Browse Source

[mod_userdir] security: skip username "." and ".."

On systems without getpwnam(), disallow username "." and "..", and
disallow usernames beginning with '.' if userdir.letterhomes = "enabled"
personal/stbuehler/fix-fdevent
Glenn Strauss 3 years ago
parent
commit
7e20dc6a42
  1. 17
      src/mod_userdir.c

17
src/mod_userdir.c

@ -268,21 +268,17 @@ URIHANDLER_FUNC(mod_userdir_docroot_handler) {
buffer_copy_string(p->temp_path, pwd->pw_dir);
#endif
} else {
char *cp;
char *cp = p->username->ptr;
/* check if the username is valid
* a request for /~../ should lead to a directory traversal
* limiting to [-_a-z0-9.] should fix it */
if (cp[0] == '.' && (cp[1] == '\0' || (cp[1] == '.' && cp[2] == '\0'))) {
return HANDLER_GO_ON;
}
for (cp = p->username->ptr; *cp; cp++) {
for (; *cp; cp++) {
char c = *cp;
if (!(c == '-' ||
c == '_' ||
c == '.' ||
(c >= 'a' && c <= 'z') ||
(c >= 'A' && c <= 'Z') ||
(c >= '0' && c <= '9'))) {
if (!(light_isalnum(c) || c == '-' || c == '_' || c == '.')) {
return HANDLER_GO_ON;
}
}
@ -293,6 +289,7 @@ URIHANDLER_FUNC(mod_userdir_docroot_handler) {
buffer_copy_buffer(p->temp_path, p->conf.basepath);
buffer_append_slash(p->temp_path);
if (p->conf.letterhomes) {
if (p->username->ptr[0] == '.') return HANDLER_GO_ON;
buffer_append_string_len(p->temp_path, p->username->ptr, 1);
buffer_append_slash(p->temp_path);
}

Loading…
Cancel
Save