diff options
| author | Joel Sherrill <joel.sherrill@OARcorp.com> | 2003-04-11 14:46:55 +0000 |
|---|---|---|
| committer | Joel Sherrill <joel.sherrill@OARcorp.com> | 2003-04-11 14:46:55 +0000 |
| commit | ee3afa2e2ae017b22156164763a4099702ca472d (patch) | |
| tree | d41c03f7bf2396e7e01147a9ffd75c7a0a71232c /cpukit/httpd/handler.c | |
| parent | 2003-04-10 Till Straumann <strauman@slac.stanford.edu> (diff) | |
| download | rtems-ee3afa2e2ae017b22156164763a4099702ca472d.tar.bz2 | |
2002-04-10 Mike Siers <mikes@poliac.com>
* rtems_webserver/NOTES, rtems_webserver/asp.c,
rtems_webserver/balloc.c, rtems_webserver/default.c,
rtems_webserver/ej.h, rtems_webserver/ejIntrn.h,
rtems_webserver/ejlex.c, rtems_webserver/ejparse.c,
rtems_webserver/emfdb.c, rtems_webserver/emfdb.h,
rtems_webserver/form.c, rtems_webserver/h.c,
rtems_webserver/handler.c, rtems_webserver/license.txt,
rtems_webserver/md5.h, rtems_webserver/md5c.c,
rtems_webserver/mime.c, rtems_webserver/misc.c,
rtems_webserver/ringq.c, rtems_webserver/rom.c,
rtems_webserver/security.c, rtems_webserver/sock.c,
rtems_webserver/sym.c, rtems_webserver/uemf.c,
rtems_webserver/uemf.h, rtems_webserver/um.c, rtems_webserver/um.h,
rtems_webserver/url.c, rtems_webserver/value.c,
rtems_webserver/wbase64.c, rtems_webserver/webcomp.c,
rtems_webserver/webpage.c, rtems_webserver/webrom.c,
rtems_webserver/webs.c, rtems_webserver/webs.h,
rtems_webserver/websuemf.c, rtems_webserver/wsIntrn.h:
Update to GoAhead Webserver 2.1.4. The following URL is
the release notes from GoAhead.
http://data.goahead.com/Software/Webserver/2.1.4/release.htm
I have only done a minimal amount of testing (i.e. the network
demo program works fine). Please try this out and let me know
if it works. The patch needs to be applied on the
c/src/libnetworking/rtems_webserver directory.
Diffstat (limited to 'cpukit/httpd/handler.c')
| -rw-r--r-- | cpukit/httpd/handler.c | 58 |
1 files changed, 54 insertions, 4 deletions
diff --git a/cpukit/httpd/handler.c b/cpukit/httpd/handler.c index 88693bf9a6..dbbe4148d5 100644 --- a/cpukit/httpd/handler.c +++ b/cpukit/httpd/handler.c @@ -4,6 +4,8 @@ * Copyright (c) GoAhead Software Inc., 1995-2000. All Rights Reserved. * * See the file "license.txt" for usage and redistribution license requirements + * + * $Id$ */ /******************************** Description *********************************/ @@ -25,10 +27,10 @@ static int urlHandlerOpenCount = 0; /* count of apps */ /**************************** Forward Declarations ****************************/ -static int websUrlHandlerSort(const void *p1, const void *p2); -static int websPublishHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, +static int websUrlHandlerSort(const void *p1, const void *p2); +static int websPublishHandler(webs_t wp, char_t *urlPrefix, char_t *webDir, int sid, char_t *url, char_t *path, char_t *query); -static int websTidyUrl(webs_t wp); +static char_t *websCondenseMultipleChars(char_t *strToCondense, char_t cCondense); /*********************************** Code *************************************/ /* @@ -256,7 +258,11 @@ int websUrlHandlerRequest(webs_t wp) websSetRequestPath(wp, websGetDefaultDir(), NULL); - websTidyUrl(wp); +/* + * Eliminate security hole + */ + websCondenseMultipleChars(wp->path, '/'); + websCondenseMultipleChars(wp->url, '/'); /* * We loop over each handler in order till one accepts the request. @@ -292,6 +298,7 @@ int websUrlHandlerRequest(webs_t wp) return 0; } +#ifdef OBSOLETE_CODE /******************************************************************************/ /* @@ -358,4 +365,47 @@ static int websTidyUrl(webs_t wp) } } +#endif + +/******************************************************************************/ +/* + * Convert multiple adjacent occurrences of a given character to a single + * instance. + */ + +static char_t *websCondenseMultipleChars(char_t *strToCondense, char_t cCondense) +{ + if (strToCondense != NULL) { + char_t *pStr, *pScan; + + pStr = pScan = strToCondense; + + while (*pScan && *pStr) { +/* + * Advance scan pointer over multiple occurences of condense character + */ + while ((*pScan == cCondense) && (*(pScan + 1) == cCondense)) { + pScan++; + } +/* + * Copy character if an advance of the scan pointer has occurred + */ + if (pStr != pScan) { + *pStr = *pScan; + } + + pScan++; + pStr++; + } +/* + * Zero terminate string if multiple adjacent characters were found and condensed + */ + if (pStr != pScan) { + *pStr = 0; + } + } + + return strToCondense; +} + /******************************************************************************/ |