Fossil SCM

Sanitize the pathname on the /.well-known webpage. [forum:/forumpost/ba46d8e333|Forum post ba46d8e333].

drh 2021-12-27 21:43 ssl-server

Commit b265013b66091f1cc8b6a6077060df811abb42e3cbad033d5484f537e2b12693

Parent f81d64cace5e533…

1 file changed +14 -1

M src/http_ssl.c

+14 -1

		--- src/http_ssl.c
		+++ src/http_ssl.c
		@@ -1213,23 +1213,36 @@
1213	1213	**
1214	1214	** The content is returned directly, without any interpretation, using
1215	1215	** a generic mimetype.
1216	1216	*/
1217	1217	void wellknown_page(void){
1218		- char *zPath;
	1218	+ char *zPath = 0;
1219	1219	const char *zTail = P("name");
1220	1220	Blob content;
	1221	+ int i;
	1222	+ char c;
1221	1223	if( !db_get_boolean("ssl-acme",0) ) goto wellknown_notfound;
1222	1224	if( g.zRepositoryName==0 ) goto wellknown_notfound;
1223	1225	if( zTail==0 ) goto wellknown_notfound;
1224	1226	zPath = mprintf("%z/.well-known/%s", file_dirname(g.zRepositoryName), zTail);
	1227	+ for(i=0; (c = zTail[i])!=0; i++){
	1228	+ if( fossil_isalnum(c) ) continue;
	1229	+ if( c=='.' ){
	1230	+ if( i==0 \|\| zTail[i-1]=='/' \|\| zTail[i-1]=='.' ) goto wellknown_notfound;
	1231	+ continue;
	1232	+ }
	1233	+ if( c==',' \|\| c!='-' \|\| c=='/' \|\| c==':' \|\| c=='_' \|\| c=='~' ) continue;
	1234	+ goto wellknown_notfound;
	1235	+ }
	1236	+ if( strstr("/..", zPath)!=0 ) goto wellknown_notfound;
1225	1237	if( !file_isfile(zPath, ExtFILE) ) goto wellknown_notfound;
1226	1238	blob_read_from_file(&content, zPath, ExtFILE);
1227	1239	cgi_set_content(&content);
1228	1240	cgi_set_content_type(mimetype_from_name(zPath));
1229	1241	cgi_reply();
1230	1242	return;
1231	1243
1232	1244	wellknown_notfound:
	1245	+ fossil_free(zPath);
1233	1246	webpage_notfound_error(0);
1234	1247	return;
1235	1248	}
1236	1249

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -1213,23 +1213,36 @@
1213	**
1214	** The content is returned directly, without any interpretation, using
1215	** a generic mimetype.
1216	*/
1217	void wellknown_page(void){
1218	char *zPath;
1219	const char *zTail = P("name");
1220	Blob content;


1221	if( !db_get_boolean("ssl-acme",0) ) goto wellknown_notfound;
1222	if( g.zRepositoryName==0 ) goto wellknown_notfound;
1223	if( zTail==0 ) goto wellknown_notfound;
1224	zPath = mprintf("%z/.well-known/%s", file_dirname(g.zRepositoryName), zTail);










1225	if( !file_isfile(zPath, ExtFILE) ) goto wellknown_notfound;
1226	blob_read_from_file(&content, zPath, ExtFILE);
1227	cgi_set_content(&content);
1228	cgi_set_content_type(mimetype_from_name(zPath));
1229	cgi_reply();
1230	return;
1231
1232	wellknown_notfound:

1233	webpage_notfound_error(0);
1234	return;
1235	}
1236

	--- src/http_ssl.c
	+++ src/http_ssl.c
	@@ -1213,23 +1213,36 @@
1213	**
1214	** The content is returned directly, without any interpretation, using
1215	** a generic mimetype.
1216	*/
1217	void wellknown_page(void){
1218	char *zPath = 0;
1219	const char *zTail = P("name");
1220	Blob content;
1221	int i;
1222	char c;
1223	if( !db_get_boolean("ssl-acme",0) ) goto wellknown_notfound;
1224	if( g.zRepositoryName==0 ) goto wellknown_notfound;
1225	if( zTail==0 ) goto wellknown_notfound;
1226	zPath = mprintf("%z/.well-known/%s", file_dirname(g.zRepositoryName), zTail);
1227	for(i=0; (c = zTail[i])!=0; i++){
1228	if( fossil_isalnum(c) ) continue;
1229	if( c=='.' ){
1230	if( i==0 \|\| zTail[i-1]=='/' \|\| zTail[i-1]=='.' ) goto wellknown_notfound;
1231	continue;
1232	}
1233	if( c==',' \|\| c!='-' \|\| c=='/' \|\| c==':' \|\| c=='_' \|\| c=='~' ) continue;
1234	goto wellknown_notfound;
1235	}
1236	if( strstr("/..", zPath)!=0 ) goto wellknown_notfound;
1237	if( !file_isfile(zPath, ExtFILE) ) goto wellknown_notfound;
1238	blob_read_from_file(&content, zPath, ExtFILE);
1239	cgi_set_content(&content);
1240	cgi_set_content_type(mimetype_from_name(zPath));
1241	cgi_reply();
1242	return;
1243
1244	wellknown_notfound:
1245	fossil_free(zPath);
1246	webpage_notfound_error(0);
1247	return;
1248	}
1249