diff options
author | András Veres-Szentkirályi <[email protected]> | 2011-08-26 02:52:19 +0200 |
---|---|---|
committer | András Veres-Szentkirályi <[email protected]> | 2011-08-26 02:52:19 +0200 |
commit | a93679550d8caac290ab4fe355c77ca7ed3ae18d (patch) | |
tree | 249ade4ef09a7ce77828ae6fe031d27034131320 | |
parent | 4a5a75811e2cd590b5c94f71864a5245fd511ccf (diff) | |
download | otp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.tar.gz otp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.tar.bz2 otp-a93679550d8caac290ab4fe355c77ca7ed3ae18d.zip |
Fix httpd directory traversal on Windows
Although the validation in httpd_request works well on platforms using
forward slash as directory separator, on Windows systems, this
protection can be circumvented using URLs containing backslashes.
This way, any file accessible to the user running the server (even
those outside the document root) can be read through HTTP. This commit
solves the problem by expanding the list of path separators to '/\\'.
-rw-r--r-- | lib/inets/src/http_server/httpd_request.erl | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/inets/src/http_server/httpd_request.erl b/lib/inets/src/http_server/httpd_request.erl index 7084d9824a..d2d354d17d 100644 --- a/lib/inets/src/http_server/httpd_request.erl +++ b/lib/inets/src/http_server/httpd_request.erl @@ -313,7 +313,7 @@ validate_uri(RequestURI) -> {error, {bad_request, {malformed_syntax, RequestURI}}}; _ -> Path = format_request_uri(UriNoQueryNoHex), - Path2=[X||X<-string:tokens(Path, "/"),X=/="."], %% OTP-5938 + Path2=[X||X<-string:tokens(Path, "/\\"),X=/="."], %% OTP-5938 validate_path( Path2,0, RequestURI) end. |