beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

WebServer: Fix jailbreaking of server via .. relative paths

Browse source 
The recent patch to LexicalPath allowed relative paths like ../ to work
in requests to WebServer. This wasn't too dangerous because of unveil,
but let's still fix this :^)
This commit is contained in:
DexesTTP 2021-05-18 08:58:37 +02:00 committed by Andreas Kling
parent 7957f13e98
commit 9f42ccd639
Notes: sideshowbarker 2024-07-18 17:52:51 +09:00 
Author: https://github.com/Dexesttp
Commit: https://github.com/SerenityOS/serenity/commit/9f42ccd6399
Pull-request: https://github.com/SerenityOS/serenity/pull/7240
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Userland/Services/WebServer/Client.cpp
View file

@ -73,7 +73,7 @@ void Client::handle_request(ReadonlyBytes raw_request)
return;
}
auto requested_path = LexicalPath::canonicalized_path(request.resource());
auto requested_path = LexicalPath::join("/", request.resource()).string();
dbgln("Canonical requested path: '{}'", requested_path);
StringBuilder path_builder;