~lastrosade/jsthttpd

c0dc63a49d8605649f1d8e4a96c9b468b0bff660 — Alexandre Rebert 3 years ago 7e15761
Fix heap buffer overflow in de_dotdot
1 files changed, 1 insertions(+), 1 deletions(-)

M src/libhttpd.c
M src/libhttpd.c => src/libhttpd.c +1 -1
@@ 2410,7 2410,7 @@ de_dotdot( char* file )
    while ( strncmp( file, "./", 2 ) == 0 )
	(void) memmove( file, file + 2, strlen( file ) - 1 );
    while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
	(void) memmove( cp, cp + 2, strlen( cp ) - 1 );

    /* Alternate between removing leading ../ and removing xxx/../ */
    for (;;)