libmicrohttpd

HTTP/1.x server C library (MHD 1.x, stable)
Log | Files | Refs | Submodules | README | LICENSE
commit a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56
parent ff4d6dea422c30bed39dd4082b8012033583cdd8
Author: Christian Grothoff <christian@grothoff.org>
Date:   Mon, 18 Jan 2016 21:46:56 +0000

-fixes in code clones()

Diffstat:

Msrc/examples/demo.c | 19+++++++++++++------


Msrc/examples/demo_https.c | 3+--


Msrc/examples/fileserver_example.c | 22++++++++++++++++++----


3 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/src/examples/demo.c b/src/examples/demo.c
@@ -693,12 +693,19 @@ generate_page (void *cls,
       if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) &&
            (0 != strcmp (method, MHD_HTTP_METHOD_HEAD)) )
         return MHD_NO;  /* unexpected method (we're not polite...) */
-      if ( (0 == stat (&url[1], &buf)) &&
-	   (NULL == strstr (&url[1], "..")) &&
-	   ('/' != url[1]))
-	fd = open (&url[1], O_RDONLY);
-      else
-	fd = -1;
+      fd = -1;
+      if ( (NULL == strstr (&url[1], "..")) &&
+	   ('/' != url[1]) )
+        {
+          fd = open (&url[1], O_RDONLY);
+          if ( (-1 != fd) &&
+               ( (0 != fstat (fd, &buf)) ||
+                 (! S_ISREG (buf.st_mode)) ) )
+            {
+              (void) close (fd);
+              fd = -1;
+            }
+        }
       if (-1 == fd)
 	return MHD_queue_response (connection,
 				   MHD_HTTP_NOT_FOUND,
diff --git a/src/examples/demo_https.c b/src/examples/demo_https.c
@@ -668,7 +668,7 @@ return_directory_response (struct MHD_Connection *connection)
  * @param upload_data data from upload (PUT/POST)
  * @param upload_data_size number of bytes in "upload_data"
  * @param ptr our context
- * @return MHD_YES on success, MHD_NO to drop connection
+ * @return #MHD_YES on success, #MHD_NO to drop connection
  */
 static int
 generate_page (void *cls,
@@ -694,7 +694,6 @@ generate_page (void *cls,
       if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
 	return MHD_NO;  /* unexpected method (we're not polite...) */
       fd = -1;
-
       if ( (NULL == strstr (&url[1], "..")) &&
 	   ('/' != url[1]) )
         {
diff --git a/src/examples/fileserver_example.c b/src/examples/fileserver_example.c
@@ -63,6 +63,7 @@ ahc_echo (void *cls,
   struct MHD_Response *response;
   int ret;
   FILE *file;
+  int fd;
   struct stat buf;
 
   if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) &&
@@ -75,10 +76,23 @@ ahc_echo (void *cls,
       return MHD_YES;
     }
   *ptr = NULL;                  /* reset when done */
-  if (0 == stat (&url[1], &buf))
-    file = fopen (&url[1], "rb");
-  else
-    file = NULL;
+  file = fopen (&url[1], "rb");
+  if (NULL != file)
+    {
+      fd = fileno (file);
+      if (-1 == fd)
+        {
+          (void) fclose (file);
+          return MHD_NO; /* internal error */
+        }
+      if ( (0 != fstat (fd, &buf)) ||
+           (! S_ISREG (buf.st_mode)) )
+        {
+          /* not a regular file, refuse to serve */
+          fclose (file);
+          file = NULL;
+        }
+    }
   if (NULL == file)
     {
       response = MHD_create_response_from_buffer (strlen (PAGE),