CVS commit: src/libexec/httpd

[matthew green]

Module Name:    src
Committed By:   mrg
Date:           Mon Sep 20 21:58:43 UTC 2010

Modified Files:
        src/libexec/httpd: bozohttpd.c

Log Message:
fix a serious error in virtual hosting support, noticed by se...@netbsd,
and disallow ".." as a virtual host name!  also ".".

patch from sean.


To generate a diff of this commit:
cvs rdiff -u -r1.22 -r1.23 src/libexec/httpd/bozohttpd.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/libexec/httpd/bozohttpd.c
diff -u src/libexec/httpd/bozohttpd.c:1.22 src/libexec/httpd/bozohttpd.c:1.23
--- src/libexec/httpd/bozohttpd.c:1.22	Sun Jul 11 03:13:08 2010
+++ src/libexec/httpd/bozohttpd.c	Mon Sep 20 21:58:43 2010
@@ -1,4 +1,4 @@
-/*	$NetBSD: bozohttpd.c,v 1.22 2010/07/11 03:13:08 mrg Exp $	*/
+/*	$NetBSD: bozohttpd.c,v 1.23 2010/09/20 21:58:43 mrg Exp $	*/
 
 /*	$eterna: bozohttpd.c,v 1.174 2010/06/21 06:47:23 mrg Exp $	*/
 
@@ -991,18 +991,30 @@
 	    request->hr_host, httpd->virtbase, request->hr_file));
 	if (strncasecmp(httpd->virthostname, request->hr_host, len) != 0) {
 		s = 0;
-		for (i = scandir(httpd->virtbase, &list, 0, 0); i--; list++) {
-			debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
-			    (*list)->d_name));
-			if (strncasecmp((*list)->d_name, request->hr_host,
-			    len) == 0) {
-				/* found it, punch it */
-				httpd->virthostname = (*list)->d_name;
-				if (asprintf(&s, "%s/%s", httpd->virtbase,
-						httpd->virthostname) < 0)
-					bozo_err(httpd, 1, "asprintf");
-				break;
+		if ((dirp = opendir(httpd->virtbase)) != NULL) {
+			while ((d = readdir(dirp)) != NULL) {
+				if (strcmp(d->d_name, ".") == 0 ||
+				    strcmp(d->d_name, "..") == 0) {
+					continue;
+				}
+				debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
+			 	   d->d_name));
+				if (strncasecmp(d->d_name, request->hr_host,
+				    len) == 0) {
+					/* found it, punch it */
+					debug((httpd, DEBUG_OBESE, "found it punch it"));
+					httpd->virthostname = d->d_name;
+					if (asprintf(&s, "%s/%s", httpd->virtbase,
+					    httpd->virthostname) < 0)
+						bozo_err(httpd, 1, "asprintf");
+					break;
+				}
 			}
+			closedir(dirp);
+		}
+		else {
+			debug((httpd, DEBUG_FAT, "opendir %s failed: %s",
+			    httpd->virtbase, strerror(errno)));
 		}
 		if (s == 0) {
 			if (httpd->unknown_slash)