mirror of https://github.com/omar-polo/gmid.git
fix possible out-of-bound access
While computing the parent directory it an out-of-bound access can occur, which usually means the server process dies. In particular, it can be triggered by making a request for a non-existent file in the root of a virtual host if the path matches the `cgi` pattern. Thanks cage for helping in debugging!
This commit is contained in:
Omar Polo
parent
353e3c8ebe
commit
3571854e94
|
|
@ -385,3 +385,13 @@ restart
|
|||
eq "$(head /)" "20 text/gemini" "Unexpected head for /"
|
||||
eq "$(get /)" "# hello world$ln" "Unexpected body for /"
|
||||
echo OK GET / with macro expansion
|
||||
|
||||
|
||||
# 1.7.4 bugfix: check_for_cgi goes out-of-bound processing a string
|
||||
# that doesn't contain a '/'
|
||||
config '' 'cgi "*"'
|
||||
checkconf
|
||||
restart
|
||||
|
||||
eq "$(head /favicon.txt)" "51 not found" "Unexpected head for /"
|
||||
echo OK GET /favicon.txt with cgi
|
||||
|
|
|
|||
6
server.c
6
server.c
|
|
@ -406,8 +406,12 @@ check_for_cgi(struct client *c)
|
|||
* dirname, with its ambiguities on if the given
|
||||
* pointer is changed or not, gives me headaches.
|
||||
*/
|
||||
while (*end != '/')
|
||||
while (*end != '/' && end > path)
|
||||
end--;
|
||||
|
||||
if (end == path)
|
||||
break;
|
||||
|
||||
*end = '\0';
|
||||
|
||||
switch (check_path(c, path, &c->pfd)) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue