mirror of https://github.com/nealey/eris.git
Fix 0.9 not detected with query_string
This commit is contained in:
Neale Pickett
parent
4e2e46dfdb
commit
eb9de7b610
3
CHANGES
3
CHANGES
|
|
@ -1,3 +1,6 @@
|
|||
4.1:
|
||||
Fix 0.9 not detected with query_string (Alyssa Milburn).
|
||||
|
||||
4.0:
|
||||
Fix directory traversal vulnerability (Alyssa Milburn).
|
||||
|
||||
|
|
|
|||
44
eris.c
44
eris.c
|
|
@ -782,33 +782,31 @@ handle_request()
|
|||
*(fsp++) = '.';
|
||||
*(fsp++) = '/';
|
||||
for (; *p != ' '; p += 1) {
|
||||
if (! query_string) {
|
||||
char c = *p;
|
||||
char c = *p;
|
||||
|
||||
switch (c) {
|
||||
case 0:
|
||||
badrequest(413, "Request Entity Too Large", "The HTTP request was too long");
|
||||
case '\n':
|
||||
badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
|
||||
case '?':
|
||||
query_string = p + 1;
|
||||
continue;
|
||||
case '%':
|
||||
if (p[1] && p[2]) {
|
||||
int a = fromhex(p[1]);
|
||||
int b = fromhex(p[2]);
|
||||
switch (c) {
|
||||
case 0:
|
||||
badrequest(413, "Request Entity Too Large", "The HTTP request was too long");
|
||||
case '\n':
|
||||
badrequest(505, "Version Not Supported", "HTTP/0.9 not supported");
|
||||
case '?':
|
||||
query_string = p + 1;
|
||||
break;
|
||||
case '%':
|
||||
if ((! query_string) && p[1] && p[2]) {
|
||||
int a = fromhex(p[1]);
|
||||
int b = fromhex(p[2]);
|
||||
|
||||
if ((a >= 0) && (b >= 0)) {
|
||||
c = (a << 4) | b;
|
||||
p += 2;
|
||||
}
|
||||
if ((a >= 0) && (b >= 0)) {
|
||||
c = (a << 4) | b;
|
||||
p += 2;
|
||||
}
|
||||
break;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
if (fsp - fspath + 1 < sizeof fspath) {
|
||||
*(fsp++) = c;
|
||||
}
|
||||
if ((! query_string) && (fsp - fspath + 1 < sizeof fspath)) {
|
||||
*(fsp++) = c;
|
||||
}
|
||||
}
|
||||
*fsp = 0;
|
||||
|
|
|
|||
3
test.sh
3
test.sh
|
|
@ -112,6 +112,9 @@ printf 'GET / HTTP/1.0\n\n' | $HTTPD 2>/dev/null | grep -q 'james' && pass || fa
|
|||
title "No trailing slash"
|
||||
printf 'GET /empty HTTP/1.0\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q '301 Redirect#%.*Location: /empty/#%#%' && pass || fail
|
||||
|
||||
title "No version after query_string"
|
||||
printf 'GET /?\r\n\r\n' | $HTTPD 2>/dev/null | d | grep -q 'HTTP/0.9' && pass || fail
|
||||
|
||||
title "Logging /"
|
||||
(printf 'GET / HTTP/1.1\r\nHost: host\r\n\r\n' |
|
||||
PROTO=TCP TCPREMOTEPORT=1234 TCPREMOTEIP=10.0.0.2 $HTTPD >/dev/null) 2>&1 | grep -q '^10.0.0.2:1234 200 6 host (null) (null) /$' && pass || fail
|
||||
|
|
|
|||
Loading…
Reference in New Issue