svn commit: samba r6987 - in branches/SAMBA_4_0/source/web_server: . esp

tridge at samba.org tridge at samba.org
Thu May 26 03:05:37 GMT 2005 

Author: tridge
Date: 2005-05-26 03:05:37 +0000 (Thu, 26 May 2005)
New Revision: 6987

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6987

Log:
- make sure esp pages cannot read data outside of the swat directory

- don't expose the real system path to esp scripts

- fixed absolute paths in include() calls



Modified:
   branches/SAMBA_4_0/source/web_server/esp/esp.h
   branches/SAMBA_4_0/source/web_server/esp/espProcs.c
   branches/SAMBA_4_0/source/web_server/http.c


Changeset:
Modified: branches/SAMBA_4_0/source/web_server/esp/esp.h
===================================================================
--- branches/SAMBA_4_0/source/web_server/esp/esp.h	2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/esp/esp.h	2005-05-26 03:05:37 UTC (rev 6987)
@@ -99,7 +99,7 @@
 	char	*(*getSessionId)(EspHandle handle);
 	int		(*mapToStorage)(EspHandle handle, char *path, int len, char *uri,
 				int flags);
-	int		(*readFile)(EspHandle handle, char **buf, int *len, char *path);
+	int		(*readFile)(EspHandle handle, char **buf, int *len, const char *path);
 	void	(*redirect)(EspHandle handle, int code, char *url);
 	void 	(*setCookie)(EspHandle handle, char *name, char *value, 
 				int lifetime, char *path, bool secure);

Modified: branches/SAMBA_4_0/source/web_server/esp/espProcs.c
===================================================================
--- branches/SAMBA_4_0/source/web_server/esp/espProcs.c	2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/esp/espProcs.c	2005-05-26 03:05:37 UTC (rev 6987)
@@ -77,8 +77,12 @@
 	esp = ep->esp;
 	mprAssert(argv);
 	for (i = 0; i < argc; i++) {
-		mprGetDirName(dir, sizeof(dir), ep->docPath);
-		mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+		if (argv[i][0] != '/') {
+			mprGetDirName(dir, sizeof(dir), ep->docPath);
+			mprSprintf(path, sizeof(path), "%s/%s", dir, argv[i]);
+		} else {
+			mprSprintf(path, sizeof(path), "%s", argv[i]);
+		}
 		
 		if (esp->readFile(ep->requestHandle, &buf, &size, path) < 0) {
 			espError(ep, "Can't read include file: %s", path);

Modified: branches/SAMBA_4_0/source/web_server/http.c
===================================================================
--- branches/SAMBA_4_0/source/web_server/http.c	2005-05-26 02:52:05 UTC (rev 6986)
+++ branches/SAMBA_4_0/source/web_server/http.c	2005-05-26 03:05:37 UTC (rev 6987)
@@ -97,14 +97,45 @@
 }
 
 /*
+  return the local path for a URL
+*/
+static const char *http_local_path(struct websrv_context *web, const char *url)
+{
+	int i;
+	char *path;
+
+	/* check that the url is OK */
+	if (url[0] != '/') return NULL;
+
+	for (i=0;url[i];i++) {
+		if ((!isalnum(url[i]) && !strchr("./", url[i])) ||
+		    (url[i] == '.' && strchr("/.", url[i+1]))) {
+			return NULL;
+		}
+	}
+
+	path = talloc_asprintf(web, "%s/%s", lp_swat_directory(), url+1);
+	if (path == NULL) return NULL;
+
+	if (directory_exist(path)) {
+		path = talloc_asprintf_append(path, "/index.html");
+	}
+	return path;
+}
+
+/*
   called when esp wants to read a file to support include() calls
 */
-static int http_readFile(EspHandle handle, char **buf, int *len, char *path)
+static int http_readFile(EspHandle handle, char **buf, int *len, const char *path)
 {
+	struct websrv_context *web = talloc_get_type(handle, struct websrv_context);
 	int fd = -1;
 	struct stat st;
 	*buf = NULL;
 
+	path = http_local_path(web, path);
+	if (path == NULL) goto failed;
+
 	fd = open(path, O_RDONLY);
 	if (fd == -1 || fstat(fd, &st) != 0 || !S_ISREG(st.st_mode)) goto failed;
 
@@ -263,34 +294,7 @@
 	http_error(web, code, info);
 }
 
-/*
-  return the local path for a URL
-*/
-static const char *http_local_path(struct websrv_context *web, const char *url)
-{
-	int i;
-	char *path;
 
-	/* check that the url is OK */
-	if (url[0] != '/') return NULL;
-
-	for (i=0;url[i];i++) {
-		if ((!isalnum(url[i]) && !strchr("./", url[i])) ||
-		    (url[i] == '.' && strchr("/.", url[i+1]))) {
-			return NULL;
-		}
-	}
-
-	path = talloc_asprintf(web, "%s/%s", lp_swat_directory(), url+1);
-	if (path == NULL) return NULL;
-
-	if (directory_exist(path)) {
-		path = talloc_asprintf_append(path, "/index.html");
-	}
-	return path;
-}
-
-
 /*
   a simple file request
 */
@@ -356,6 +360,7 @@
 	espSetStringVar(req, ESP_SERVER_OBJ, "SERVER_PORT", 
 			talloc_asprintf(esp, "%u", socket_get_my_port(web->conn->socket)));
 	espSetStringVar(req, ESP_SERVER_OBJ, "SERVER_PROTOCOL", "http");
+	espSetStringVar(esp->req, ESP_REQUEST_OBJ, "SCRIPT_FILENAME", web->input.url);
 }
 
 
@@ -369,34 +374,24 @@
 {
 	struct websrv_context *web = esp->web;
 	const char *url = web->input.url;
-	const char *path;
 	size_t size;
 	int res;
 	char *emsg = NULL, *buf;
 
 	http_setup_arrays(esp);
 
-	path = http_local_path(web, url);
-	if (path == NULL) goto invalid;
-
-	espSetStringVar(esp->req, ESP_REQUEST_OBJ, "SCRIPT_FILENAME", path);
-
-	if (http_readFile(web, &buf, &size, path) != 0) {
-		http_error_unix(web, path);
+	if (http_readFile(web, &buf, &size, url) != 0) {
+		http_error_unix(web, url);
 		return;
 	}
 
-	res = espProcessRequest(esp->req, path, buf, &emsg);
+	res = espProcessRequest(esp->req, url, buf, &emsg);
 	if (res != 0 && emsg) {
-		http_writeBlock(esp, emsg, strlen(emsg));
+		http_writeBlock(web, emsg, strlen(emsg));
 	}
 	talloc_free(buf);
 	http_output_headers(web);
 	EVENT_FD_WRITEABLE(web->conn->event.fde);
-	return;
-
-invalid:
-	http_error(web, 400, "Malformed URL");
 }

More information about the samba-cvs mailing list