fix possible out-of-bound access

While computing the parent directory it an out-of-bound access can
occur, which usually means the server process dies.

In particular, it can be triggered by making a request for a
non-existent file in the root of a virtual host if the path matches
the `cgi` pattern.

Thanks cage for helping in debugging!
This commit is contained in:
Omar Polo 2021-09-24 10:48:51 +00:00
parent 353e3c8ebe
commit 3571854e94
2 changed files with 15 additions and 1 deletions

View File

@ -385,3 +385,13 @@ restart
eq "$(head /)" "20 text/gemini" "Unexpected head for /"
eq "$(get /)" "# hello world$ln" "Unexpected body for /"
echo OK GET / with macro expansion
# 1.7.4 bugfix: check_for_cgi goes out-of-bound processing a string
# that doesn't contain a '/'
config '' 'cgi "*"'
checkconf
restart
eq "$(head /favicon.txt)" "51 not found" "Unexpected head for /"
echo OK GET /favicon.txt with cgi

View File

@ -406,8 +406,12 @@ check_for_cgi(struct client *c)
* dirname, with its ambiguities on if the given
* pointer is changed or not, gives me headaches.
*/
while (*end != '/')
while (*end != '/' && end > path)
end--;
if (end == path)
break;
*end = '\0';
switch (check_path(c, path, &c->pfd)) {