SoupServer: fix to not allow smuggling ".." into path

This was already fixed for Unix like systems but it was still possible to smuggle .. into a windows like server.
author: Ignacio Casal Quinteiro <qignacio@amazon.com> 2019-08-26 12:54:09 +0200
committer: Claudio Saavedra <csaavedra@igalia.com> 2019-09-11 17:00:38 +0300
commit: 150c7f6743924cb5d6f2dec85c6248620b8f4e4a (patch)
tree: ab89f79cc5165fa20f8becf6b510dae1df643032 /libsoup
parent: 2b9054e0e289f696450bdfbff6ae01b9d9fdfb4f (diff)
download: libsoup-150c7f6743924cb5d6f2dec85c6248620b8f4e4a.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c
index 0bb30626..3411f67a 100644
--- a/libsoup/soup-server.c
+++ b/libsoup/soup-server.c
@@ -1368,7 +1368,15 @@ got_headers (SoupMessage *msg, SoupClientContext *client)
 		decoded_path = soup_uri_decode (uri->path);
 
 		if (strstr (decoded_path, "/../") ||
-		    g_str_has_suffix (decoded_path, "/..")) {
+		    g_str_has_suffix (decoded_path, "/..")
+#ifdef G_OS_WIN32
+		    ||
+		    strstr (decoded_path, "\\..\\") ||
+		    strstr (decoded_path, "/..\\") ||
+		    strstr (decoded_path, "\\../") ||
+		    g_str_has_suffix (decoded_path, "\\..")
+#endif
+		    ) {
 			/* Introducing new ".." segments is not allowed */
 			g_free (decoded_path);
 			soup_message_set_status (msg, SOUP_STATUS_BAD_REQUEST);
author	Ignacio Casal Quinteiro <qignacio@amazon.com>	2019-08-26 12:54:09 +0200
committer	Claudio Saavedra <csaavedra@igalia.com>	2019-09-11 17:00:38 +0300
commit	150c7f6743924cb5d6f2dec85c6248620b8f4e4a (patch)
tree	ab89f79cc5165fa20f8becf6b510dae1df643032 /libsoup
parent	2b9054e0e289f696450bdfbff6ae01b9d9fdfb4f (diff)
download	libsoup-150c7f6743924cb5d6f2dec85c6248620b8f4e4a.tar.gz