diff options
| -rw-r--r-- | url.c | 25 |
1 files changed, 19 insertions, 6 deletions
@@ -31,24 +31,37 @@ #include <assert.h> #include <limits.h> #include <stdarg.h> +#include <stdlib.h> #include <string.h> +#include "config.h" #include "url.h" bool check_request_path(char *path) { - char *p_found; + char p [PATH_MAX], resolved[PATH_MAX]; + char *rp; - if (strlen(path) >= PATH_MAX) + /* build absolute path from DATA_DIR */ + if (strlcpy(p, DATA_DIR, sizeof(p)) >= sizeof(p)) + return false; + if (strlcat(p, "/", sizeof(p)) >= sizeof(p)) + return false; + if (strlcat(p, path, sizeof(p)) >= sizeof(p)) + return false; + + /* canonicalize the path */ + rp = realpath(p, resolved); + if (rp == NULL) return false; - p_found = strstr(path, "/.."); - if (p_found != NULL) + /* path must start with DATA_DIR */ + rp[PATH_MAX - 1] = '\0'; + if (strstr(rp, DATA_DIR) != rp) return false; - p_found = strstr(path, "../"); - return p_found == NULL; + return true; } size_t |