mirror/darkhttpd
1
0
Fork 0
mirror of https://github.com/emikulic/darkhttpd.git synced 2023-08-10 21:13:08 +03:00
Code Issues Projects Releases Wiki Activity

. stat() the file before opening it to avoid opening FIFOs, sockets, etc.

Browse Source
This commit is contained in:
Emil Mikulic
2003-11-24 11:24:26 +00:00
parent db6517c62d
commit eee798c571
1 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
trunk/darkhttpd.c
View File

@ -1418,9 +1418,27 @@ static void process_get(struct connection *conn)
mimetype = uri_content_type(safe_url); mimetype = uri_content_type(safe_url);
} }
free(safe_url); safe_url = NULL; free(safe_url); safe_url = NULL;
debugf("uri=%s, target=%s, content-type=%s\n", debugf("uri=%s, target=%s, content-type=%s\n",
conn->uri, target, mimetype); conn->uri, target, mimetype);
/* stat the path - there is a potential race between this and the fopen()
* call, but it's better than trying to open a FIFO or a device.
*/
if (stat(target, &filestat) == -1)
{
default_reply(conn, 500, "Internal Server Error",
"stat() failed: %s.", strerror(errno));
return;
}
/* make sure it's a regular file */
if (!S_ISREG(filestat.st_mode))
/*(filestat.st_mode & S_IFMT) != S_IFREG)*/
{
default_reply(conn, 403, "Forbidden", "Not a regular file.");
return;
}
conn->reply_file = fopen(target, "rb"); conn->reply_file = fopen(target, "rb");
free(target); target = NULL; free(target); target = NULL;