80 lines
2.4 KiB
Diff
80 lines
2.4 KiB
Diff
diff -up openwsman-2.6.5/src/server/shttpd/shttpd.c.orig openwsman-2.6.5/src/server/shttpd/shttpd.c
|
|
--- openwsman-2.6.5/src/server/shttpd/shttpd.c.orig 2019-03-13 10:20:07.376527798 +0100
|
|
+++ openwsman-2.6.5/src/server/shttpd/shttpd.c 2019-03-13 10:20:07.380527801 +0100
|
|
@@ -336,10 +336,12 @@ date_to_epoch(const char *s)
|
|
}
|
|
|
|
static void
|
|
-remove_double_dots(char *s)
|
|
+remove_all_leading_dots(char *s)
|
|
{
|
|
char *p = s;
|
|
|
|
+ while (*s != '\0' && *s == '.') s++;
|
|
+
|
|
while (*s != '\0') {
|
|
*p++ = *s++;
|
|
if (s[-1] == '/' || s[-1] == '\\')
|
|
@@ -546,7 +548,7 @@ decide_what_to_do(struct conn *c)
|
|
*c->query++ = '\0';
|
|
|
|
_shttpd_url_decode(c->uri, strlen(c->uri), c->uri, strlen(c->uri) + 1);
|
|
- remove_double_dots(c->uri);
|
|
+ remove_all_leading_dots(c->uri);
|
|
|
|
root = c->ctx->options[OPT_ROOT];
|
|
if (strlen(c->uri) + strlen(root) >= sizeof(path)) {
|
|
@@ -556,6 +558,7 @@ decide_what_to_do(struct conn *c)
|
|
|
|
(void) _shttpd_snprintf(path, sizeof(path), "%s%s", root, c->uri);
|
|
|
|
+ DBG(("decide_what_to_do -> processed path: [%s]", path));
|
|
/* User may use the aliases - check URI for mount point */
|
|
if (is_alias(c->ctx, c->uri, &alias_uri, &alias_path) != NULL) {
|
|
(void) _shttpd_snprintf(path, sizeof(path), "%.*s%s",
|
|
@@ -572,7 +575,10 @@ decide_what_to_do(struct conn *c)
|
|
if ((ruri = _shttpd_is_registered_uri(c->ctx, c->uri)) != NULL) {
|
|
_shttpd_setup_embedded_stream(c,
|
|
ruri->callback, ruri->callback_data);
|
|
- } else
|
|
+ } else {
|
|
+ _shttpd_send_server_error(c, 403, "Forbidden");
|
|
+ }
|
|
+#if 0
|
|
if (strstr(path, HTPASSWD)) {
|
|
/* Do not allow to view passwords files */
|
|
_shttpd_send_server_error(c, 403, "Forbidden");
|
|
@@ -656,6 +662,7 @@ decide_what_to_do(struct conn *c)
|
|
} else {
|
|
_shttpd_send_server_error(c, 500, "Internal Error");
|
|
}
|
|
+#endif
|
|
}
|
|
|
|
static int
|
|
diff -up openwsman-2.6.5/src/server/wsmand.c.orig openwsman-2.6.5/src/server/wsmand.c
|
|
--- openwsman-2.6.5/src/server/wsmand.c.orig 2017-11-28 09:32:15.000000000 +0100
|
|
+++ openwsman-2.6.5/src/server/wsmand.c 2019-03-13 10:20:07.380527801 +0100
|
|
@@ -198,6 +198,10 @@ static void daemonize(void)
|
|
int fd;
|
|
char *pid;
|
|
|
|
+ /* Change our CWD to / */
|
|
+ i = chdir("/");
|
|
+ assert(i == 0);
|
|
+
|
|
if (wsmand_options_get_foreground_debug() > 0) {
|
|
return;
|
|
}
|
|
@@ -214,10 +218,6 @@ static void daemonize(void)
|
|
log_pid = 0;
|
|
setsid();
|
|
|
|
- /* Change our CWD to / */
|
|
- i=chdir("/");
|
|
- assert(i == 0);
|
|
-
|
|
/* Close all file descriptors. */
|
|
for (i = getdtablesize(); i >= 0; --i)
|
|
close(i);
|