Browse Source

[mod_cgi] fix assert if empty X-Sendfile path (fixes #3062)

(thx axe34)

Please note that this would not have crashed "x-sendfile-docroot"
were set to restrict the locations of files that can be sent via
X-Sendfile.  If users are untrusted, "x-sendfile" should not be
enable without also configuring "x-sendfile-docroot"

x-ref:
  "Server Aborted due to Malicious Data sent through CGI Sendfile"
  https://redmine.lighttpd.net/issues/3062
master
Glenn Strauss 10 months ago
parent
commit
649829f906
  1. 8
      src/http-header-glue.c

8
src/http-header-glue.c

@ -737,6 +737,10 @@ static void http_response_xsendfile (request_st * const r, buffer * const path,
if (r->conf.force_lowercase_filenames) {
buffer_to_lower(path);
}
if (buffer_string_is_empty(path)) {
r->http_status = 502;
valid = 0;
}
/* check that path is under xdocroot(s)
* - xdocroot should have trailing slash appended at config time
@ -815,6 +819,10 @@ static void http_response_xsendfile2(request_st * const r, const buffer * const
if (r->conf.force_lowercase_filenames) {
buffer_to_lower(b);
}
if (buffer_string_is_empty(b)) {
r->http_status = 502;
break;
}
if (xdocroot) {
size_t i, xlen = buffer_string_length(b);
for (i = 0; i < xdocroot->used; ++i) {

Loading…
Cancel
Save