3party/mongoose
0
0
Fork 0
mirror of https://github.com/cesanta/mongoose.git synced 2024-12-28 07:28:13 +08:00
Code Issues Projects Releases Wiki Activity

Fixed directory traversal security issue for windows

Browse Source
This commit is contained in:
Sergey Lyubka 2011-08-24 12:55:08 +01:00
parent ba714de066
commit a49c688d48
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
mongoose.c
View File

@ -889,7 +889,7 @@ static void change_slashes_to_backslashes(char *path) {
// Encode 'path' which is assumed UTF-8 string, into UNICODE string.
// wbuf and wbuf_len is a target buffer and its length.
static void to_unicode(const char *path, wchar_t *wbuf, size_t wbuf_len) {
char buf[PATH_MAX], *p;
char buf[PATH_MAX], buf2[PATH_MAX], *p;
mg_strlcpy(buf, path, sizeof(buf));
change_slashes_to_backslashes(buf);
@ -911,10 +911,17 @@ static void to_unicode(const char *path, wchar_t *wbuf, size_t wbuf_len) {
*p == 0x2b || // No '+'
(*p & ~0x7f)) { // And generally no non-ascii chars
(void) fprintf(stderr, "Rejecting suspicious path: [%s]", buf);
buf[0] = '\0';
wbuf[0] = L'\0';
} else {
// Convert to Unicode and back. If doubly-converted string does not
// match the original, something is fishy, reject.
MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, (int) wbuf_len);
WideCharToMultiByte(CP_UTF8, 0, wbuf, (int) wbuf_len, buf2, sizeof(buf2),
NULL, NULL);
if (strcmp(buf, buf2) != 0) {
wbuf[0] = L'\0';
}
}
(void) MultiByteToWideChar(CP_UTF8, 0, buf, -1, wbuf, (int) wbuf_len);
}
#if defined(_WIN32_WCE)