svn commit: samba r6987 - in branches/SAMBA_4_0/source/web_server:
. esp
tridge at samba.org
tridge at samba.org
Thu May 26 03:05:37 GMT 2005
Author: tridge
Date: 2005-05-26 03:05:37 +0000 (Thu, 26 May 2005)
New Revision: 6987
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6987
Log:
- make sure esp pages cannot read data outside of the swat directory
- don't expose the real system path to esp scripts
- fixed absolute paths in include() calls
Modified:
branches/SAMBA_4_0/source/web_server/esp/esp.h
branches/SAMBA_4_0/source/web_server/esp/espProcs.c
branches/SAMBA_4_0/source/web_server/http.c
Changeset:
Modified: branches/SAMBA_4_0/source/web_server/esp/esp.h
===================================================================
--- branches/SAMBA_4_0/source/web_server/esp/esp.h 2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/esp/esp.h 2005-05-26 03:05:37 UTC (rev 6987)
@@ -99,7 +99,7 @@
char *(*getSessionId)(EspHandle handle);
int (*mapToStorage)(EspHandle handle, char *path, int len, char *uri,
int flags);
- int (*readFile)(EspHandle handle, char **buf, int *len, char *path);
+ int (*readFile)(EspHandle handle, char **buf, int *len, const char *path);
void (*redirect)(EspHandle handle, int code, char *url);
void (*setCookie)(EspHandle handle, char *name, char *value,
int lifetime, char *path, bool secure);
Modified: branches/SAMBA_4_0/source/web_server/esp/espProcs.c
===================================================================
--- branches/SAMBA_4_0/source/web_server/esp/espProcs.c 2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/esp/espProcs.c 2005-05-26 03:05:37 UTC (rev 6987)
@@ -77,8 +77,12 @@
esp = ep->esp;
mprAssert(argv);
for (i = 0; i < argc; i++) {
- mprGetDirName(dir, sizeof(dir), ep->docPath);
- mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+ if (argv[i][0] != '/') {
+ mprGetDirName(dir, sizeof(dir), ep->docPath);
+ mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+ } else {
+ mprSprintf(path, sizeof(path), "%s", argv[i]);
+ }
if (esp->readFile(ep->requestHandle, &buf, &size, path) < 0) {
espError(ep, "Can't read include file: %s", path);
Modified: branches/SAMBA_4_0/source/web_server/http.c
===================================================================
--- branches/SAMBA_4_0/source/web_server/http.c 2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/http.c 2005-05-26 03:05:37 UTC (rev 6987)
@@ -97,14 +97,45 @@
}
/*
+ return the local path for a URL
+*/
+static const char *http_local_path(struct websrv_context *web, const char *url)
+{
+ int i;
+ char *path;
+
+ /* check that the url is OK */
+ if (url[0] != '/') return NULL;
+
+ for (i=0;url[i];i++) {
+ if ((!isalnum(url[i]) && !strchr("./", url[i])) ||
+ (url[i] == '.' && strchr("/.", url[i+1]))) {
+ return NULL;
+ }
+ }
+
+ path = talloc_asprintf(web, "%s/%s", lp_swat_directory(), url+1);
+ if (path == NULL) return NULL;
+
+ if (directory_exist(path)) {
+ path = talloc_asprintf_append(path, "/index.html");
+ }
+ return path;
+}
+
+/*
called when esp wants to read a file to support include() calls
*/
-static int http_readFile(EspHandle handle, char **buf, int *len, char *path)
+static int http_readFile(EspHandle handle, char **buf, int *len, const char *path)
{
+ struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
int fd = -1;
struct stat st;
*buf = NULL;
+ path = http_local_path(web, path);
+ if (path == NULL) goto failed;
+
fd = open(path, O_RDONLY);
if (fd == -1 || fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) goto failed;
@@ -263,34 +294,7 @@
http_error(web, code, info);
}
-/*
- return the local path for a URL
-*/
-static const char *http_local_path(struct websrv_context *web, const char *url)
-{
- int i;
- char *path;
- /* check that the url is OK */
- if (url[0] != '/') return NULL;
-
- for (i=0;url[i];i++) {
- if ((!isalnum(url[i]) && !strchr("./", url[i])) ||
- (url[i] == '.' && strchr("/.", url[i+1]))) {
- return NULL;
- }
- }
-
- path = talloc_asprintf(web, "%s/%s", lp_swat_directory(), url+1);
- if (path == NULL) return NULL;
-
- if (directory_exist(path)) {
- path = talloc_asprintf_append(path, "/index.html");
- }
- return path;
-}
-
-
/*
a simple file request
*/
@@ -356,6 +360,7 @@
espSetStringVar(req, ESP_SERVER_OBJ, "SERVER_PORT",
talloc_asprintf(esp, "%u", socket_get_my_port(web->conn->socket)));
espSetStringVar(req, ESP_SERVER_OBJ, "SERVER_PROTOCOL", "http");
+ espSetStringVar(esp->req, ESP_REQUEST_OBJ, "SCRIPT_FILENAME", web->input.url);
}
@@ -369,34 +374,24 @@
{
struct websrv_context *web = esp->web;
const char *url = web->input.url;
- const char *path;
size_t size;
int res;
char *emsg = NULL, *buf;
http_setup_arrays(esp);
- path = http_local_path(web, url);
- if (path == NULL) goto invalid;
-
- espSetStringVar(esp->req, ESP_REQUEST_OBJ, "SCRIPT_FILENAME", path);
-
- if (http_readFile(web, &buf, &size, path) != 0) {
- http_error_unix(web, path);
+ if (http_readFile(web, &buf, &size, url) != 0) {
+ http_error_unix(web, url);
return;
}
- res = espProcessRequest(esp->req, path, buf, &emsg);
+ res = espProcessRequest(esp->req, url, buf, &emsg);
if (res != 0 && emsg) {
- http_writeBlock(esp, emsg, strlen(emsg));
+ http_writeBlock(web, emsg, strlen(emsg));
}
talloc_free(buf);
http_output_headers(web);
EVENT_FD_WRITEABLE(web->conn->event.fde);
- return;
-
-invalid:
- http_error(web, 400, "Malformed URL");
}
More information about the samba-cvs
mailing list