aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrás Veres-Szentkirályi <[email protected]>2011-08-26 02:52:19 +0200
committerAndrás Veres-Szentkirályi <[email protected]>2011-08-26 02:52:19 +0200
commita93679550d8caac290ab4fe355c77ca7ed3ae18d (patch)
tree249ade4ef09a7ce77828ae6fe031d27034131320
parent4a5a75811e2cd590b5c94f71864a5245fd511ccf (diff)
downloadotp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.tar.gz
otp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.tar.bz2
otp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.zip
Fix httpd directory traversal on Windows
Although the validation in httpd_request works well on platforms using forward slash as directory separator, on Windows systems, this protection can be circumvented using URLs containing backslashes. This way, any file accessible to the user running the server (even those outside the document root) can be read through HTTP. This commit solves the problem by expanding the list of path separators to '/\\'.
-rw-r--r--lib/inets/src/http_server/httpd_request.erl2
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl
index 7084d9824a..d2d354d17d 100644
--- a/lib/inets/src/http_server/httpd_request.erl
+++ b/lib/inets/src/http_server/httpd_request.erl
@@ -313,7 +313,7 @@ validate_uri(RequestURI) ->
{error, {bad_request, {malformed_syntax, RequestURI}}};
_ ->
Path = format_request_uri(UriNoQueryNoHex),
- Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938
+ Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938
validate_path( Path2,0, RequestURI)
end.