summaryrefslogtreecommitdiff
path: root/usr.sbin/httpd/server_http.c
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2014-07-25 21:29:59 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2014-07-25 21:29:59 +0000
commitd8baee8e876a33e164d43d52825d4e6537edc513 (patch)
tree9eb55fe8dfdc29c7201682db3e936dae6e900a95 /usr.sbin/httpd/server_http.c
parent414a503c4191c6889d7a6f558ce466de1b6fbcc1 (diff)
Canonicalize the request path once without the docroot and prepend the
docroot only only when it's needed. Suggested by deraadt@.
Diffstat (limited to 'usr.sbin/httpd/server_http.c')
-rw-r--r--usr.sbin/httpd/server_http.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/usr.sbin/httpd/server_http.c b/usr.sbin/httpd/server_http.c
index 98edb96f24c..97d3a599df4 100644
--- a/usr.sbin/httpd/server_http.c
+++ b/usr.sbin/httpd/server_http.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server_http.c,v 1.14 2014/07/25 16:23:19 reyk Exp $ */
+/* $OpenBSD: server_http.c,v 1.15 2014/07/25 21:29:58 reyk Exp $ */
/*
* Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -627,13 +627,19 @@ server_close_http(struct client *clt)
int
server_response(struct httpd *httpd, struct client *clt)
{
+ char path[MAXPATHLEN];
struct http_descriptor *desc = clt->clt_desc;
struct server *srv = clt->clt_srv;
struct server_config *srv_conf;
struct kv *kv, key;
int ret;
- if (desc->http_path == NULL)
+ /* Canonicalize the request path */
+ if (desc->http_path == NULL ||
+ canonicalize_path(desc->http_path, path, sizeof(path)) == NULL)
+ goto fail;
+ free(desc->http_path);
+ if ((desc->http_path = strdup(path)) == NULL)
goto fail;
if (strcmp(desc->http_version, "HTTP/1.1") == 0) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-02 20:39:58 +0000