From 3ce346efc3211c214c8953c43f936a2da40abd92 Mon Sep 17 00:00:00 2001
From: Vincent Douillet <vincent@vdouillet.fr>
Date: Thu, 21 Sep 2023 14:47:34 +0200
Subject: use realpath

---
 url.c | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/url.c b/url.c
index 53a26dc..72c02a0 100644
--- a/url.c
+++ b/url.c
@@ -31,24 +31,37 @@
 #include <assert.h>
 #include <limits.h>
 #include <stdarg.h>
+#include <stdlib.h>
 #include <string.h>
 
+#include "config.h"
 #include "url.h"
 
 bool
 check_request_path(char *path)
 {
-	char   *p_found;
+	char 	p [PATH_MAX], resolved[PATH_MAX];
+	char   *rp;
 
-	if (strlen(path) >= PATH_MAX)
+	/* build absolute path from DATA_DIR */
+	if (strlcpy(p, DATA_DIR, sizeof(p)) >= sizeof(p))
+		return false;
+	if (strlcat(p, "/", sizeof(p)) >= sizeof(p))
+		return false;
+	if (strlcat(p, path, sizeof(p)) >= sizeof(p))
+		return false;
+
+	/* canonicalize the path */
+	rp = realpath(p, resolved);
+	if (rp == NULL)
 		return false;
 
-	p_found = strstr(path, "/..");
-	if (p_found != NULL)
+	/* path must start with DATA_DIR */
+	rp[PATH_MAX - 1] = '\0';
+	if (strstr(rp, DATA_DIR) != rp)
 		return false;
 
-	p_found = strstr(path, "../");
-	return p_found == NULL;
+	return true;
 }
 
 size_t
-- 
cgit v1.2.3