~lastrosade/jsthttpd

2845bf5bff2b820d2336c8c8061cbfc5f271e720 — Anthony G. Basile 3 years ago 7e15761 + c0dc63a v2.27.1
Merge pull request #4 from alpire/master

src/libhttpd.c: fix heap buffer overflow in de_dotdot
1 files changed, 1 insertions(+), 1 deletions(-)

M src/libhttpd.c
M src/libhttpd.c => src/libhttpd.c +1 -1
@@ 2410,7 2410,7 @@ de_dotdot( char* file )
    while ( strncmp( file, "./", 2 ) == 0 )
	(void) memmove( file, file + 2, strlen( file ) - 1 );
    while ( ( cp = strstr( file, "/./") ) != (char*) 0 )
	(void) memmove( cp, cp + 2, strlen( file ) - 1 );
	(void) memmove( cp, cp + 2, strlen( cp ) - 1 );

    /* Alternate between removing leading ../ and removing xxx/../ */
    for (;;)