diff options
| author | Slávek Banko <slavek.banko@axis.cz> | 2017-10-14 18:50:54 +0200 |
|---|---|---|
| committer | Slávek Banko <slavek.banko@axis.cz> | 2017-10-14 18:50:54 +0200 |
| commit | 68cb29a12f8f2a336088f087cdbc9e0e7aa92ae5 (patch) | |
| tree | b1a8739116bd994e85cfa4ac8a275b49678ba00b /libvncserver/httpd.c | |
| parent | 27bc3dba7089268b0247e91957fff498a43d08dc (diff) | |
| parent | 8415ff4c3517c6697d53e1a17bba35284f480891 (diff) | |
| download | libtdevnc-68cb29a12f8f2a336088f087cdbc9e0e7aa92ae5.tar.gz libtdevnc-68cb29a12f8f2a336088f087cdbc9e0e7aa92ae5.zip | |
Merge tag 'LibVNCServer-0.9.11' of https://github.com/LibVNC/libvncserver
Conflicts:
CMakeLists.txt
libvncserver/main.c
Diffstat (limited to 'libvncserver/httpd.c')
| -rw-r--r-- | libvncserver/httpd.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/libvncserver/httpd.c b/libvncserver/httpd.c index 12d71a8..8634b15 100644 --- a/libvncserver/httpd.c +++ b/libvncserver/httpd.c @@ -81,9 +81,7 @@ "<HEAD><TITLE>Invalid Request</TITLE></HEAD>\n" \ "<BODY><H1>Invalid request</H1></BODY>\n" -#define OK_STR "HTTP/1.0 200 OK\r\nConnection: close\r\n\r\n" -#define OK_STR_HTML "HTTP/1.0 200 OK\r\nConnection: close\r\nContent-Type: text/html\r\n\r\n" - +#define OK_STR "HTTP/1.0 200 OK\r\nConnection: close\r\n" static void httpProcessInput(rfbScreenInfoPtr screen); @@ -192,7 +190,7 @@ rfbHttpCheckFds(rfbScreenInfoPtr rfbScreen) } tv.tv_sec = 0; tv.tv_usec = 0; - nfds = select(max(rfbScreen->httpListen6Sock, max(rfbScreen->httpSock,rfbScreen->httpListenSock)) + 1, &fds, NULL, NULL, &tv); + nfds = select(rfbMax(rfbScreen->httpListen6Sock, rfbMax(rfbScreen->httpSock,rfbScreen->httpListenSock)) + 1, &fds, NULL, NULL, &tv); if (nfds == 0) { return; } @@ -423,6 +421,14 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen) } } + /* Basic protection against directory traversal outside webroot */ + + if (strstr(fname, "..")) { + rfbErr("httpd: URL should not contain '..'\n"); + rfbWriteExact(&cl, NOT_FOUND_STR, strlen(NOT_FOUND_STR)); + httpCloseSock(rfbScreen); + return; + } /* If we were asked for '/', actually read the file index.vnc */ @@ -446,10 +452,18 @@ httpProcessInput(rfbScreenInfoPtr rfbScreen) return; } - if(performSubstitutions) /* is the 'index.vnc' file */ - rfbWriteExact(&cl, OK_STR_HTML, strlen(OK_STR_HTML)); - else - rfbWriteExact(&cl, OK_STR, strlen(OK_STR)); + rfbWriteExact(&cl, OK_STR, strlen(OK_STR)); + char *ext = strrchr(fname, '.'); + char *contentType = ""; + if(ext && strcasecmp(ext, ".vnc") == 0) + contentType = "Content-Type: text/html\r\n"; + else if(ext && strcasecmp(ext, ".css") == 0) + contentType = "Content-Type: text/css\r\n"; + else if(ext && strcasecmp(ext, ".svg") == 0) + contentType = "Content-Type: image/svg+xml\r\n"; + rfbWriteExact(&cl, contentType, strlen(contentType)); + /* end the header */ + rfbWriteExact(&cl, "\r\n", 2); while (1) { int n = fread(buf, 1, BUF_SIZE-1, fd); |