diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-08-03 22:47:26 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2014-08-03 22:47:26 +0000 |
| commit | 0abfd27be0dd5060282f47ddf8691b92cb4efee2 (patch) | |
| tree | 7f7bf3bbd66aa94b190701c86223714417eaa329 /usr.sbin | |
| parent | 5f42cc7c55cf98f322ed38af81be5bb0a5a0b87f (diff) | |
Only allow GET and HEAD for static files or return 405.
ok florian@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/httpd/server_file.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/usr.sbin/httpd/server_file.c b/usr.sbin/httpd/server_file.c index 19414ab23af..705bb9f07ac 100644 --- a/usr.sbin/httpd/server_file.c +++ b/usr.sbin/httpd/server_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_file.c,v 1.26 2014/08/03 22:38:12 reyk Exp $ */ +/* $OpenBSD: server_file.c,v 1.27 2014/08/03 22:47:25 reyk Exp $ */ /* * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org> @@ -63,6 +63,15 @@ server_file_access(struct client *clt, char *path, size_t len, errno = 0; + switch (desc->http_method) { + case HTTP_METHOD_GET: + case HTTP_METHOD_HEAD: + break; + default: + /* Other methods are not allowed */ + return (405); + } + if (access(path, R_OK) == -1) { goto fail; } else if (stat(path, st) == -1) { |