Fossil SCM

Additional webserver security: Do not allow the "fossil server" command to return any static content with an unrecognized suffix.

drh 2012-12-01 04:10 trunk
Commit 4a5e972e2c7f98ce309735b040364949edb370c8
Parent 28faff0d6a11bc2…
1 file changed +7 -2
~ src/main.c
M src/main.c
+7 -2
--- src/main.c
+++ src/main.c
@@ -1297,21 +1297,26 @@
12971297
 }
12981298
 if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
12991299
13001300
 szFile = file_size(zRepo);
13011301
 if( szFile<0 ){
1302
+ const char *zMimetype;
13021303
 assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
13031304
 zRepo[j] = 0;
13041305
 if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
13051306
 fossil_free(zToFree);
13061307
 i++;
13071308
 continue;
13081309
 }
1309
- if( file_isfile(zRepo) && strglob("*.fossil*",zRepo)==0 ){
1310
+ if( file_isfile(zRepo)
1311
+ && strglob("*.fossil*",zRepo)==0
1312
+ && (zMimetype = mimetype_from_name(zRepo))!=0
1313
+ && strcmp(zMimetype, "application/x-fossil-artifact")!=0
1314
+ ){
13101315
 Blob content;
13111316
 blob_read_from_file(&content, zRepo);
1312
- cgi_set_content_type(mimetype_from_name(zRepo));
1317
+ cgi_set_content_type(zMimetype);
13131318
 cgi_set_content(&content);
13141319
 cgi_reply();
13151320
 return;
13161321
 }
13171322
 zRepo[j] = '.';
13181323
--- src/main.c
+++ src/main.c
@@ -1297,21 +1297,26 @@
1297 }
1298 if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
1299
1300 szFile = file_size(zRepo);
1301 if( szFile<0 ){
 
1302 assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
1303 zRepo[j] = 0;
1304 if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
1305 fossil_free(zToFree);
1306 i++;
1307 continue;
1308 }
1309 if( file_isfile(zRepo) && strglob("*.fossil*",zRepo)==0 ){
 
 
 
 
1310 Blob content;
1311 blob_read_from_file(&content, zRepo);
1312 cgi_set_content_type(mimetype_from_name(zRepo));
1313 cgi_set_content(&content);
1314 cgi_reply();
1315 return;
1316 }
1317 zRepo[j] = '.';
1318
--- src/main.c
+++ src/main.c
@@ -1297,21 +1297,26 @@
1297 }
1298 if( zRepo[0]=='/' && zRepo[1]=='/' ){ zRepo++; j--; }
1299
1300 szFile = file_size(zRepo);
1301 if( szFile<0 ){
1302 const char *zMimetype;
1303 assert( fossil_strcmp(&zRepo[j], ".fossil")==0 );
1304 zRepo[j] = 0;
1305 if( zPathInfo[i]=='/' && file_isdir(zRepo)==1 ){
1306 fossil_free(zToFree);
1307 i++;
1308 continue;
1309 }
1310 if( file_isfile(zRepo)
1311 && strglob("*.fossil*",zRepo)==0
1312 && (zMimetype = mimetype_from_name(zRepo))!=0
1313 && strcmp(zMimetype, "application/x-fossil-artifact")!=0
1314 ){
1315 Blob content;
1316 blob_read_from_file(&content, zRepo);
1317 cgi_set_content_type(zMimetype);
1318 cgi_set_content(&content);
1319 cgi_reply();
1320 return;
1321 }
1322 zRepo[j] = '.';
1323

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button