neale
/
eris
mirror of https://github.com/nealey/eris.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix 0.9 not detected with query_string

This commit is contained in:
Neale Pickett 2013-02-14 16:39:14 -07:00
parent 4e2e46dfdb
commit eb9de7b610
3 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -1,3 +1,6 @@
4.1:
Fix 0.9 not detected with query_string (Alyssa Milburn).
4.0: 4.0:
Fix directory traversal vulnerability (Alyssa Milburn). Fix directory traversal vulnerability (Alyssa Milburn).

8
eris.c
View File

@ -782,7 +782,6 @@ handle_request()
*(fsp++) = '.'; *(fsp++) = '.';
*(fsp++) = '/'; *(fsp++) = '/';
for (; *p != ' '; p += 1) { for (; *p != ' '; p += 1) {
if (! query_string) {
char c = *p; char c = *p;
switch (c) { switch (c) {
@ -792,9 +791,9 @@ handle_request()
badrequest(505, "Version Not Supported", "HTTP/0.9 not supported"); badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
case '?': case '?':
query_string = p + 1; query_string = p + 1;
continue; break;
case '%': case '%':
if (p[1] && p[2]) { if ((! query_string) && p[1] && p[2]) {
int a = fromhex(p[1]); int a = fromhex(p[1]);
int b = fromhex(p[2]); int b = fromhex(p[2]);
@ -806,11 +805,10 @@ handle_request()
break; break;
} }
if (fsp - fspath + 1 < sizeof fspath) { if ((! query_string) && (fsp - fspath + 1 < sizeof fspath)) {
*(fsp++) = c; *(fsp++) = c;
} }
} }
}
*fsp = 0; *fsp = 0;
/* Change "/." to "/:" to keep "hidden" files such and prevent directory traversal */ /* Change "/." to "/:" to keep "hidden" files such and prevent directory traversal */

3
test.sh
View File

@ -112,6 +112,9 @@ printf 'GET / HTTP/1.0\n\n' | $HTTPD 2>/dev/null | grep -q 'james' && pass || fa
title "No trailing slash" title "No trailing slash"
printf 'GET /empty HTTP/1.0\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q '301 Redirect#%.*Location: /empty/#%#%' && pass || fail printf 'GET /empty HTTP/1.0\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q '301 Redirect#%.*Location: /empty/#%#%' && pass || fail
title "No version after query_string"
printf 'GET /?\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q 'HTTP/0.9' && pass || fail
title "Logging /" title "Logging /"
(printf 'GET / HTTP/1.1\r\nHost: host\r\n\r\n' | (printf 'GET / HTTP/1.1\r\nHost: host\r\n\r\n' |
PROTO=TCP TCPREMOTEPORT=1234 TCPREMOTEIP=10.0.0.2 $HTTPD >/dev/null) 2>&1 | grep -q '^10.0.0.2:1234 200 6 host (null) (null) /$' && pass || fail PROTO=TCP TCPREMOTEPORT=1234 TCPREMOTEIP=10.0.0.2 $HTTPD >/dev/null) 2>&1 | grep -q '^10.0.0.2:1234 200 6 host (null) (null) /$' && pass || fail