| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: bozohttpd.c,v 1.96 2018/11/24 02:35:13 mrg Exp $ */ | | 1 | /* $NetBSD: bozohttpd.c,v 1.97 2018/11/24 13:08:10 christos Exp $ */ |
2 | | | 2 | |
3 | /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ | | 3 | /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ |
4 | | | 4 | |
5 | /* | | 5 | /* |
6 | * Copyright (c) 1997-2018 Matthew R. Green | | 6 | * Copyright (c) 1997-2018 Matthew R. Green |
7 | * All rights reserved. | | 7 | * All rights reserved. |
8 | * | | 8 | * |
9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
11 | * are met: | | 11 | * are met: |
12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -1008,36 +1008,37 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, | | | @@ -1008,36 +1008,37 @@ bozo_escape_rfc3986(bozohttpd_t *httpd, |
1008 | case '&': | | 1008 | case '&': |
1009 | case '\'': | | 1009 | case '\'': |
1010 | case '(': | | 1010 | case '(': |
1011 | case ')': | | 1011 | case ')': |
1012 | case '*': | | 1012 | case '*': |
1013 | case '+': | | 1013 | case '+': |
1014 | case ',': | | 1014 | case ',': |
1015 | case ';': | | 1015 | case ';': |
1016 | case '=': | | 1016 | case '=': |
1017 | case '%': | | 1017 | case '%': |
1018 | case '"': | | 1018 | case '"': |
1019 | if (absolute) | | 1019 | if (absolute) |
1020 | goto leave_it; | | 1020 | goto leave_it; |
| | | 1021 | /*FALLTHROUGH*/ |
1021 | case '\n': | | 1022 | case '\n': |
1022 | case '\r': | | 1023 | case '\r': |
1023 | case ' ': | | 1024 | case ' ': |
1024 | encode_it: | | 1025 | encode_it: |
1025 | snprintf(d, 4, "%%%02X", *s++); | | 1026 | snprintf(d, 4, "%%%02X", *s++); |
1026 | d += 3; | | 1027 | d += 3; |
1027 | len += 3; | | 1028 | len += 3; |
1028 | break; | | 1029 | break; |
1029 | leave_it: | | | |
1030 | default: | | 1030 | default: |
| | | 1031 | leave_it: |
1031 | *d++ = *s++; | | 1032 | *d++ = *s++; |
1032 | len++; | | 1033 | len++; |
1033 | break; | | 1034 | break; |
1034 | } | | 1035 | } |
1035 | } | | 1036 | } |
1036 | buf[len] = 0; | | 1037 | buf[len] = 0; |
1037 | | | 1038 | |
1038 | return buf; | | 1039 | return buf; |
1039 | } | | 1040 | } |
1040 | | | 1041 | |
1041 | /* | | 1042 | /* |
1042 | * do automatic redirection -- if there are query parameters or userdir for | | 1043 | * do automatic redirection -- if there are query parameters or userdir for |
1043 | * the URL we will tack these on to the new (redirected) URL. | | 1044 | * the URL we will tack these on to the new (redirected) URL. |
| @@ -1467,27 +1468,26 @@ check_bzredirect(bozo_httpreq_t *request | | | @@ -1467,27 +1468,26 @@ check_bzredirect(bozo_httpreq_t *request |
1467 | } else { | | 1468 | } else { |
1468 | *basename++ = '\0'; | | 1469 | *basename++ = '\0'; |
1469 | strcpy(path, dir); | | 1470 | strcpy(path, dir); |
1470 | } | | 1471 | } |
1471 | if (bozo_check_special_files(request, basename)) | | 1472 | if (bozo_check_special_files(request, basename)) |
1472 | return -1; | | 1473 | return -1; |
1473 | | | 1474 | |
1474 | debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); | | 1475 | debug((httpd, DEBUG_FAT, "check_bzredirect: path %s", path)); |
1475 | | | 1476 | |
1476 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | | 1477 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, |
1477 | REDIRECT_FILE) >= sizeof(redir)) { | | 1478 | REDIRECT_FILE) >= sizeof(redir)) { |
1478 | return bozo_http_error(httpd, 404, request, | | 1479 | return bozo_http_error(httpd, 404, request, |
1479 | "redirectfile path too long"); | | 1480 | "redirectfile path too long"); |
1480 | return -1; | | | |
1481 | } | | 1481 | } |
1482 | if (lstat(redir, &sb) == 0) { | | 1482 | if (lstat(redir, &sb) == 0) { |
1483 | if (!S_ISLNK(sb.st_mode)) | | 1483 | if (!S_ISLNK(sb.st_mode)) |
1484 | return 0; | | 1484 | return 0; |
1485 | absolute = 0; | | 1485 | absolute = 0; |
1486 | } else { | | 1486 | } else { |
1487 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, | | 1487 | if ((size_t)snprintf(redir, sizeof(redir), "%s/%s", path, |
1488 | ABSREDIRECT_FILE) >= sizeof(redir)) { | | 1488 | ABSREDIRECT_FILE) >= sizeof(redir)) { |
1489 | bozo_http_error(httpd, 404, request, | | 1489 | bozo_http_error(httpd, 404, request, |
1490 | "redirectfile path too long"); | | 1490 | "redirectfile path too long"); |
1491 | return -1; | | 1491 | return -1; |
1492 | } | | 1492 | } |
1493 | if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode)) | | 1493 | if (lstat(redir, &sb) < 0 || !S_ISLNK(sb.st_mode)) |