~sircmpwn/gmnisrv

0dc0e4432a70eafde69509fde8a29802e46ae712 — Drew DeVault 2 years ago 8b65e30 
Revert "Routing: Fix non-ascii paths"

This causes a security issue (path traversal)

This reverts commit ea360fa4c10791c3c720c33470c86923424348fe.
patch browse .tar.gz 
1 files changed, 3 insertions(+), 12 deletions(-)

M src/serve.c

M src/serve.c => src/serve.c +3 -12
@@ 12,7 12,6 @@
#include <sys/types.h>
#include <unistd.h>
#include "config.h"
#include "escape.h"
#include "gemini.h"
#include "log.h"
#include "mime.h"


@@ 415,10 414,9 @@ serve_request(struct gmnisrv_client *client)
	struct gmnisrv_route *route = host->routes;
	assert(route);

	char *client_path = curl_unescape(client->path, 0);
	char *url_path = NULL;
	while (route) {
		if (route_match(route, client_path, &url_path)) {
		if (route_match(route, client->path, &url_path)) {
			break;
		}



@@ 428,7 426,6 @@ serve_request(struct gmnisrv_client *client)
	if (!route) {
		client_submit_response(client,
			GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
		free(client_path);
		free(url_path);
		return;
	}


@@ 437,6 434,7 @@ serve_request(struct gmnisrv_client *client)

	// Paths on paths on paths on paths
	// My apologies to the stack
	char client_path[PATH_MAX + 1] = "";
	char real_path[PATH_MAX + 1] = "";
	char pathinfo[PATH_MAX + 1] = "";
	char temp_path[PATH_MAX + 1] = "";


@@ 444,10 442,10 @@ serve_request(struct gmnisrv_client *client)
	if ((size_t)n >= sizeof(real_path)) {
		client_submit_response(client, GEMINI_STATUS_PERMANENT_FAILURE,
			"Request path exceeds PATH_MAX", NULL);
		free(client_path);
		free(url_path);
		return;
	}
	strcpy(client_path, client->path);

	int nlinks = 0;
	struct stat st;


@@ 494,7 492,6 @@ serve_request(struct gmnisrv_client *client)

			client_submit_response(client,
				GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
			free(client_path);
			free(url_path);
			return;
		}


@@ 502,7 499,6 @@ serve_request(struct gmnisrv_client *client)
		if (S_ISDIR(st.st_mode)) {
			if (route->autoindex) {
				serve_autoindex(client, real_path);
				free(client_path);
				free(url_path);
				return;
			} else {


@@ 526,7 522,6 @@ serve_request(struct gmnisrv_client *client)
				client_submit_response(client,
					GEMINI_STATUS_NOT_FOUND,
					"Not found", NULL);
				free(client_path);
				free(url_path);
				return;
			}


@@ 545,7 540,6 @@ serve_request(struct gmnisrv_client *client)
			// Don't serve special files
			client_submit_response(client,
				GEMINI_STATUS_NOT_FOUND, "Not found", NULL);
			free(client_path);
			free(url_path);
			return;
		}


@@ 557,12 551,9 @@ serve_request(struct gmnisrv_client *client)
		serve_cgi(client, real_path,
			(const char *)client_path,
			(const char *)pathinfo);
		free(client_path);
		return;
	}

	free(client_path);

	FILE *body = fopen(real_path, "r");
	if (!body) {
		if (errno == ENOENT) {