tyler
/
proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

santtize paths in handle_request

This commit is contained in:
Dietmar Maurer 2018-11-12 13:19:53 +01:00
parent a0efdca18b
commit 198fab6f2a
1 changed files with 17 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/main.rs
View File

@ -219,13 +219,24 @@ fn handle_request(req: Request<Body>) -> BoxFut {
let path = parts.uri.path(); let path = parts.uri.path();
// normalize path // normalize path
let components: Vec<&str> = path.split('/').filter(|x| !x.is_empty()).collect(); // do not allow ".", "..", or hidden files ".XXXX"
// also remove empty path components
let items = path.split('/');
let mut path = String::new();
let mut components = vec![];
for name in items {
if name.is_empty() { continue; }
if name.starts_with(".") {
http_error_future!(BAD_REQUEST, "Path contains illegal components.\n");
}
path.push('/');
path.push_str(name);
components.push(name);
}
let comp_len = components.len(); let comp_len = components.len();
let path = components.iter().fold(String::new(), |mut acc, chunk| {
acc.push('/');
acc.push_str(chunk);
acc
});
println!("REQUEST {} {}", method, path); println!("REQUEST {} {}", method, path);
println!("COMPO {:?}", components); println!("COMPO {:?}", components);