commit b4c65d77c916d3b13ab4a1239cfb8b60d042ce6d
parent 4c38a3cd677ac4ba3b61cac341ef1608508fc8d9
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date: Sun, 9 Jul 2017 20:09:33 +0200
fix off-by-one in handlerequest() for index files and check truncation
fix truncation so it prevents listing files even if it has an index
file.
Signed-off-by: Christoph Lohmann <20h@r-36.net>
Diffstat:
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/main.c b/main.c
@@ -161,7 +161,13 @@ handlerequest(int sock, char *base, char *ohost, char *port, char *clienth,
fd = -1;
if(stat(path, &dir) != -1 && S_ISDIR(dir.st_mode)) {
for(i = 0; i < sizeof(indexf)/sizeof(indexf)[0]; i++) {
- strncat(path, indexf[i], sizeof(path) - strlen(path));
+ if (strlen(path) + strlen(indexf[i]) >= sizeof(path)) {
+ if(loglvl & ERRORS)
+ logentry(clienth, clientp, recvc,
+ "path truncation occurred");
+ return;
+ }
+ strncat(path, indexf[i], sizeof(path) - strlen(path) - 1);
fd = open(path, O_RDONLY);
if(fd >= 0)
break;
