-fixes in code clones()

author: Christian Grothoff <christian@grothoff.org> 2016-01-18 21:46:56 +0000
committer: Christian Grothoff <christian@grothoff.org> 2016-01-18 21:46:56 +0000
commit: a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56 (patch)
tree: 8dfb961b60b507ce85c319e70799e92f98220f61
parent: ff4d6dea422c30bed39dd4082b8012033583cdd8 (diff)
download: libmicrohttpd-a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56.tar.gz
libmicrohttpd-a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56.zip
3 files changed, 32 insertions, 12 deletions
diff --git a/src/examples/demo.c b/src/examples/demo.c
index 7d6d1bd8..7b2064e2 100644
--- a/src/examples/demo.c
+++ b/src/examples/demo.c
@@ -693,12 +693,19 @@ generate_page (void *cls,
      if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) &&
           (0 != strcmp (method, MHD_HTTP_METHOD_HEAD)) )
        return MHD_NO;  /* unexpected method (we're not polite...) */
-      if ( (0 == stat (&url[1], &buf)) &&
+      fd = -1;
-           (NULL == strstr (&url[1], "..")) &&
+      if ( (NULL == strstr (&url[1], "..")) &&
-           ('/' != url[1]))
+           ('/' != url[1]) )
-        fd = open (&url[1], O_RDONLY);
+        {
-      else
+          fd = open (&url[1], O_RDONLY);
-        fd = -1;
+          if ( (-1 != fd) &&
+               ( (0 != fstat (fd, &buf)) ||
+                 (! S_ISREG (buf.st_mode)) ) )
+            {
+              (void) close (fd);
+              fd = -1;
+            }
+        }
      if (-1 == fd)
        return MHD_queue_response (connection,
                                   MHD_HTTP_NOT_FOUND,
diff --git a/src/examples/demo_https.c b/src/examples/demo_https.c
index 1dff3ee9..ad986148 100644
--- a/src/examples/demo_https.c
+++ b/src/examples/demo_https.c
@@ -668,7 +668,7 @@ return_directory_response (struct MHD_Connection *connection)
 * @param upload_data data from upload (PUT/POST)
 * @param upload_data_size number of bytes in "upload_data"
 * @param ptr our context
- * @return MHD_YES on success, MHD_NO to drop connection
+ * @return #MHD_YES on success, #MHD_NO to drop connection
 */
 static int
 generate_page (void *cls,
@@ -694,7 +694,6 @@ generate_page (void *cls,
      if (0 != strcmp (method, MHD_HTTP_METHOD_GET))
        return MHD_NO;  /* unexpected method (we're not polite...) */
      fd = -1;
      if ( (NULL == strstr (&url[1], "..")) &&
           ('/' != url[1]) )
        {
diff --git a/src/examples/fileserver_example.c b/src/examples/fileserver_example.c
index e18ae747..9637bffc 100644
--- a/src/examples/fileserver_example.c
+++ b/src/examples/fileserver_example.c
@@ -63,6 +63,7 @@ ahc_echo (void *cls,
  struct MHD_Response *response;
  int ret;
  FILE *file;
+  int fd;
  struct stat buf;
  if ( (0 != strcmp (method, MHD_HTTP_METHOD_GET)) &&
@@ -75,10 +76,23 @@ ahc_echo (void *cls,
      return MHD_YES;
    }
  *ptr = NULL;                  /* reset when done */
-  if (0 == stat (&url[1], &buf))
+  file = fopen (&url[1], "rb");
-    file = fopen (&url[1], "rb");
+  if (NULL != file)
-  else
+    {
-    file = NULL;
+      fd = fileno (file);
+      if (-1 == fd)
+        {
+          (void) fclose (file);
+          return MHD_NO; /* internal error */
+        }
+      if ( (0 != fstat (fd, &buf)) ||
+           (! S_ISREG (buf.st_mode)) )
+        {
+          /* not a regular file, refuse to serve */
+          fclose (file);
+          file = NULL;
+        }
+    }
  if (NULL == file)
    {
      response = MHD_create_response_from_buffer (strlen (PAGE),
author	Christian Grothoff <christian@grothoff.org>	2016-01-18 21:46:56 +0000
committer	Christian Grothoff <christian@grothoff.org>	2016-01-18 21:46:56 +0000
commit	a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56 (patch)
tree	8dfb961b60b507ce85c319e70799e92f98220f61
parent	ff4d6dea422c30bed39dd4082b8012033583cdd8 (diff)
download	libmicrohttpd-a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56.tar.gz libmicrohttpd-a0f69a6671f46af1a436e18dd6bf99ec1f9a6a56.zip