diff options
author | Ignacio Casal Quinteiro <qignacio@amazon.com> | 2019-08-26 12:54:09 +0200 |
---|---|---|
committer | Claudio Saavedra <csaavedra@igalia.com> | 2019-09-11 17:00:38 +0300 |
commit | 150c7f6743924cb5d6f2dec85c6248620b8f4e4a (patch) | |
tree | ab89f79cc5165fa20f8becf6b510dae1df643032 /libsoup | |
parent | 2b9054e0e289f696450bdfbff6ae01b9d9fdfb4f (diff) | |
download | libsoup-150c7f6743924cb5d6f2dec85c6248620b8f4e4a.tar.gz |
SoupServer: fix to not allow smuggling ".." into path
This was already fixed for Unix like systems but it was still
possible to smuggle .. into a windows like server.
Diffstat (limited to 'libsoup')
-rw-r--r-- | libsoup/soup-server.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/libsoup/soup-server.c b/libsoup/soup-server.c index 0bb30626..3411f67a 100644 --- a/libsoup/soup-server.c +++ b/libsoup/soup-server.c @@ -1368,7 +1368,15 @@ got_headers (SoupMessage *msg, SoupClientContext *client) decoded_path = soup_uri_decode (uri->path); if (strstr (decoded_path, "/../") || - g_str_has_suffix (decoded_path, "/..")) { + g_str_has_suffix (decoded_path, "/..") +#ifdef G_OS_WIN32 + || + strstr (decoded_path, "\\..\\") || + strstr (decoded_path, "/..\\") || + strstr (decoded_path, "\\../") || + g_str_has_suffix (decoded_path, "\\..") +#endif + ) { /* Introducing new ".." segments is not allowed */ g_free (decoded_path); soup_message_set_status (msg, SOUP_STATUS_BAD_REQUEST); |