CVS commit: src/libexec/httpd

[Mateusz Kocielski]

Module Name:    src
Committed By:   shm
Date:           Thu Jul 16 12:19:23 UTC 2015

Modified Files:
        src/libexec/httpd: bozohttpd.c tilde-luzah-bozo.c

Log Message:
Fix handling path with multiple slashes at the beginning
Fix redirections escaping for user support

OK mrg@


To generate a diff of this commit:
cvs rdiff -u -r1.65 -r1.66 src/libexec/httpd/bozohttpd.c
cvs rdiff -u -r1.10 -r1.11 src/libexec/httpd/tilde-luzah-bozo.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.65 src/libexec/httpd/bozohttpd.c:1.66
--- src/libexec/httpd/bozohttpd.c:1.65	Thu Jul  9 12:32:16 2015
+++ src/libexec/httpd/bozohttpd.c	Thu Jul 16 12:19:23 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.65 2015/07/09 12:32:16 shm Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.66 2015/07/16 12:19:23 shm Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -895,8 +895,12 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, 
 		case ';':
 		case '=':
 		case '%':
+		case '\n':
+		case '\r':
+		case ' ':
+		case '"':
 		encode_it:
-			snprintf(d, 4, "%%%2X", *s++);
+			snprintf(d, 4, "%%%02X", *s++);
 			d += 3;
 			len += 3;
 			break;
@@ -1332,6 +1336,10 @@ transform_request(bozo_httpreq_t *reques
 		goto bad_done;
 	}
 
+	/* omit additional slashes at the beginning */
+	while (file[1] == '/')
+		file++;
+
 	switch(check_bzredirect(request)) {
 	case -1:
 		goto bad_done;

Index: src/libexec/httpd/tilde-luzah-bozo.c
diff -u src/libexec/httpd/tilde-luzah-bozo.c:1.10 src/libexec/httpd/tilde-luzah-bozo.c:1.11
--- src/libexec/httpd/tilde-luzah-bozo.c:1.10	Thu Jan  2 08:21:38 2014
+++ src/libexec/httpd/tilde-luzah-bozo.c	Thu Jul 16 12:19:23 2015
@@ -1,4 +1,4 @@
-/*	$NetBSD: tilde-luzah-bozo.c,v 1.10 2014/01/02 08:21:38 mrg Exp $	*/
+/*	$NetBSD: tilde-luzah-bozo.c,v 1.11 2015/07/16 12:19:23 shm Exp $	*/
 
 /*	$eterna: tilde-luzah-bozo.c,v 1.16 2011/11/18 09:21:15 mrg Exp $	*/
 
@@ -36,6 +36,7 @@
 
 #include <sys/param.h>
 
+#include <assert.h>
 #include <errno.h>
 #include <pwd.h>
 #include <stdlib.h>
@@ -58,20 +59,28 @@ int
 bozo_user_transform(bozo_httpreq_t *request, int *isindex)
 {
 	bozohttpd_t *httpd = request->hr_httpd;
-	char	c, *s, *file = NULL;
+	char	c, *s, *file = NULL, *user;
 	struct	passwd *pw;
 
 	*isindex = 0;
 
-	if ((s = strchr(request->hr_file + 2, '/')) != NULL) {
+	/* find username */
+	user = strchr(request->hr_file + 2, '~');
+
+	/* this shouldn't happen, but "better paranoid than sorry" */
+	assert(user != NULL);
+	
+	user++;
+
+	if ((s = strchr(user, '/')) != NULL) {
 		*s++ = '\0';
 		c = s[strlen(s)-1];
 		*isindex = (c == '/' || c == '\0');
 	}
 
 	debug((httpd, DEBUG_OBESE, "looking for user %s",
-		request->hr_file + 2));
-	pw = getpwnam(request->hr_file + 2);
+		user));
+	pw = getpwnam(user);
 	/* fix this up immediately */
 	if (s)
 		s[-1] = '/';