vdouillet.fr> | 2023-08-17 18:10:02 +0200 |
|---|---|---|
| committer | Vincent Douillet <vincent@vdouillet.fr> | 2023-08-19 17:49:54 +0200 |
| commit | 7caf4597bcfb64dac04b7190dab1022f1bc4e141 (patch) | |
| tree | e754d4e5bd0799dcac12ea3dc77e2f8a7b10ed54 /url.c | |
| parent | 1970c9982e99daa26f7fc4c6f16b441a0aa806de (diff) | |
file download poc
Diffstat (limited to 'url.c')
| -rw-r--r-- | url.c | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -34,6 +34,22 @@ #include "url.h" +bool +check_request_path(char *path) +{ + char *p_found; + + if (strlen(path) >= URL_LENGTH_MAX) + return false; + + p_found = strstr(path, "/.."); + if (p_found != NULL) + return false; + + p_found = strstr(path, "../"); + return p_found == NULL; +} + size_t url_build(char *dst, size_t dst_size, int count,...) { @@ -60,7 +76,7 @@ url_build(char *dst, size_t dst_size, int count,...) continue; if (path[0] != '/' && dst[w_size - 1] != '/') - w_size = strlcat(dst, "/", dst_size); + strlcat(dst, "/", dst_size); w_size = strlcat(dst, path, dst_size); } |